May 15, 2014 Meeting Page

From IDESG Wiki
Jump to navigation Jump to search

SECURITY COMMITTEE / FUNCTIONAL MODEL MEETING NOTES

Meeting Date: May 15, 2014

Attendees

  • Adam Madlin
  • Ann Racuya-Robbins
  • Christopher Spottiswoode
  • Ryan Galuzza
  • Sal D’Agostino
  • Seetharama Durbha
  • Steve Orrin
  • Mike Garcia
  • Cathy Tilton
  • Colin Soutar



Meeting Notes

  1. Roll call; Quorum determination
    • Quorum was not achieved.
    • Small group in attendance.
    • Previous meeting notes – any comments? No.
  2. IPR policy reminder -
  3. Confirm note taking volunteer
    • Cathy agreed to take notes
  4. Review agenda
    • 2 main topics
  5. No objections to agenda
  6. Security Committee officer elections
    • Target elections for last meeting of this month (29th)
    • Need nominees for each of the roles – currently no secretary nomination
    • There are two nominations for chair – Adam and Sal
    • Seetharama nominated for vice-chair role
    • Adam talked about the importance of active participants for these roles. Has talked to MC about participation. Plans to put out a call for participation.
    • Wants full slate before elections held. Sal prefers to move forward now.
    • Mike thinks lack of a secretary is a huge challenge – loses continuity.
    • Need more investment of time in preparing for meetings to be efficient.
    • Seetharama thinks this isn’t the main problem. Not sure delaying elections will help.
    • Put time limit on this? By next plenary?
    • Sal – rules say we have to do it now.
    • Adam’s proposal –escalate to MC.
    • Adam out next week, asked Sal to chair.
    • Targeting 29th to hold election – asked for assistance in putting forth a full slate. Need committed leadership.
  7. Discuss included functional model plan and how to proceed.
    • From Adam:
      • At the last week’s meeting I took the action item to suggest our approach going forward with the functional model.
      • My suggestion is that the current Functional Model, described in the Approach presentation, is complete enough for a thorough review and comment collection in order to complete a full draft. The Functional Model package would include:
        • Contents
        • Introduction including instructions, package/deliverable description, purpose, who and how-to-use, request/next actions, etc.
        • Functional Elements / Model(s) diagram(s)
        • Functional Elements / Model(s) descriptions
        • Reference Implementations (multiple, full detail,…) – I see the Interaction model fitting here.
        • Other supporting materials, etc. …
      • We will put together this package and distribute it for comments. The work that has been underway over the past several weeks will be included as part of the reference implementation section. The reference implementation section is the primary chunk of work for this package that must still be completed. I’m also including an initial set of reference implementations to start to catalogue the complete list: (please consider and add your suggestions to the list)
        1. Remote identity proofing, with and without intermediary
        2. Authentication, with and without intermediary
        3. Credential issuance, with and without intermediary
        4. Authorization to online service, with and without intermediary
        5. Attribute control, with and without intermediary
        6. Anonymous interaction…
        7. Other
      • We will distribute this package for review while we work on the reference implementation documentation. We will discuss this plan in this week’s meeting and finalize it and next steps. I welcome any feedback.
    • Discussion:
      • Seetharama’s work is a starting point for this.
      • Many emails giving feedback on Seetharama’s presentation
      • Met with UCAHG this week to discuss this. UCAHG willing to review any comments we give them. If we contribute a new use case, it should be submitted on the Wiki (using the template). They are also willing to have joint calls as needed.
      • Try to make progress over next month; share at next plenary.
      • How do people feel about this?
      • Sal – clarify ask – Do we think Mike’s work on the model brings us forward? Yes.
      • Adam – put in package, with supporting material to provide package ready for review.
      • Sal – what we have is not a complete functional model. Not quite there. Comments still coming in. **Use cases need to be reworked.
      • AM - Package would outline next big step.
      • Seetharama – need a top down approach – what do we want to accomplish? Need concrete examples, start with use cases. Requirements.
      • AM- Seetharama’s work will flush this out. Examples are validations of the model, but not the model itself. Helps to identify gaps.
      • Mike disagrees – examples bring context.
      • What is left besides illustrative use case examples?
      • MG – Looking at TOC above, 1st 4 ready to be drafted. Mike will do intro. Send out for review using comment matrix. The other 2 are not ready. Use calls to get these done.
      • SD – Can’t publish without these. Top down vs bottoms up.
      • MG – tool vs content. Use cases take a lot to understand – may not serve as good examples of the **FM. Better to take 5 real world implementations and use them as the illustrative examples and map to them.
      • ARR – who will create these?
      • MG – create a subcommittee.
      • ARR – minority reports go into the deliverable? 7th section?
      • AM – Haven’t resolved if everyone is comfortable with the approach put forward by Mike.
      • Proposal – Package content of 1st 4 bullets ...
      • SD – No substantiation because don’t have use cases yet. No basis. How have we arrived at these elements?
      • MG – describe in introduction
      • Mappings done, Sal wants something more commercial – things that exist in the wild today commercially.
      • AM – Need submissions. Sal to provide an example.
      • Enough content (1st 4 bullets) to move into a more formal review and comment phase?
      • CS – Not clear what is the purpose of the model and how it is to be used.
      • MG – Will be part of introduction.
      • AM – thinks there is enough material there to send out. Can continue to develop the ref impl.
      • Small group to put package together – to include Adam and Mike. Others can join. May not have by next week. Seetharama and Sal will join. Steve Orrin willing to review.
      • Mike to writeup up 2 page intro and send to committee for comment covering bullet 1&2.
      • Sal – send to FMAHG first (via list).
  8. Review Seetharama interaction model presentation
  9. Other business
  10. Wrap up and actions for next week


Actions

  1. Mike to distribute intial package to committee with comments matrix for feedback




Quick Links: Security Committee | Functional Model | Security Committee Meeting Notes | Security Committee Content