August 7, 2014 Meeting Page
From IDESG Wiki
SECURITY COMMITTEE / FUNCTIONAL MODEL MEETING NOTES
Meeting Date: August 7, 2014
- Adam Madlin
- Adam Migus
- Ann Racuya-Robbins
- Bob Pinheiro
- Christopher Spottiswoode
- Jim Kragh
- Mark Wallace
- Martin Smith
- Paul Grassi
- Rick O'Brien
- Robert Faron
- Ryan Galluzzo
- Sal D’Agostino
- Sean Brooks
- Steve Orrin
- Suzanne Lightman
- There was a brief discussion between Adam Madlin and Sean Brookes prior to adjourning the meeting about submission of the finalized Functional Model document to the privacy committee for review.
- Sean indicated that Adam may send the document to the Privacy Committee listserv with a request for formal review and that the Privacy Committee is preparing to receive it and making the time to review it so that it will be ready for submission to the Plenary in time for the Plenary meeting in Tampa.
- Adam reiterated that the intention is to finalize the Functional Model document in today’s meeting and have it cleaned and ready for submission to the Privacy Committee by tomorrow.
- Notes taken by Adam Migus
- Roll call; Quorum determination
- IPR policy reminder - https://www.idecosystem.org/system/files/filedepot/103/IDESG%20IPR%20Policy.pdf
- Last week’s minutes were approved
- Security Requirements
- Adam Madlin asked Ryan to update the committee
- the group met to go through the mapping of the CCMv3, ISO27001 requirements that he prepared
- everyone seemed happy with the result, however,
- they agreed to focus on Identity and Access Management (IAM) requirements going forward
- Ryan agreed to filter the current list so as to exclude non-IAM requirements
- and to look at the FICAM LOA 1-3 requirements as a means to derive more.
- There was a lively discussion about potential future application of automation tools to optimize the accreditation process.
- Martin asked whether participants were trying to keep the work aligned with other frameworks like FICAM
- Adam Madlin asked Martin if he could attend the next meeting to ensure that his concern is being addressed
- Adam Madlin asked Ryan to update the committee
- Functional Model
- Ryan prepared today’s document based on last week’s document with changes by he, Adam Migus, and Martin Smith with grammar changes already accepted and substantive changes pending review.
- Adam Madlin shared that document and proposed that it be finalized for submission to the Privacy Committee as the step preceding submission to the Plenary for approval.
- Sal submitted a document based on an earlier draft to the committee shortly before the meeting
- Adam Madlin asked Sal to interject with his comments as we go, given that they didn’t make it into today’s document.
- Martin asked the group whether the document was intended to be present vs. future oriented and whether it was meant to be unambiguous with respect to roles and functions.
- Adam Migus said he thought that the intention is to make the document focused on the present with flexibility and extensibility to handle future concerns as we understand them. He also explained that he edited the preamble for Table 2 so that it explains the relation between roles and functions which should address the ambiguity question which is one of the pending edits.
- Adam Madlin asked Martin to explain why the Authentication Provider role should be added but Martin wasn’t able to respond due to a technical issue (?).
- Sal said that trust framework providers and federation should be represented in the document.
- Martin(?) suggested that Datamarking(?) should also be considered
- Sal talked about the interoperability layer as being more than a technical topic that encompasses more than just standards
- Adam Madlin brought up the proposal by Rick O’Brien to add Provenance Binding as a function
- A brief discussion was had about the function and whether it was really part of other function(s)
- Adam Migus proposed that it be deferred to a later iteration of the document; Suzanne seconded
- Adam Madlin proposed that we list the post finalization edits on a prominent wiki page that is considered input into the next draft. Suzanne Lightman seconded. There were no objections.
- Ryan said he would look at Sal’s changes and try to resolve them against the edits in the finalized document and may include trivial changes in the final draft produced tomorrow.
- Adam Madlin called for objections to finalizing the document; No objections.
- Adam Madlin summarized
- we reviewed and approved all comments for this iteration,
- we agreed to create a wiki listing the changes deferred to the next iteration,
- the final draft will be produced tomorrow and sent to the Privacy Committee listserv with a request for formal review.
- Ryan to produce the final draft for submission to the Privacy Committee tomorrow
- Adam Madlin and Adam Migus will create a wiki page for the deferred changes