March 13, 2014 Meeting Page
From IDESG Wiki
SECURITY COMMITTEE / FUNCTIONAL MODEL MEETING NOTES
Meeting Date: March 13, 2014
- Ann Racuya-Robbins
- Adam Madlin
- Chan Lim
- David Temoshok
- John Stearns
- Mark Wallace
- Mike Garcia
- Ryan Galluzza
- Sal D’Agostino
- Sean Brooks
- Seetharama Durbha
- Roll call; Quorum determination
- IPR policy reminder -
- Note taking volunteer - Mark Wallace
- Review agenda
- Attribute AHG Update
- Attribute use case status - has sent out practice statement and request for comments. Request comments by end of March. Next meeting is Friday March 21st at 11:00 EST
- There will be a plenary breakout session on Attributes
- Review meeting minutes
- Plenary breakout meetings discussion
- Revised agenda on IDESG website
- Reserved a breakout for Functional Model Team working session. There will also be presentation opportunities.
- Security committee invited to consider hosting a breakout discussion on new NIST SP on derived credentials (depends on logistics; maybe a committee breakout or a "bird of feather" session). (NOTE: this is not a new workstream or commitment, merely an opportunity to discuss an interesting concept).
- Discuss completion of Use Case Analyses
- Questions & topics on Use Case Analysis? Treat that work as complete as of next week; hold a closeout review next week & discuss next step.
- Will we summarize findings? Will there be an output? Answer: yes - trying to identify key findings (e.g. Gap on disintermediation)
- Review Updated Functional Element draft deliverable
- The format has changed in order to highlight the fact that this is not a sequential process diagram.
- A new core operation has been added "Transaction intermediation" (Hub)
- Removed "data submission" and "data request" on the grounds that they are ubiquitous and subsumed by existing elements.
- Considered and rejected "Access Control Policy"; it is duplicative with access control policy
- Removed "Identity Mapping" - not a functional element.
- Considered but rejected federation and trust framework and contextual authentication.
- Considered attributes, but did not seem to be part of the functional model.
- Corresponding updates to Terms of Reference
- Discussion of (Enrollment vs Registration) escalated to higher level discussion with a goal of consistency.
- Question: Does credential issuance encompass token binding and attribute binding? How are they distinct? Examples might help. (extensive discussion; the concept appears clear cut to some, and opaque to others).
- Discussion: How to document necessary assumptions and incorporate that into the document?
- How do we get from here to the next step? How do we answer contextual questions at the plenary?
- Continue to review latest Functional Elements deliverable. Will communicate a process and timeline for feedback, to finalize draft next week.
- What are our next steps for roles/actors/aspirations?
- Consider missing use-cases - do the use cases compose the universe, or are there (relevant) missing use cases?