May 14, 2015 Meeting Page
From IDESG Wiki
SECURITY COMMITTEE / FUNCTIONAL MODEL MEETING NOTES
Meeting Date: May 14, 2015
- Adam Madlin
- Ryan Galluzzo
- Adam Migus
- Bob Pinheiro
- Christine Abruzzi
- Christopher Spottiswoode
- David Temoshok
- Lee Aber
- Mary Ellen Condon
- Ann Racuya-Robbins
- Jeff Shultz
- Jerry Kickenson
- Steve Orrin
- Sal D’Agostino
- Martin Smith
- Jamie Clark
- Paul Knight
- Linda Braun, Global Inventures
- Adam Madlin led the call. Notes taken by Linda Braun
- Approval of the April 23, April 30 and May 7 minute notes pushed to the next meeting.
- Review agenda
- Approve past meeting notes
- Committee chairman elections
- Process FMO Security Requirements feedback
- New Business
- Wrap up
Work status and updates
- Security Committee Election: Mary Ellen Condon was elected as the new chair of the SC. The Committee thanked Adam for his excellent service as chair.
- FMO Security Requirements Feedback: The FMO sent in their feedback to the Security Committee today at 2:59pm EDT. In order to meet the deadline of getting the finalized feedback in from the Security Committee which is due May 22, two extra meetings will be held. Adam asked everyone to review the FMO input before tomorrow’s meeting. Ryan volunteered to mark up each PowerPoint with edits and comments and send to the Security Committee once today’s meeting was over. The following requirements were reviewed and commented on.
- Requirement #1: Entities MUST apply appropriate and industry-accepted information security standards, guidelines and practices applicable to the digital identity data and management functions that they provide, commensurate with the risks and environments in which they operate.
- Requirement #2: Approved Disposition 5/14: Entities that issue or manage credentials MUST ensure that each account credential pair is uniquely identifiable within its namespace for authentication purposes.
- Requirement #3: Accepted Disposition 5/14: Entities MUST implement industry-accepted practices take reasonable steps to protect
- Requirement #4: Accepted Disposition 5/14: Entities that issue or manage credentials and tokens issuers MUST implement industry-accepted reasonable processes to protect against their unauthorized disclosure and reproduction.
- Requirement #5: Accepted Disposition 5/14: Entities that issue or manage credentials and tokens issuers MUST implement apply industry-accepted data integrity practices to enable individuals and other entities to verify the source of credential and token data.
- Requirement #6: Approved Disposition 5/14: Entities that issue or manage credentials and tokens issuers MUST do so issue credentials in a manner reasonably designed to assure that they are granted to the appropriate and intended.
- Requirement #7:Approved Disposition 5/14: Entities that authenticate a user must employ industry-accepted, reasonably secure authentication protocols to demonstrate the USER's control of a valid token.
- Requirement #8: This is redundant with Standards and will be discussed further at the May 15 call.
Wrap up and actions for next week
- Next meetings May 15, 2015 and May 18, 2015.
- Continue working on feedback from FMO to Security Committee requirements.