August 20, 2015 Meeting Page
SECURITY COMMITTEE / FUNCTIONAL MODEL MEETING NOTES - draft
- Mary Ellen Condon
- Adam Migus
- Adam Madlin
- Christopher Spottiswoode
- Bob Pinheiro
- Paul Knight
- Martin Smith
- Steve Orrin
- Suzanne Hall
- Bev Corwin
- Paul Knight
- Sal D’Agostino
- Linda Braun, Global Inventures
- Mary Ellen led the call. Notes taken by Linda Braun.
Agenda Review – as distributed by Mary Ellen in advance of the call (approved)
- Roll call; Quorum determination. Quorum was met.
- IPR policy reminder – https://www.idecosystem.org/system/files/filedepot/103/IDESG%20IPR%20Policy.pdf
- Minutes for July 23, 2015, July 30, 2015, August 6, August 13, 2015 approved (Adam Migus motioned, Adam Madlin seconded). No opposed.
- Redress Task Force work – Adam Migus
- Redress portion of task force done. Task force focus now switched over to “portability.” Portability centered around IDP – ability to switch to another IDP – take my data and switch to another. Phone number portability also used as an example. TF is deciding course of action; leave as a best practice is one of the options. If portablility is brought into security right now, we would need to revisit requirements. Not all requirements are open. Portability would have to be reopened as a special exception and the Security Committee doesn’t support doing that right now. Leave as a recommended best practice for now and ultimately support carrying the whole thing forward.
- Chat from Paul Knight (FMO) to Everyone:
INTEROP-BP-A. RECOMMENDED PORTABILITY Entities SHOULD utilize services and systems that allow for identity account portability; specifically: (a) IDENTITY-PROVIDERS SHOULD provide an easy to use method to allow to switch to a new provider(s). (b) IDENTITY-PROVIDERS SHOULD provide departing USERS a mechanism to link their RELYING-PARTY accounts with their new provider(s). (c) RELYING-PARTIES SHOULD provide USERS with a mechanism to associate multiple credentials to a single account. (d) RELYING-PARTIES SHOULD provide USERS with a mechanism to have a single account per credential. (e) IDENTITY-PROVIDERS SHOULD utilize services and systems that allow for affordable identity account portability. (f) Wherever feasible, IDENTITY-PROVIDERS SHOULD provide USERS with a mechanism for portability of their privacy and other USER preferences.
- Requirements document and supplemental guidance
- FMO asked us to take a look at the document. Changes in the Security section are grammar and format focused recommendations.
- Suggest made that the Security Committee do an individual review of document and then have a brief comment period.
- August 27 Mary Ellen is not available, nor is Steve Orrin and Adam Migus to run the next Security Committee meeting. Suggestion was to use August 27 as the individual review date since we will not have a meeting. September 3 is our next meeting where people should bring comments with the goal of finalizing the document. Mary Ellen asked everyone to review security material in particular, but also look at everything if you have time.
- FMO Updates
- The document feedback was delivered in two formats. PDF is easier to read, but Word format for edits (use track changes).
- Document came from email from Jamie and Mary Ellen also attached to her email along with August 20 agenda.
- Standards Discussions ISO/IEC 29115 & NIST SP 800-63 continued from 8/13 meeting will be deferred as focus need to be on # 6
- chat from Paul Knight (FMO) to Everyone (links to the two standards):
https://www.idecosystem.org/wiki/NIST_SP_800-63-2 from Paul Knight (FMO) to Everyone: https://www.idecosystem.org/wiki/ISO/IEC_29115_Entity_Authentication_Assurance from Paul Knight (FMO) to Everyone:
- Security Committee agreed to move forward with the standards recommended last week.
Team agreed to move process forward. Adam Migus and Martin Smith motioned/seconded. No opposition.
- New business
If anyone wants to sponsor the Plenary, there are still sponsorships available. Contact M.A. or Sal D’Agostino for more information.
Wrap up and actions for next week
- None noted.
- Next meeting: September 3, 2015
- Next Plenary is in Tampa, September 24 & 25, 2015. The Management Council meeting is September 23, 2015.
- Meeting was adjourned at 1:36 p.m. EDT.