July 17, 2014 Meeting Page
From IDESG Wiki
SECURITY COMMITTEE / FUNCTIONAL MODEL MEETING NOTES
Meeting Date: July 17, 2014
- Adam Madlin
- Adam Migus
- Ann Racuya-Robbins
- Andrew Hughes
- Bev Corwin
- Christopher Spottiswoode
- Jerry Kickenson
- Mike Garcia
- Paul Grassi
- Robert Faron
- Ryan Galluzzo
- Sal D’Agostino
- Steve Orrin
- Notes taken by Adam Migus
- Roll call; Quorum determination
- IPR policy reminder - https://www.idecosystem.org/system/files/filedepot/103/IDESG%20IPR%20Policy.pdf
- Reminder about subcommittees schedules
- Requirements working group met on Monday notes were sent out
- Ryan summarized the progress:
- Good attendance and discussion
- Current timeslot agreed upon
- Next steps:
- Look at existing requirements as a starting point
- Start looking at the CSA model – cloud control matrix – use what’s already there.
- Interaction model working group
- Was supposed to meet last Friday but didn’t happen Will meet this week. It’s scheduled for Friday at 10 AM. Adam Migus asked to be included. Mary Beth to send out a meeting invite for tomorrow only. The recurring meeting will be scheduled once we get consensus on the timeslot.
- Review Functional Model Components deliverable comments and determine dispositions
- An updated document was submitted to Adam by Ryan and Mike. It was circulated on 7/15 via the mailing list.
- Adam Madlin opened by highlighting key changes for the group
- We resumed going through the consolidated comments matrix
- Sal sought to clarify what type of audit (internal audit/logging, and external audit) we are talking about; discussion about the same ensued in the meeting chat.
- Mike G. explained the reasoning for the changes that he and Ryan made chiefly adding the business operations as a layer.
- Adam Madlin reminded everyone that we need to review the addition of the business operations layer separately.
- Discussion initiated by Bev about the role of audit relative to the type of entity (for profit, non-profit) participating in the ecosystem, however, it was agreed that the discussion will be taken offline.
- Discussion initiated by Steve Orrin about inclusion of privacy concerns in the model. Ryan suggested that privacy should be dealt with as part of the requirements.
- Review left off at discussion of Jerry’s comment regarding OAuth and authorization.
- Discuss Standards Adoption Policy Feedback to SCC
- Comments were due today.
- Adam summarized the document.
- Steve Orrin raised the issue pending in SCC which is how to handle competing standards
- Bob Faron mentioned request for feedback to the Security Committee on a topic that he will post to the listserv.
- New business - none
- All to review the Functional Model deliverable in detail so that comments can be disposed.
- Adam to produce agenda for next week’s meeting but Sal will run it as Adam will be on vacation