August 13, 2015 Meeting Page
SECURITY COMMITTEE / FUNCTIONAL MODEL MEETING NOTES - draft
- Mary Ellen Condon
- Adam Migus
- Ryan Galluzzo
- Paul Knight
- Martin Smith
- Steve Orrin (joined at 1:30 p.m.)
- Christina Abruzzi
- Ann Racuya-Robbins
- Linda Braun, Global Inventures
- Mary Ellen led the call. Notes taken by Linda Braun.
Agenda Review – as distributed by Mary Ellen in advance of the call (approved)
- Roll call; Quorum determination. Quorum was met.
- IPR policy reminder – https://www.idecosystem.org/system/files/filedepot/103/IDESG%20IPR%20Policy.pdf
- Minutes for July 23, 2015, July 30, 2015 and August 6, 2015 pushed to next meeting as the website is down.
- Redress Task Force work – Adam Migus
- Adam reported that another call took place this week with agreement on alternate language for INTEROP-09. USER REDRESS. Portability requirement – FMO reminded folks that the task is narrowly defined – turn requirement into best practice. Discussion went into need to change requirement and that would be outside of the scope of the group. Adam additionally mentioned that some other group will formulate the portability requirements. Adam did not think about portability in the security requirements. If portability gets added, that will change any of our other requirements and reminded the team to keep that in mind for next meeting. Comment was made that the Security Committee needs to understand how portability is being defined. Adam took as feedback and will pass along at the next redress team meeting.
- Nominated Standards – Ryan Galluzzo
- Ryan went over the submission forms for two standards that the Security Committee will submit to SCC:
- Entity Authentication Assurance Framework (ISO/IEC 29115, ITU-TX.1254). Description: This standard provides guidelines for managing electronic authentication of users. Similar to NIST 800-63, it identifies four levels of assurance and provides: criteria and guidance for achieving each of the four levels of entity authentication assurance; guidance for mapping the four levels to other authentication schemes; guidance for exchanging authentication information; and provides guidance for mitigating threats to authentication.
- Electronic Authentication Guideline (NIST SP 800-63). Description: This standard provides guidelines for electronic authentication of users to federal information systems. It identifies four levels of assurance and provides technical guidance for identity proofing, registration, tokens, management process, and authentication protocols at each level.
The team had a discussion about the field on the form “cost effective and easy to use.” Ryan will update form and resend to team.
- FMO Updates – Paul Knight
- Before the plenary there will be a review period over the next few weeks. FMO has not completely defined process on how to handle. They will probably allow committees to make changes to requirements and supplemental guidance if need be. Question is how FMO handles changes that were approved on January 25. FMO will put together a suggestion on how to handle this and will discuss at next management council meeting (August 18). Some committees sent Supplemental Guidance that changed wording to the requirements. Some had changes to short titles. FMO will find a way to incorporate changes. Schedule: Tomorrow, the FMO will send out consolidated requirements with supplemental guidance material. After management council meeting they will publish a process for how changes and suggestions will be handled.
- The SC discussed changes to the three short titles and decided to hold off further talk until the management council meets.
- New business
Wrap up and actions for next week
- None noted.
- Next meeting: August 20, 2015
- Next Plenary is in Tampa, September 24 & 25, 2015. The Management Council meeting is September 23, 2015.
- Meeting was adjourned at 1:53 p.m. EDT.