Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Kantara eGov Working Group Teleconference


(CONTAINS ROUGH NOTES -  TO BE EDITED FURTHER!)

Administrative section

Date and Time

  • Date: 4. Nov 2012
  • Time: 11:00 PDT | 14:00 EDT | 20:00 CET | 07:00 NZ(+1)

Attendees

John Bradley, Ping

Sal D’Agostino, ID Machines, USA

Alan Foster, ForgeRock

Rainer Hoerbe, Kismed, Austria

Denny Prvu, CA

Bob Sunday

Keith Uber, Ubisecure

Colin Wallis, DIA NZ Govt, NZ

Apologies

Thomas Grundel, IT Crew, Denmark

 

Minutes

Minute taker: Keith.

Quorate call: 7 of 13 voting members. Bob is currently non-voting.

June 4th minutes approved. Colin moved, Denny seconded.

Agenda

eGov Charter Repositioning

An e-vote of the eGov members was held at the end of September (and approved the new Charter), after which this should have gone to LC for approval. There was no time on the 10 Oct LC Call. The LC will vote on the 7 Nov call.

3. eGov Membership Invitation Letter
- Status report from Colin

Rainer sent the letter already to a Dutch representative. No response back yet.
Add Jaag Kooper (?) to Dutch list.
Colin to dig up the Dutch ebook author.
Keith Williamsy (OpenID Board Member)
The letter won't be sent until the letter is approved by LC.
More names are connected.
List of contacts is not for redistribution or publication.
Letter will be sent by Joni under her name.

The LC call will be on the same day and time as the next NSTIC call.

4. Face to Face meeting, Washington DC, 31stOct/Nov 1st
- Report from Colin
- any LC issues         

Canceled due to Hurricane Sandy


5. Privacy Enhanced WebSSO
Proposal of a new work item from Rainer: CA, NZ and now UK have extended SAML WebSSO or are in the process to do so to implement a non-tracability requirement for identity and attribute providers. A collection and comparison of approaches, architectural designs and extensions of SAML profiles would be useful in particular for private-public federations.


Colin present the requirements of NZ
you can't move personal information from one domain to another without specific user consent.
the best way in their opinion is to get consent at the time of the event
SAML AQ profile was ideal, but is backchannel.
NZ had requested a browser-based binding of AQ?

John Bradley:
AQ is broken in a few ways.
It does not support actually support evidence of consent. THe consent is collected by the wrong party (SP, not the IDP).

In the UK, they had a similar situation (Matt Trigg?)
NZ used a mix of back and front channel techniques based on the use case, including use of WS-Trust.
The Change Notify protocol OASIS SSTC (Phil Hunt, Oracle) works in the front channel. The title is strange, but the flow seems to work for front channel interactions
David Simonsons of WAYF.dk can do front (spring flicker?) and back channel attribute exchange. Front channel was a proposal in a TERENA pilot project. It was found to be unstable in the case of when multiple attributes need to be queried in sequence.

How many use cases have more than one Attribute Provider in addition to the IDP.

NZ is building a consent service to get around a centralized consent register.
There are issues in getting the consent information and the user information at the same time.

John Bradley: Most people are doing this with oAuth.

Colin: The current architecture is SAML.

UK's matching service,

Allan:

idp
x2 attribute authority

Is it possible to standardize this in any way so that it would a solution used across multiple governments.

Internet2 has won a contract to provide a privacy-enhanced version.
uApprove style


----

10 dialogs vs one

How do you have multiple consent services, which could provide a common consent dialog?

It depends on what is the relationship between the attribute provider and the consent service.

1. UMA-like consent service
2. Attribute provider manages consent on their own

OIX attribute exchange network is looking at attribute release.

Colin: Would it not be better, to see what the funding possibilities are - are those projects which have got funding, are they usable in this case?

This new work item proposal is sufficiently overlapping with the NSTIC pilots - perhaps it's better to wait for them?

The work item would include:
Couple of stakeholders, privacy requirements, solutions and discussion
Not a standardization activity, rather a review of current solutions and needs
with a view for interoperability and standardization

Not too technology dependent (XML, JWT).

Steven Dunn
processed their first SAML assertion 3 or 4 weeks ago
building a proxy using OpenSAML to proxy basic SAML assertions
Matt Trick (UK) was concerned about the matching service on the Service Provider side
Holes in the concept
DWP deploying
Creating good practice guide for proofing on several dimensions

Scott Cantor has been reassigned.

Agree to collect the use cases and solutions on the eGov wiki.

If we can do that before the next call.

The UK is willing to release
CA stuff is open
NZ is posted (more coming)

Some way to compare.


We will collect material
Rainer: create page


6. Your agenda items.

 

 

A.O.B.

-

adjourned

  • No labels