[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [iam-discuss] Comments to date on initial draft IAM TC submission
|
Thanks Martin
I have taken another pass through the doc and offer the following.. 1) While I agree and support the use of the NSTIC principles and baseline requirements as a guide for the proposed work, I am not sure that the reference to IDESG in (1)b para 3 is entirely reflective of the reality. IDESG has not specified the development of an 'architectural framework' AFAIK. A trust framework, yes, but it is too early to tell if the effort will go as far as developing an architectural framework. It is largely an outcomes focussed org, so my sense is that this is unlikely, compared to say, evaluating a range of architectural frameworks in existence for the purposes of determining conformance with the NSTIC principles, IDESG baseline requirements, and perhaps in future, TrustMark conditions. 2) (1) b para 4 and elsewhere mentions 'implementable and testable', and yet the doc is not really clear on what this means. Different folks have slightly different interpretations, so clarification is necessary. To me it suggests a test plan that proves conformance to an implementation of the IAM Framework such that a static test harness could be developed to provide a yes/no pass/fail. that is no small deliverable in its own right, in addition to the others proposed. 3) (1) b para 5 indicates a target on 1 year for the deliverables, from TC establishment. IMHO with experience of other OASIS TCs this is mighty ambitious, perhaps unrealistically so. That means the work has to be done in about 8 months, to allow for committee reviews and public reviews. There is no distinction between what deliverables are to be a Committee Spec and a Committee Note, which also has a bearing on timelines. This issue of Specs vs Notes applies to (1) d Deliverables sub section as well. 4) (1)c para 2. More clarification needed in this scope statement whether identity proofing and credential/token binding is in scope. I don't think so, but happy to be proved wrong. 5) (1) c para 3 - 5 and elsewhere. There's normative language (will) and non normative language (may) that needs t be double checked for consistency. Para 3 first sentence is an example. I hope these observations are helpful. Cheers Colin Date: Sun, 31 May 2015 22:58:50 -0400 From: bfc.mclean@gmail.com To: iam-discuss@lists.oasis-open.org CC: john.tolbert@queraltinc.com Subject: [iam-discuss] Comments to date on initial draft IAM TC submission Attached is a list of comments received to date on the initial draft of the OASIS IAM TC proposal submission.
We will continue to collect comments on the draft and the proposed dispositions in this document for at least another week. If it seems useful, we will conduct another concall to resolve proposed dispositions. We will then send out another draft incorporating accepted comments which will be the final for submission to OASIS unless a critical issue is raised. Thanks again to all who participated in the first concall and others who have provided comments. Best regards, Martin -- Martin F Smith, Principal BFC Consulting, LLC McLean, Va 22102 703 506-0159 703 389-3224 mobile --------------------------------------------------------------------- To unsubscribe, e-mail: iam-discuss-unsubscribe@lists.oasis-open.org For additional commands, e-mail: iam-discuss-help@lists.oasis-open.org |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]