February 13, 2014 Meeting Page: Difference between revisions
Jump to navigation
Jump to search
m (3 revisions imported: Initial Upload of old pages from IDESG Wiki) |
(No difference)
|
Latest revision as of 03:58, 28 June 2018
SECURITY COMMITTEE / FUNCTIONAL MODEL MEETING NOTES
Meeting Date; February 13, 2014
ATTENDEES
- Adam Madlin
- Chan Lim
- Jonathan Rosenberg
- Ryan Galluzzo
- Sal D’Agostino
- Seetharama Durbha
- Steve Orrin
- Win Baylies
- Cathy Tilton
- Charles Palmer
- Jerry Kickenson
- Kennie Kwong
MEETING NOTES
- Web problem – so session recording was necessary. Link to recording will be available for limited time after meeting; Adam will advise how long.
- Roll call was taken
- Next week’s goals:
- USE Case Gap Analysis with 4-party Authentication
- New – Functional Model Work Plan page now on the wiki.
- Use Case Mapping Template is included [not actually a Gap Analysis, but will help] – see below
- All-Chairs – meet bi-weekly
- IPR Policy has been reviewed
- 12 attendees this week
- Next week – meeting practices review
- Elections are open until 2/19 8.00 pm EST
- Last week’s meeting minutes - no questions, approved
- Use Case 4-party Authentication & Authorization Template (Excel), 3 tabs
- Use Case
- Mapping template
- Diagram
- Use Case Committee wiki has some individual cases. Functional elements, actors and their roles are identified on the wiki. Sal’s comment:
- This is Registration [multiple terms/uses] for the Application – by relying party. A “white list” could be added if desired.
- It also validates the functional element, as defined in the Use Case. If problems arise, let Cathy Tilton know.
- This iterative process will require several steps after 1st iteration
- Gap Analysis Tools – suggestions:
- Add graphics
- Colorize
- May need registration by the Relying Party
- Diagram – will need something from the very beginning; i.e., a workable set of visuals that can be worked back into Cathy Tilton’s specifications
- Functional Model, attached to Adam’s e-mail / agenda, will be reviewed, updated by Adan following today’s meeting.
- Last week’s discussion – topics are proceeding, Adam will post Sal’s meeting notes. Use case selection to be discussed later today.
- Functional Model. Adam will present our current work Feb 26th to Trust Framework Committee, called “Draft Functional Elements”. To include schedules for
- Deliverables release
- Feedback
- Update
- Publish
- Review above in ~ 2 weeks
- Gap Analysis – 14 current use Cases will be examined using gap analysis templates (on-line wiki sources), or other gap analysis tools, for existing models – NSTIC, others, NSTIC Pilots, Daon Model, . . . etc. Art suggested the teams identify existing gap analysis tools and which ones could apply to NSTIC identity systems. For instance:
- InCommon Identity Assurance Package
- NIST 800-63
- 4-party Authentication
- Daon Componentized Services / Credential Services
- Ryan Galluzzo will examine these and report next week
- Next Steps
- Analysis work off-line [see list] on current Use Cases
- Review results
- Target 1st-pass review next week. Adam will write a guideline and Ryan Galluzzo will supply a template for this work.
- Adam will supply a Functional Model list.
- Check visuals against anticipated use for each functional element: are the elements in current figures sufficient? What others are needed?
- How can we communicate with others? Go to Use Case wiki, find participants (some may be listed).
- Win: How long to do this? A: 3-4 hours; most or which is the diagram. Use Case requires 100% mapping of Columns A – D, to understand what’s been documented
- Adam copied his Use Case into 1st fab. Next: review schedule, when completed, post on wiki and advise ListServ members. Hopefully, 1 – 2 more Use Cases will be ready for review at next week’s teleconference. 2 weeks later begin next phase for these Cases.
- Next week: plenary planning. Several committee members are presenting.
- Sal: Why is Registration only for some elements? How to include this in Use Case(s)? Identity Mapping is useful but not mandatory. We have to assume Use Case work is correct – if problems, feedback to Cathy Tilton’s group. Assumptions / Description – iterative editing/updating process.
- Q: What in the Mapping Section represents a “Gap”? How identify it (maybe color)?
- Authentication process:
- Access Request
- Credential Presentation
- Credential Validation
- Identity Mapping
- Authentication Decision
- Diagram is a place-holder – good place to get input from current developer.
- Q: to Cathy - Need a workable set of visuals to work into a diagram.
- Process Flow information is encouraged but not required
- Use case deliverable ~done, continuous improvement underway
- Chair resigned, seeking replacement
- Improvement suggestions: contact Cathy. Use “Post a Comment on the Discussion Page”. Need to be logged in.
- Adam copied Use Case section, imported into his Use Case. Once a set is complete, it will be entered into wiki, to be shared by ListServ notification, review placed on next meeting’s agenda.
- Q: - Is there a better way? No suggestions. Hopefully, we’ll soon have couple more Use Cases; Adam will post these, put into queue for Committee review. In ~ 2 weeks, assign work from other models.
- Next month: Plenary
- what and how do we want to share?
- What’s reasonable and achievable?
- Need more members involved at Plenary
- Jonathan: wants to vote; first submit signed application. An application was promised.
Quick Links: Security Committee | Functional Model | Security Committee Meeting Notes | Security Committee Content