February 27, 2014 Meeting Page: Difference between revisions
Jump to navigation
Jump to search
m (2 revisions imported: Initial Upload of old pages from IDESG Wiki) |
(No difference)
|
Latest revision as of 03:58, 28 June 2018
SECURITY COMMITTEE / FUNCTIONAL MODEL MEETING NOTES - draft
Meeting Date: February 27, 2014
ATTENDEES
- Adam Madlin
- Andrew Hughes
- Ann Racuya-Robbins
- Bev Corwin
- Cathy Tilton
- Chan Lim
- Christopher Spottiswoode
- David Temoshok
- John Stearns
- Jonathan Rosenberg
- Kate Kingberger
- Mark C. Wallace
- Ryan Galluzzo
- Seetharama Durbha
MEETING NOTES
- Roll call; Completed an informal quorum calculation. Confirmed that we have quorum.
- IPR policy reminder -
- Note talking volunteer? Chan Lim taking meeting notes.
- Review and edit agenda – no updates
- Spprove meeting notes from last meeting
- Further discussion on next plenary activities - Adam led discussion, suggesting possible topics or approaches:
- The Functional Model breakout meeting at the plenary will be a working session, continuing the current active work
- What about any presentations or joint meetings? No comments.
- Without another plan, could present the state of work related to use case analysis relative to draft functional elements.
- Adam asks - Is there an opportunity for something else, something more? No comments.
- Meeting on Interim ecosystem?
- Attribute AHG update
- This AHG meets every other Friday
- Ann provided a reference - Attribute Based Access Control Workshop hosted by NIST (http://www.nist.gov/itl/csd/attribute-based-access-control-workshop-july-17-2013.cfm). The primary deliverable for the AHG is a white paper for Attribute Based Access
- Jonathan Rosenberg offered to participate.
- Adam provided another reference - the National Cybersecurity Center of Excellence (NCCoE) has drafted a building block addressing attribute based access control (http://csrc.nist.gov/nccoe/Building-Blocks/abac.html). He recommended engaging with the team.
- Adam gave feedback on his presentation of the Draft Functional Elements to the TFTM committee. There was good discussion and feedback including:
- Possible missing functions – contextual or step-up authentication, non-authentication attribute verification requests
- Trust framework operations and elements. Agreed not for the functional elements of the identity management workflow
- Also discussed the correct boundaries of the identity workflow. How far into the RP area does it extend?
- Adam - I’ve reached out to the Standards Committee, who chartered the Use Case AHG, to discuss how we can collaborate with them on completing our use case/Functional Element analyses and resolving our questions and issues. I’ve received some feedback from our committee members working on the Use Case analyses with issues and concerns that highlight, to me, the need for collaboration with the use case group and authors to be able to complete our work. Some of the issues that were raised to me were valid questions about the use cases that have come up and impact the analyses, gaps in the use cases or the functional elements, and potential definitional/consistency concerns between the use cases and functional elements. We will attempt to start addressing these by working more closely with the group directly, which we’ll discuss further at this week’s meeting. In the meantime please clearly document any questions, issues, concerns or feedback that come up in your analysis so that we can get them addressed.
- Use Case Analysis Feedback and discussion
- Cathy Tilton shared feedback from the Standards Coordination Committee
- May need to re-engage to discuss broker, missing elements, and sub-functions
- Consider adding the content authentication?
- Ryan - this is still same process as Authentication.
- Andrew - this can be an extension of Authentication service
- David – there are attributes to exchange for accessing additional resource depending upon application rule and may not a primary element.
- Ann - policy is an important element on privacy perspective
- Team agreed that Authentication attribute is a part of Registration
- There are two use case that will be reviewed next meeting
- Propose to have a join meeting with the Use Case AHG starting next week
- Perhaps we should re-visit the human trust interaction?
- Cathy Tilton shared feedback from the Standards Coordination Committee
- Assignments for next week
- Adam - I am initiating a smaller group meeting (one meeting for now) to start planning the Security Evaluation Methodology and would like to have this session next week. Please complete the following doodle poll to express your interest and available times. http://www.doodle.com/ndkyhfm8dgm9u3mf
- Ann requested that we keep the recording link for last week’s meeting available for at least another week. Agreed.
ACTION ITEMS
- Everyone to brainstorm about presentation and approach for upcoming plenary.
- Everyone to make as much progress on their use case analysis.
- Will continue to review use case analysis results at next meeting, with a goal to make sufficient progress in time to have a complete (holistic) feedback session at the next plenary.
Quick Links: Security Committee | Functional Model | Security Committee Meeting Notes | Security Committee Content