February 13, 2014 Meeting Page

From IDESG Wiki
Jump to navigation Jump to search

SECURITY COMMITTEE / FUNCTIONAL MODEL MEETING NOTES

Meeting Date; February 13, 2014

ATTENDEES

  • Adam Madlin
  • Chan Lim
  • Jonathan Rosenberg
  • Ryan Galluzzo
  • Sal D’Agostino
  • Seetharama Durbha
  • Steve Orrin
  • Win Baylies
  • Cathy Tilton
  • Charles Palmer
  • Jerry Kickenson
  • Kennie Kwong

MEETING NOTES

  1. Web problem – so session recording was necessary. Link to recording will be available for limited time after meeting; Adam will advise how long.
  2. Roll call was taken
  3. Next week’s goals:
    1. USE Case Gap Analysis with 4-party Authentication
  4. New – Functional Model Work Plan page now on the wiki.
    1. Use Case Mapping Template is included [not actually a Gap Analysis, but will help] – see below
  5. All-Chairs – meet bi-weekly
    1. IPR Policy has been reviewed
    2. 12 attendees this week
    3. Next week – meeting practices review
    4. Elections are open until 2/19 8.00 pm EST
    5. Last week’s meeting minutes - no questions, approved
  6. Use Case 4-party Authentication & Authorization Template (Excel), 3 tabs
    1. Use Case
    2. Mapping template
    3. Diagram
  7. Use Case Committee wiki has some individual cases. Functional elements, actors and their roles are identified on the wiki. Sal’s comment:
    1. This is Registration [multiple terms/uses] for the Application – by relying party. A “white list” could be added if desired.
    2. It also validates the functional element, as defined in the Use Case. If problems arise, let Cathy Tilton know.
    3. This iterative process will require several steps after 1st iteration
  8. Gap Analysis Tools – suggestions:
    1. Add graphics
    2. Colorize
    3. May need registration by the Relying Party
    4. Diagram – will need something from the very beginning; i.e., a workable set of visuals that can be worked back into Cathy Tilton’s specifications
  9. Functional Model, attached to Adam’s e-mail / agenda, will be reviewed, updated by Adan following today’s meeting.
  10. Last week’s discussion – topics are proceeding, Adam will post Sal’s meeting notes. Use case selection to be discussed later today.
  11. Functional Model. Adam will present our current work Feb 26th to Trust Framework Committee, called “Draft Functional Elements”. To include schedules for
    1. Deliverables release
    2. Feedback
    3. Update
    4. Publish
    5. Review above in ~ 2 weeks
  12. Gap Analysis – 14 current use Cases will be examined using gap analysis templates (on-line wiki sources), or other gap analysis tools, for existing models – NSTIC, others, NSTIC Pilots, Daon Model, . . . etc. Art suggested the teams identify existing gap analysis tools and which ones could apply to NSTIC identity systems. For instance:
    1. InCommon Identity Assurance Package
    2. NIST 800-63
    3. 4-party Authentication
    4. Daon Componentized Services / Credential Services
    5. Ryan Galluzzo will examine these and report next week
  13. Next Steps
    1. Analysis work off-line [see list] on current Use Cases
    2. Review results
    3. Target 1st-pass review next week. Adam will write a guideline and Ryan Galluzzo will supply a template for this work.
    4. Adam will supply a Functional Model list.
    5. Check visuals against anticipated use for each functional element: are the elements in current figures sufficient? What others are needed?
  14. How can we communicate with others? Go to Use Case wiki, find participants (some may be listed).
    1. Win: How long to do this? A: 3-4 hours; most or which is the diagram. Use Case requires 100% mapping of Columns A – D, to understand what’s been documented
    2. Adam copied his Use Case into 1st fab. Next: review schedule, when completed, post on wiki and advise ListServ members. Hopefully, 1 – 2 more Use Cases will be ready for review at next week’s teleconference. 2 weeks later begin next phase for these Cases.
  15. Next week: plenary planning. Several committee members are presenting.
    • Sal: Why is Registration only for some elements? How to include this in Use Case(s)? Identity Mapping is useful but not mandatory. We have to assume Use Case work is correct – if problems, feedback to Cathy Tilton’s group. Assumptions / Description – iterative editing/updating process.
    • Q: What in the Mapping Section represents a “Gap”? How identify it (maybe color)?
  16. Authentication process:
    • Access Request
    • Credential Presentation
    • Credential Validation
    • Identity Mapping
    • Authentication Decision
  17. Diagram is a place-holder – good place to get input from current developer.
    • Q: to Cathy - Need a workable set of visuals to work into a diagram.
    • Process Flow information is encouraged but not required
    • Use case deliverable ~done, continuous improvement underway
    • Chair resigned, seeking replacement
    • Improvement suggestions: contact Cathy. Use “Post a Comment on the Discussion Page”. Need to be logged in.
  18. Adam copied Use Case section, imported into his Use Case. Once a set is complete, it will be entered into wiki, to be shared by ListServ notification, review placed on next meeting’s agenda.
    • Q: - Is there a better way? No suggestions. Hopefully, we’ll soon have couple more Use Cases; Adam will post these, put into queue for Committee review. In ~ 2 weeks, assign work from other models.
  19. Next month: Plenary
    • what and how do we want to share?
    • What’s reasonable and achievable?
    • Need more members involved at Plenary
  • Jonathan: wants to vote; first submit signed application. An application was promised.




Quick Links: Security Committee | Functional Model | Security Committee Meeting Notes | Security Committee Content