January 15, 2015 Plenary Breakout Meeting Page
SECURITY COMMITTEE / FUNCTIONAL MODEL BREAKOUT MEETING AGENDA AND NOTES
SECURITY COMMITTEE / FUNCTIONAL MODEL MEETING NOTES
Meeting date: January 15, 2014
Notes were updated on 1/24/2014 to list all attendees and to reflect requested adjustments/corrections by Ann Racuya-Robbins (see below)
This meeting is a breakout session at the Atlanta Plenary, focused on functional model work.
- Aaron Gomez
- Alicia Zuniga
- Art Friedman
- Adam Madlin
- Andrew Hughes
- Chad Grant
- Colin Soutar
- David Bruggeman
- David Temoshok
- Don Campbell
- Gary Bickford
- Jeff Krug
- Jeremy Grant
- Jim Fenton
- Jim Zok
- Kaliya Hamlin
- Kennie Kwong
- Kim Little
- Matt Moyer
- Michael Kipness
- Mike Garcia
- Peter Fonash
- Peter Brown
- Peter Tapling
- Ryan Fox
- Ryan Galluzzo
- Sean Brooks
- Stephen Goldstein
- Stephen Race
- Steve Mednick
- Stuart Shapiro
- Suzanne Lightman
- Tracy Midrano
- Ann Racuya-Robbins
- Bruce O’Dell
- Cathy Tilton
- Chan Lim
- Christopher Spottiswoode
- David Weitzel
- Ejas Younas
- Jerry Kickenson
- Kate Kingberger
- Mark King
- Michael Duffy
- Sal D’Agostino
- Seetharama Durbha
- Steve Orrin
- Tim Reiniger
- Warren Blosjo
Adam kicked off the meeting
- Attendance roll call
- Discussed the agenda
- Quick status review of functional model work to date
- Review workstream 1 in detail – Functional Element work
- Discuss Functional Element as core of functional model work going forward
- Next steps
Adam reviewed the overall plan at a high level, reviewing workstream 1, 2, 3, and 4.
- This discussion will be led by Mike Garcia who led the work team for workstream 1.
- Before reviewing the workstream 1 draft deliverable, group addressed concern raised by Ann Racuya-Robbins about the functional element work.
- Ann participated as a team member in the workstream.
- Ann expressed her concern that the “human user” should be included in the functional elements; she objects to the current version of the functional element deliverables.
- Adam: Ann has been given the opportunity to discuss her concerns and document them in workstream team meetings, and in two Security Committee meetings (this was the second committee meeting). No other committee member or meeting participant requested to discuss the topic further.
- Ann does not believe that she was given adequate time to cover her concerns and wants it noted in the meeting minutes. [updated on 1/24/14]
- Adam, as security committee chair and his prerogative, made the decision that there was consensus to proceed with the functional element deliverable as presented by the team without Ann’s changes.
- Adam will determine and report back at the next committee meeting as to whether a committee vote is necessary to proceed.
- Mike provided a presentation on the workstream one deliverable (available here)
- The Functional Elements are intended to be a high level set of operations and functions that can be applied to as many use cases as possible and used to help create/apply requirements.
- On the chat, Sal suggested that the elements should be compared to Ken Kingenstein’s periodic elements of trust as well as the use cases.
- The presentation included overlays of the functional elements onto the several existing frameworks and use cases, including one from a current NSTIC pilot.
- David Temoshok suggested that, for known use cases, the security committee should look into protocols and standards that may be related to our functional elements and models and map the functional elements to existing standards and protocols that are used to achieve these functions.
- Jerry Kickenson volunteered to compare the existing version of the document to existing standards documents to see if there were any potential gaps
- Kaliya suggested that we review the “holistic images” documents for additional potential sources
- Peter thinks this product, while not 100% complete, is very useful for getting the ball rolling. It will also be useful as a way to ground conversations within the other committees of the IDESG.
- David suggested that the current functional elements are not tied to any LOA, but can be implemented to address any level.
- These products are an initial step in the development of the IDESG Functional Model; through the mapping and use cases/architectures comparisons these elements can be stressed tested and further fleshed out into a complete Functional Model.
- Jim Zok asked if we would be creating illustrative implementation models once the functional model has been fleshed out.
- Colin thinks that applying the elements to the use cases will help flesh out the actors and roles that will exist within different implementations
- Sal wants to take a closer look at the use cases and solve “real problems” that exist today.
- Adam will follow up on how this can be addressed.
- Stuart Shapiro suggested that we need to make sure that there is a balance between granularity and the ability to map (and be applicable) to broad and different systems; he suggested adapting the PEM to operate around the functional elements. He would like to see a version that is considered stable as soon as possible so he can begin working it into the PEM.
- He compared the “core operations” to “data actions”
- Adam will provide a better idea of when this can be finalized after the next Security Committee meeting.
- The deliverables will be added to the Wiki and put it into the Plenary “products”
- Jim Zok also suggested mapping the elements to the work of Ken K.
- Colin suggested that comparing this to the derived requirements could be a first step in this process as well as a way to help interact with the other committees around the topic functional models and functional elements.
- Joe Grubbs would also like to align the TFTM Requirements Mapping with the functional elements; it’s a strong way to make sure the mapping captures all aspects of TF implementation. He produced a revised set Terms of Reference which will be available shortly.
- Adam will try and work to refine the timeline for completion, but believes that a further refined set of functional elements can be completed before the next plenary session.
- There will be a meeting next week of the Security Committee.
- There was strong support among participants for continuing forward with the existing version of the deliverables and refining them through application to use cases, frameworks, and other existing models in an effort to flesh out the Functional Model.
- David would like the committee, at some point, to discuss the how existing security certifications should be addressed by the IDESG
- Adam to post functional element deliverables to the wiki.
- Adam to follow up on final steps for draft deliverable to be released.
- Adam to follow up on overall functional model plan, timeline and next actions.
- Compare against existing standards for gaps.
- Compare versus NSTIC derived requirements
- Collaborate with Ken Klingenstein on periodic table of trust elements
- Review meeting recommendations for potential mappings and further sources for Functional Element refinement