March 13, 2014 Meeting Page

From IDESG Wiki
Jump to: navigation, search

SECURITY COMMITTEE / FUNCTIONAL MODEL MEETING NOTES

Meeting Date: March 13, 2014

Attendees

  • Ann Racuya-Robbins
  • Adam Madlin
  • Chan Lim
  • David Temoshok
  • John Stearns
  • Mark Wallace
  • Mike Garcia
  • Ryan Galluzza
  • Sal D’Agostino
  • Sean Brooks
  • Seetharama Durbha


Meeting Notes

  1. Roll call; Quorum determination
  2. IPR policy reminder -
  3. Note taking volunteer - Mark Wallace
  4. Review agenda
  5. Attribute AHG Update
    • Attribute use case status - has sent out practice statement and request for comments. Request comments by end of March. Next meeting is Friday March 21st at 11:00 EST
    • There will be a plenary breakout session on Attributes
  6. Review meeting minutes
  7. Plenary breakout meetings discussion
    • Revised agenda on IDESG website
    • Reserved a breakout for Functional Model Team working session. There will also be presentation opportunities.
    • Security committee invited to consider hosting a breakout discussion on new NIST SP on derived credentials (depends on logistics; maybe a committee breakout or a "bird of feather" session). (NOTE: this is not a new workstream or commitment, merely an opportunity to discuss an interesting concept).
  8. Discuss completion of Use Case Analyses
    • Questions & topics on Use Case Analysis? Treat that work as complete as of next week; hold a closeout review next week & discuss next step.
    • Will we summarize findings? Will there be an output? Answer: yes - trying to identify key findings (e.g. Gap on disintermediation)
  9. Review Updated Functional Element draft deliverable
    • The format has changed in order to highlight the fact that this is not a sequential process diagram.
    • A new core operation has been added "Transaction intermediation" (Hub)
    • Removed "data submission" and "data request" on the grounds that they are ubiquitous and subsumed by existing elements.
    • Considered and rejected "Access Control Policy"; it is duplicative with access control policy
    • Removed "Identity Mapping" - not a functional element.
    • Considered but rejected federation and trust framework and contextual authentication.
    • Considered attributes, but did not seem to be part of the functional model.
    • Corresponding updates to Terms of Reference
    • Discussion of (Enrollment vs Registration) escalated to higher level discussion with a goal of consistency.
    • Question: Does credential issuance encompass token binding and attribute binding? How are they distinct? Examples might help. (extensive discussion; the concept appears clear cut to some, and opaque to others).
    • Discussion: How to document necessary assumptions and incorporate that into the document?


Actions

  1. How do we get from here to the next step? How do we answer contextual questions at the plenary?
  2. Continue to review latest Functional Elements deliverable. Will communicate a process and timeline for feedback, to finalize draft next week.
  3. What are our next steps for roles/actors/aspirations?
  4. Consider missing use-cases - do the use cases compose the universe, or are there (relevant) missing use cases?




Quick Links: Security Committee | Functional Model | Security Committee Meeting Notes | Security Committee Content