March 12, 2015 Meeting Page
From IDESG Wiki
SECURITY COMMITTEE NOTES - draft
Meeting Date: March 12, 2015
- Adam Madlin
- Andrew Hughes
- Ann Racuya-Robbins
- Bob Pinheiro *Jeff Shultz
- Hans Vargas
- Lee Aber
- Linda Braun, Global Inventures
- Martin Smith (joined at 12:45pm)
- Paul Knight
- Paul Laurent
- Ryan Galluzzo
- Sal D’Agostino
- Seetharama Durbha
- Suzanne Lightman
- Adam Madlin led the meeting. Notes taken by Linda Braun
- General Updates
- Final Security Requirements are due March 16.
- At today’s meeting, the team will vote on the security requirements as distributed by Ryan March 10.
- The All Chairs call discussed the proposal for a new committee, called the Attribute Committee. Process for approving this as a new committee and timing was discussed. This committee is being considered as a coordinating committee. Adam indicated that this topic will be added to the April 16 agenda. Adam is updating the proposal and will be submitted to the Management Council in two weeks.
- There is a leadership retreat scheduled for May 19 & 20 in Washington, D.C., hosted by Marc-Anthony. Management Council and Committee officers will be invited.
*Vote on Security Requirements document
- The committee voted to approve the current version of the Security Requirements sent by Ryan. He reviewed a small change he made to the document in the area of name space in requirements#2 before the vote took place. This was a consensus vote. All in favor. No objections. Quorum reached. 12:25pm EDT.
- Review feedback from Martin Smith
- Next topic on the agenda - review feedback from Martin Smith. These are considered aspirational requirements and are not part of the baseline requirements.
- Requirement #1: User attributes and data tags used for authorization in the ecosystem must be unique. Disposition: Standardization would be required. Further discussion required.
- Requirement #2: All providers of user attributes for authorization in the ecosystem must make available (publish) assertions on the quality of the provided attribute data (e.g. freshness, error rate, integrity, etc.) as well as on the methodology used to generate the attribute data (the operational definition of the data). Disposition: Standardization would be required. Discuss at a later time. This requirement might be appropriate for the attribute committee.
- Requirement #3: All service providers in the ecosystem (IDPs, relying-party information resource providers, etc.) must be registered and must be strongly authenticated at every transaction. Disposition: Requires not currently existing infrastructure but should be considered for future versions of the operational versions of the assessment and certification program - partially addressed under the current plans for assessment and attestation program. May be issues of scalability.
- Adam notified the committee that he will be stepping down as Chair of the Security Committee in May. He will work with Marc Anthony and Seetharama regarding next steps and voting process for a new chair.
- Meeting adjourned at 1:10pm EDT.
- Next meeting: Thursday, March 19, 2015.
- Linda to cancel March 13, 2015 working session and send a notification to the Security Committee.