September 25, 2014 Meeting Page: Difference between revisions
Jump to navigation
Jump to search
m (3 revisions imported: Initial Upload of old pages from IDESG Wiki) |
(No difference)
|
Latest revision as of 04:04, 28 June 2018
SECURITY COMMITTEE / FUNCTIONAL MODEL MEETING NOTES
Meeting Date: September 25, 2014
Attendees
- Aaron Guzman
- Adam Madlin
- Adam Migus
- Ann Racuya-Robbins
- Bev Corwin
- Christopher Spottiswoode
- David Temoshok
- Hans Vargas
- Linda Braun
- Martin Smith
- Miguel Ballesteros
- Mike Garcia
- Paul Knight (OASIS)
- Robert Faron
- Ryan Galluzzo
- Sal D’Agostino
- Suzanne Lightman
Meeting Notes
- Notes taken by Adam Migus
- Roll call; Quorum determination
- IPR policy reminder - https://www.idecosystem.org/system/files/filedepot/103/IDESG%20IPR%20Policy.pdf
- Administrative
- Hans (Last Name?) would like to become a member of the Security Committee
- Priorities and Work
- Requirements is our highest priority
- At the Plenary we agreed upon a process to create, consolidate and collect feedback on them within the timeframe proposed by IDESG leadership.
- the next version of the Functional Model seems to be the work that most committee members are interested in working on.
- Requirements is our highest priority
- Functional Model
- Madman congratulated everyone now that version 1 has been approved by the Plenary
- we had a brief discussion about how the document will be maintained going forward
- the security committee will be responsible for the maintenance
- Now that it’s out we would like to publicize it.
- Madman will look into how the IDESG can announce it on the website and social media like Twitter
- Mike said that the NPO plans to publish a post plenary blog and it will talk about the FM approval; he said they'd be happy to cross-reference posts, do retweets or otherwise promote IDESG sourced materials
- Madman congratulated everyone now that version 1 has been approved by the Plenary
- Requirements
- Martin commented that Trust Framework Providers ought to be included in the FM because they need to be accounted for in the requirements
- Ryan replied that we cover that by way of having governance and accountability in the FM
- Madman added that the first version of the requirements should focus on the participants of the ecosystem then we can look at the requirements for other layers like governance
- Ryan walked through the process we agreed upon at the Plenary:
- Collection period
- Consolidation period
- create a questionnaire to be given to the pilots and other would-be implementers
- A process document that outlines the above to explain how we did what we did.
- the questionnaire will be designed to get feedback on reasonability, completeness, relation to reality and general feedback such as "would you be willing to self-attest."
- Sal drew the distinction between the pilots and government agencies vs. the smaller firms without the specialized knowledge and robust controls; we need something that helps with both
- Adam brought up the broader baseline discussion and the need for clarity about what that means and how it relates to self-attestation
- Martin commented that Trust Framework Providers ought to be included in the FM because they need to be accounted for in the requirements
Actions
- Madman to add Hans as a member of the security committee
- Madman to seek clarity on the baseline definition from IDESG leadership
Quick Links: Security Committee | Functional Model | Security Committee Meeting Notes | Security Committee Content