Omaerz: 3 revisions imported: Initial Upload of old pages from IDESG Wiki

2018-06-28T03:58:46Z

3 revisions imported: Initial Upload of old pages from IDESG Wiki

New page

== SECURITY COMMITTEE / FUNCTIONAL MODEL MEETING NOTES ==

Meeting Date; February 13, 2014<br />

'''ATTENDEES'''
*Adam Madlin
*Chan Lim
*Jonathan Rosenberg
*Ryan Galluzzo
*Sal D’Agostino
*Seetharama Durbha
*Steve Orrin
*Win Baylies
*Cathy Tilton
*Charles Palmer
*Jerry Kickenson
*Kennie Kwong

'''MEETING NOTES'''
#Web problem – so session recording was necessary. Link to recording will be available for limited time after meeting; Adam will advise how long.
#Roll call was taken
#Next week’s goals:
##USE Case Gap Analysis with 4-party Authentication
#New – Functional Model Work Plan page now on the wiki.
##Use Case Mapping Template is included [not actually a Gap Analysis, but will help] – see below
#All-Chairs – meet bi-weekly
##IPR Policy has been reviewed
##12 attendees this week
##Next week – meeting practices review
##Elections are open until 2/19 8.00 pm EST
##Last week’s meeting minutes - no questions, approved
#Use Case 4-party Authentication & Authorization Template (Excel), 3 tabs
##Use Case
##Mapping template
##Diagram
#Use Case Committee wiki has some individual cases. Functional elements, actors and their roles are identified on the wiki. Sal’s comment:
##This is Registration [multiple terms/uses] for the Application – by relying party. A “white list” could be added if desired.
##It also validates the functional element, as defined in the Use Case. If problems arise, let Cathy Tilton know.
##This iterative process will require several steps after 1st iteration
#Gap Analysis Tools – suggestions:
##Add graphics
##Colorize
##May need registration by the Relying Party
##Diagram – will need something from the very beginning; i.e., a workable set of visuals that can be worked back into Cathy Tilton’s specifications
#Functional Model, attached to Adam’s e-mail / agenda, will be reviewed, updated by Adan following today’s meeting.
#Last week’s discussion – topics are proceeding, Adam will post Sal’s meeting notes. Use case selection to be discussed later today.
#Functional Model. Adam will present our current work Feb 26th to Trust Framework Committee, called “Draft Functional Elements”. To include schedules for
##Deliverables release
##Feedback
##Update
##Publish
##Review above in ~ 2 weeks
#Gap Analysis – 14 current use Cases will be examined using gap analysis templates (on-line wiki sources), or other gap analysis tools, for existing models – NSTIC, others, NSTIC Pilots, Daon Model, . . . etc. Art suggested the teams identify existing gap analysis tools and which ones could apply to NSTIC identity systems. For instance:
##InCommon Identity Assurance Package
##NIST 800-63
##4-party Authentication
##Daon Componentized Services / Credential Services
##Ryan Galluzzo will examine these and report next week
#Next Steps
##Analysis work off-line [see list] on current Use Cases
##Review results
##Target 1st-pass review next week. Adam will write a guideline and Ryan Galluzzo will supply a template for this work.
##Adam will supply a Functional Model list.
##Check visuals against anticipated use for each functional element: are the elements in current figures sufficient? What others are needed?
#How can we communicate with others? Go to Use Case wiki, find participants (some may be listed).
##Win: How long to do this? A: 3-4 hours; most or which is the diagram. Use Case requires 100% mapping of Columns A – D, to understand what’s been documented
##Adam copied his Use Case into 1st fab. Next: review schedule, when completed, post on wiki and advise ListServ members. Hopefully, 1 – 2 more Use Cases will be ready for review at next week’s teleconference. 2 weeks later begin next phase for these Cases.
#Next week: plenary planning. Several committee members are presenting.
#*Sal: Why is Registration only for some elements? How to include this in Use Case(s)? Identity Mapping is useful but not mandatory. We have to assume Use Case work is correct – if problems, feedback to Cathy Tilton’s group. Assumptions / Description – iterative editing/updating process.
#*Q: What in the Mapping Section represents a “Gap”? How identify it (maybe color)?
#Authentication process:
#*Access Request
#*Credential Presentation
#*Credential Validation
#*Identity Mapping
#*Authentication Decision
#Diagram is a place-holder – good place to get input from current developer.
#*Q: to Cathy - Need a workable set of visuals to work into a diagram.
#*Process Flow information is encouraged but not required
#*Use case deliverable ~done, continuous improvement underway
#*Chair resigned, seeking replacement
#*Improvement suggestions: contact Cathy. Use “Post a Comment on the Discussion Page”. Need to be logged in.
#Adam copied Use Case section, imported into his Use Case. Once a set is complete, it will be entered into wiki, to be shared by ListServ notification, review placed on next meeting’s agenda.
#*Q: - Is there a better way? No suggestions. Hopefully, we’ll soon have couple more Use Cases; Adam will post these, put into queue for Committee review. In ~ 2 weeks, assign work from other models.
#Next month: Plenary
#*what and how do we want to share?
#*What’s reasonable and achievable?
#*Need more members involved at Plenary

*Jonathan: wants to vote; first submit signed application. An application was promised.
<br />

{{FMWGNavBar}}

February 13, 2014 Meeting Page - Revision history

Omaerz: 3 revisions imported: Initial Upload of old pages from IDESG Wiki