August 6, 2015 Meeting Page: Difference between revisions
Jump to navigation
Jump to search
m (3 revisions imported: Initial Upload of old pages from IDESG Wiki) |
(No difference)
|
Latest revision as of 03:00, 28 June 2018
SECURITY COMMITTEE / FUNCTIONAL MODEL MEETING NOTES - draft
Attendees
- Mary Ellen Condon
- Adam Madlin
- Adam Migus
- Ryan Galluzzo
- Christopher Spottiswoode
- Paul Knight
- Sal D’Agostino
- Martin Smith
- Ann Racuya-Robbins
- Linda Braun, Global Inventures
Meeting Notes
- Mary Ellen led the call. Notes taken by Linda Braun.
Agenda Review – as distributed by Mary Ellen in advance of the call (approved)
- Roll call; Quorum determination. Quorum was met.
- IPR policy reminder – https://www.idecosystem.org/system/files/filedepot/103/IDESG%20IPR%20Policy.pdf
- Approval of minutes for July 23, 2015 and July 30, 2015 pushed to next meeting.
Discussion Notes
- Redress Task Force work – Adam Migus
- First redress meeting took place on Tuesday. It was a spirited debate. There generally seemed to be more support for “harms” versus “rights” language. Everyone was asked to speak from the perspective of their own committee. From a Security Committee perspective, harms preferred. Jamie from FMO explained harms versus rights - harms has a higher bar and would probably get fewer cases of redress. If you have harms versus rights there is also the idea that harms is more broadly applicable. The redress team will meet again next week. Comments: There was agreement within the Security Committee position on harms. Mary Ellen thanked Adam for being the Security Committee’s representative on the redress committee.
- NSTIC Pilot Requirements – Task Force recommendations
- They resolved the concept of separation of duty – that is what they discussed this week. Requirement #14 – original change was made – compressed original line down to be consistent with logs in Requirement #3. And then Requirement #3 was changed to add reference to separation of duties.
- Outstanding issue remaining with the requirements package. Ryan had agreed to look at the “Applies To” section in the product that the FMO forward out a few months ago where they took their requirements and references and put together in a package. He thought he was looking at the Applies to Core Operations, already agreed to by this committee. But he looked at Applies to Roles as well. FMO had added these on their own and included federations, users and other items not fully defined in functional model and not discussed or approved by the SC. Not sure how to handle since the SC hadn’t reviewed and he wasn’t sure how to handle, given that they were due on August 7. Privacy committee is going to send their version with a recommendation that these items not being included in the original draft going out. The other approach - Ryan has gone through and made a best effort and where we had core operations, he went back to the functional model and added roles we had defined associated with core operations and added.
- Martin asked if federation had become a role. Next version of functional model might include. Federation is not a defined role in the current version of the functional model.
- Management Council is putting together a roadmap on the work that needs to get done in the next year. Updates to functional model will probably be part of that work. Security Committee will remove roles and focus on core operations.
- FMO updates – Paul Knight
- No news on the SME request; when a resource is assigned, the reference material should be able to be produced in a short time and included in the supplemental guidance before the plenary. Bandwidth issue and level of detail required is high.
- Since we can’t do a reference refresh by August 7, the SC course of action was discussed.
- FMO will work some flexibility into the process that won’t make the August 7 date.
- Paul reported that the Dashboard has been updated.
- New business
- None.
Wrap up and actions for next week
- Ryan indicated he will have at least one of the forms filled out for the standards adoption process that the committee could review at next week’s meeting.
- Next meeting: August 13, 2015
- Next Plenary is in Tampa, September 24 & 25, 2015. The Management Council meeting is September 23, 2015. A sponsorship package is available through M.A. Please contact him if your organization might be interested in becoming a sponsor.
- Meeting was adjourned at 1:48 p.m. EDT.
Action Items
- None
Quick Links: Security Committee | Functional Model | Security Committee Meeting Notes | Security Committee Content