January 24, 2017 UXC Meeting Page
USER EXPERIENCE COMMITTEE MEETING NOTES
- Mary Hodder
- Tom Jones
- Ellen Nadeau
- Suzanne Lightman
- Jim Kragh
- Bill Schmoekel
- Linda Braun, Global Inventures
- The focus of the meeting was to discuss UXC plans for 2017.
- Tom Jones asked to include a discussion about how to explain to a user what privacy state they are in.
:A.Relying Party example best practices for a relying system:
- RSA Conference February 13-19 in San Francisco. Discussion took place about presenting the Relying Party work that Tom Jones has been working on at the Open ID Conference which takes place prior to RSA. Deadline is February 9. Need clarification from the conference director, Mike Jones at Microsoft, as to whether we could give a presentation or is there an opportunity to become a registered site on a list of OpenID approved systems.
- It is our goal to write this up at some point as a best practices document and getting feedback from the RSA group would be great. Sal D’Agostino is in favor of pursuing this.
- Mary would like to get Tom Jones together with Sal D’Agostino and Hans Vargas who might help setting up the RP system. Mary will send them email to set up the working meetings.
- Messaging: The RP story is how IDESG mapped our own organizational requirements; what our members need; and what we need from our members to meet the IDEF requirements.
- Every entity that is trying to set up a RP system for themself is going to have to make their own set of requirements and overlay the IDEF requirements (like we are trying to do) and come up with an RP system for themselves. Sharing that experience would be very positive.
- How do we tell the user what their privacy state is? Mary noted that this is a critical piece for a RP – and it is a challenge for any system to let the user know. In our browsers and phone there are a number of symbols and screens. In my browser there are a number of symbols and to have them all make sense to individuals is something we will need to think more about. It’s a challenge for any organization. We might take this on a project (as a survey) to try and come up with something that could be used across a number of systems.
:B.NIST SP 800-63-3
- Tom Jones asked about the move from NIST SP 800-63-2 to 800-63-3. The standard tends to be related to the status of the site you are visiting rather than the current connect. If you come into a system as anonymous and then sign up, what is the impact? One idea to think about for UXC is commenting on 800-63-3. The standard changes to four levels of authentication to a two position grid. The original four were based on an OMB memo? and we think this matrix approach is more useful to people who are developing a system. Are we targeting 63-2 and evolve to 63-3? Is the expectation that IDESG will target and conform to 63-3? 63-3 is laid out mostly for federal agencies, the different levels of assurance and what you have to do at a minimum to achieve those levels. We site 63-3 in our requirements so we will have to go back to the requirements to make sure 63-3 is addressed.
:C.More coordination with TFTM
- Tom Jones noted that he is concerned about more than one symbol on a user page/website. Was TFTM talking about a number of symbols (e.g. registered?) How is a user going to understand this?
- A blanket way to describe that project is coordinating with TFTM on the UX side on the use of the mark and how it works on our sites and on other sites.
:D.IDEF Registry Phase 2
- When the IDEF Registry is working on phase 2 we will want to spend meeting time to review the user experience side of what is being developed. We will be doing agile development at that point. We are developing a statement of work now with Early Adopters, Inc. for the IDEF Registry. Our committee will have user experience work reviewing and testing the new features that are being built. Noreen Whysel will more than likely continue the work she did with Phase 1 to get feedback from users for Phase 2.
:E.Vulnerable Populations Working Group
- VPWG – Mary Hodder, Tom Jones and Noreen Whysel attended the last VMWG meeting. The group has had two formal meetings. Denise Tayloe, the VPWG Chair, has asked members of the team to look at vulnerable populations in the homeless area and look at those populations and determine privacy and identity requirements. If user experience questions come up, the User Experience Committee will probably want to address.
- UXC could help flush out some of the use cases. Jim Kragh created a use case for homeless as a general category. The idea is to create sub-groups of specific interest. Make the use cases as specific as possible. There will be challenges with the identity process of each of these sub-sectors that the VPWG will work on.
- Tom Jones added a page on the Wiki – Taxonomy for Vulnerable Populations’ Trust Identity in Cyberspace
https://wiki.idesg.org/wiki/index.php?title=VPWG_Taxonomy that discusses, for example, pre-school children whose guardian is poorly credentialed; children under 13 covered by COPPA, K12 students who usually are asked for parents’ proof of residency, but have homeless exemptions guaranteed by the McKinney-Vento Act, Adult citizens without DMV certification but with a physical address, people on the edge of society, people getting out of prison, to name a few. The VPWG will break into sub-groups and work on specific areas.
- Mary commented about the One World Identity Conference taking place in May. in Washington, DC. They talked about the Relaying Party system and they wanted to know more information about verticals. City and county level governments could be a key.
- Mary talked about the parking group in Pleasantville, CA that she is involved with and the problem of people parking in a residential area instead of going to a parking garage to attend a 49ers game and the privacy implications of the city developing a system to address this. This could be an interesting use case for UXC to address.
- Mary will set up a couple of meetings to discuss the UXC work plan for 2017 in more detail, specifically the RP example.
- There has been some discussion at the board level about reviving requirements that each committee developed. While it may not be an extensive revision, we will want to do some revisions and the IDESG will would through its processes of approving things up the chain. We would also want to look at the 800-63-3 work and make sure that our references are correct.
- Ellen will look at the timing of 800-63-3 to see if we can still provide comments.
- Submit to OpenID Foundation – near term priority.
- Vulnerable Populations – as they meet and as TFTM meets, there will be some things that UXC will need to be reactive to.
- Next regular meeting, February 9, 2017.
- Adjourn: Meeting was adjourned at 12:58 p.m. EST