June 27, 2017 UXC Meeting Page

USER EXPERIENCE COMMITTEE MEETING NOTES

Attendees:

• Mary Hodder
• Tom Jones
• Jamie Clark
• Jim Kragh
• Noreen Whysel
• Sal D'Agostino
• Linda Braun, Global Inventures

• Meeting Minutes
• The following minutes were approved
  
• Dec 13, 2016: https://wiki.idesg.org/wiki/index.php?title=December_13,_2016_UXC_Meeting_Page
  
• Dec 20, 2016: https://wiki.idesg.org/wiki/index.php?title=December_20,_2016_UXC_Meeting_Page
  
• Jan 10, 2017: https://wiki.idesg.org/wiki/index.php?title=January_10,_2017_UXC_Meeting_Page
  
• Jan 17, 2017: https://wiki.idesg.org/wiki/index.php?title=January_17,_2017_UXC_Meeting_Page
  
• Jan 24, 2017: https://wiki.idesg.org/wiki/index.php?title=January_24,_2017_UXC_Meeting_Page
  
• Jan 31, 2017: https://wiki.idesg.org/wiki/index.php?title=January_31,_2017_UXC_Meeting_Page
  
• Feb 7, 2017: https://wiki.idesg.org/wiki/index.php?title=February_7,_2017_UXC_Meeting_Page
  
• Feb 14, 2017: https://wiki.idesg.org/wiki/index.php?title=February_14,_2017_UXC_Meeting_Page
  
• Feb 21, 2017: https://wiki.idesg.org/wiki/index.php?title=February_21,_2017_UXC_Meeting_Page
  
• Feb 28, 2017: https://wiki.idesg.org/wiki/index.php?title=February_28,_2017_UXC_Meeting_Page
  

• Mary Hodder gave a brief update on the state of IDESG. IDESG is waiting to hear back from NIST on status of funding request and grant extension. A subgroup of the Board was put together to look at Board restructuring led by Jenn Behrens. The Board is now looking to lower the number of Board members; down from the current 19. Nominations are coming in now for Board members with elections taking place July 11. Expenses are being closely monitored. Board members have been asked to join IDESG as a paying member (individual or organization).

Chair's call taking place later today on election process. Mary invited the UXC to attend the meeting if interested.

Current Work and Activities Discussion:

• Mary commented that for the last few months, the UXC has been working on a project for relying parties. The meeting then went on to review Tom Jones' project on an RP system for IDESG: https://wiki.idesg.org/wiki/index.php?title=Best_Practices_and_Example_for_RP_System
  
• Tom has sent various documents for people to comment on. Tom went to a recent Privacy Committee meeting to provide details on this work. They talked about taking the existing requirements and modifying them instead of deleting Privacy15 or cast Privacy15 in a way that makes more sense. Need to distinguish what a relying party has versus what an identity service provider has. There is a difference. Tom showed a version of the identity model flows with the three board categories of entity. The separation of the Authorization from Identity and Attribute Providers ensures that identity tokens are never exposed to the unprotected internet. All three providers could be co-located in some cases. Any digital entity can, and probably will, have some sort of User Object. The relationships among the user objects on the provider side can get complex as is described in the full model.
• Tom also discussed User Experience at the RP's: User Experience at the RPs

The user needs to be able to understand the nature of the Identity Model that is the basis for the User Private Information held by the RP. The sample below shows on the left side a typical federated ID site with a collection of well-known social sites plus a place for a username if that's what the user prefers. The right side of the images shows the next page after the user has selected a social site for signin. This images shows some good patterns as well as some bad (anti-) patterns. First the good. the user knows what attributes are being requested by the RP from the social site. It is also good that the page shows the user how to change the permissions for user attributes granted to it. The bad is that the user cannot change the user attributes that are selected on first signin. Also the terms and privacy statement are dense legalese which are written to protect the site owner. Terms that are hard for the user to understand will not be permissible in the EU once the GDPR comes into force in May 2018.

• Mary proposes that the team hold a working meeting to take this information one step further.
• Tom suggested that the team create a list of open items to work on.

Ongoing:

C. Participation with Vulnerable Populations group: https://workspace.idesg.org/kws/groups/idesg_vpwg

D. Tracking: ISO standards for inclusion in IDESG Standards -- to do: prepare forms for us to submit with SCC Forms:

• ISO 9241-1: Ergonomic requirements for office work with visual display terminals (VDTs) — Part 1: General introduction AMENDMENT 1
• ISO/IEC 40500:2012 Information technology -- W3C Web Content Accessibility Guidelines (WCAG) 2.0 http://www.iso.org/iso/iso_catalogue/catalogue_tc/catalogue_detail.htm?csnumber=58625

E. Other work upcoming? Chairs group has asked for groups to submit a work plan for 2017 based upon our to-do list

8. Chairs Report
9. Liaisons report
10. Other business?
11. Ongoing / Future Action Items (3 minutes)

1. Consider insertions of the word "transparency" in supplemental guidance.
2. Create another page(s) for UX review of other committees’ requirements

12. Adjourn

• Adjourn
  • 1:00 p.m. EDT

• Next meeting is scheduled for July 11, 2017