Date
January 5th, 2016
Attendees
Goals
- IRM in the Wild Discussion & Examples - Working Through the Principles
Discussion Items
| Time | Item | Who | Notes |
|---|---|---|---|
| 2 mins | Kantara IPR | Sal | |
| 2 mins | Roll Call | Sal |
|
| 4 mins | Minutes/Notes Update | Sal |
|
| 5 mins | Principles | Sal |
|
| 40 mins | IRM in the Wild | All |
|
| 1 min | Other Admin | All |
|
| 1 min | AoB | All |
|
Action Items
Former user (Deleted) Identity Assurance group will be meeting with FICAM for a workshop - will send link for this event
Submitted Links
Submitted by Former user (Deleted):
- Tue-Wed Jan 12-13: NSTIC Workshop: Applying Measurement Science in the
Identity Ecosystem http://www.nist.gov/nstic/events.html - Wed evening Jn 13: “Privacy Papers for Policy Makers” - A discussion of leading privacy research https://fpf.org/2015/12/15/privacy-papers-for-policymakers/
- Thu Jan 14: FTC PrivacyCon https://www.ftc.gov/news-events/events-calendar/2016/01/privacycon
Submitted by Thorsten Niebuhr (Unlicensed):
Here is the link on Entity Relationship Management / Semantics. Whitepaper is only available as german version right now, translation is planned to be done by end of next week
http://www.wedacon.net/entity-relationship-management
High-level Topics Covered
- Role call
- IRP Update
- Principles Update - v.1.1
- IRM in the Wild
- Worked through DNS as IRM Use Case
Detailed Meeting Notes
IPR Policy
- Kantara looking at Contribution approach that OpenID is using - having one IPR policy across all the groups - taking up at the board level
Roll & New Intros
- Thornsten brief intro
- Going to see what notes from last calls
Ian is out - but will be running through the principles again shortly - possibly use what comes out of the NIST workshop next week - going to want 3-4 people to have working group to go through the v.1.1 of the principles - will be asking for volunteers soon
Asking who is going to - NIST Workshop & PrivacyCon links being sent by Steve - will be sent to group and put in minutes [Included Below in Links]
Scott - will be at NIST workshop - Thursday - Identity Assurance group will be meeting with FICAM for a workshop - agenda up in the air - intended to be for Identity Assurance, Assessors, and CSPs to meet - link for this event to be sent as well [Open Action Item]
Idea is to draft 1.1 version of principles - confirm or deny if IRM is a "thing" or not - or should it be under "ABAC" for example
Way to determine is to document use cases and measure against principles we have so far - represent in a matrix
[ Reference: Matrix of IRM in the Wild]
Last call - spreadsheet development - talked about migration - questionable and went through principles and applicability - trying to answer - is there a unique case of IRM being done?
Does anyone have anything to throw out for a use case?
Scott - is IRM a separate thing which deserves paying attention to? - Yes absolutely - going on since IT and the internet - relationships which must be managed - other ways to maintain identity space
Sal - Ian & Sal is skeptical if they have an example of IRM - show a case of it and tell me why it is relationship management?
Scott giving example of Domain Space
Sal - you believe that is a case of IRM which exists - take DNS as a use case then? Go through the principles and it would work?
Scott - it would apply to a lot of the attributes
Kim - does it have to meet all principles?
Sal - there will be examples which it meets some but not fully; To define use cases it is okay to look for fully applicable; At this point;
Kim - at some point after looking at use cases we would then have to determine what doesn't make it IRM
Sal - yes exactly what we are trying to accomplish
Scott - probably not going to be black & white as to when it is or isn't - going to meet a few of the principles
Sal - we are working through the principles at the same time so it will be "push and pull" in different directions
Scott - DNS - and IP address to a Domain Name - registrant has to provide details about themselves, etc.
Working through DNS in IRM-in-the-Wild-Dashboard spreadsheet - (See Notes There)
- Worked through each principle and decided whether or not it applied
- Discussion around "immutable" - definitely applies - serves the purpose of immutability
- Adrian - talking about the replacements to DNS with various architectures (e.g., Block Chain, etc.) - something we are doing could inform that process - that would be interesting
- Scott in agreement
- Google OneName, and NameCoin for more information on Block Chain
- Adrian came up with another piece to this space - configuration management - thinking about scaling of identity - "promise theory" - eye opening way of looking at IRM - people out there looking at configuration of large-scale systems and the scalability of them - so for example when they see DNS - they cringe - it is brittle, not scalable, too centralized
- Sal - some there is registration and some there is use - need distributed autonomous things - completely agree - Promise Theory gives us a nice set to compare against our principles
- Scott - Provable would be a difference between DNS and Block Chain
- Sal - likes going through this and gathering related things - should we go through Block Chain and Distributed Hashes?
- Scott - interesting on Immutable - IP addresses which are mutable - ID of the individual which registered the records is not supposed to be mutable - both sides (immutable & mutable) show up
- Sal - challenging because DNS is at a lower level
- Continue to go through the Principles…
- Completed going through principles for DNS
Thornsten - entity relationship management and semantic whitepaper - going to send link
Sal - architectural principles - these may be applicable there - makes a lot of sense - going to put Promise Theory in autonomous for now