September 25, 2014 Meeting Page

From IDESG Wiki
Jump to navigation Jump to search

SECURITY COMMITTEE / FUNCTIONAL MODEL MEETING NOTES

Meeting Date: September 25, 2014

Attendees

  • Aaron Guzman
  • Adam Madlin
  • Adam Migus
  • Ann Racuya-Robbins
  • Bev Corwin
  • Christopher Spottiswoode
  • David Temoshok
  • Hans Vargas
  • Linda Braun
  • Martin Smith
  • Miguel Ballesteros
  • Mike Garcia
  • Paul Knight (OASIS)
  • Robert Faron
  • Ryan Galluzzo
  • Sal D’Agostino
  • Suzanne Lightman


Meeting Notes

  • Notes taken by Adam Migus
  1. Roll call; Quorum determination
  2. IPR policy reminder - https://www.idecosystem.org/system/files/filedepot/103/IDESG%20IPR%20Policy.pdf
  3. Administrative
    • Hans (Last Name?) would like to become a member of the Security Committee
  4. Priorities and Work
    • Requirements is our highest priority
      • At the Plenary we agreed upon a process to create, consolidate and collect feedback on them within the timeframe proposed by IDESG leadership.
    • the next version of the Functional Model seems to be the work that most committee members are interested in working on.
  5. Functional Model
    • Madman congratulated everyone now that version 1 has been approved by the Plenary
      • we had a brief discussion about how the document will be maintained going forward
      • the security committee will be responsible for the maintenance
    • Now that it’s out we would like to publicize it.
      • Madman will look into how the IDESG can announce it on the website and social media like Twitter
      • Mike said that the NPO plans to publish a post plenary blog and it will talk about the FM approval; he said they'd be happy to cross-reference posts, do retweets or otherwise promote IDESG sourced materials
  6. Requirements
    • Martin commented that Trust Framework Providers ought to be included in the FM because they need to be accounted for in the requirements
      • Ryan replied that we cover that by way of having governance and accountability in the FM
      • Madman added that the first version of the requirements should focus on the participants of the ecosystem then we can look at the requirements for other layers like governance
    • Ryan walked through the process we agreed upon at the Plenary:
      • Collection period
      • Consolidation period
      • create a questionnaire to be given to the pilots and other would-be implementers
      • A process document that outlines the above to explain how we did what we did.
    • the questionnaire will be designed to get feedback on reasonability, completeness, relation to reality and general feedback such as "would you be willing to self-attest."
    • Sal drew the distinction between the pilots and government agencies vs. the smaller firms without the specialized knowledge and robust controls; we need something that helps with both
    • Adam brought up the broader baseline discussion and the need for clarity about what that means and how it relates to self-attestation


Actions

  • Madman to add Hans as a member of the security committee
  • Madman to seek clarity on the baseline definition from IDESG leadership



Quick Links: Security Committee | Functional Model | Security Committee Meeting Notes | Security Committee Content