[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Notes for November 13, 2014 call
Minutes for the meeting of the Electronic Identity Credential Trust Elevation Methods (Trust Elevation) Technical Committee November 13, 2014. 1. Call to Order and Welcome. 2. Roll Call Attending (please notify me if you attended the meeting but are not on the list below) Abbie Barbir, Bank of America - y Andrew Heath - y Anil Saldhana, Red Hat Bob Sunday Brendan Peter, CA Carl Mattocks, Bofa Cathy Tilton, Daon - y Charline Duccans, DHS Duane DeCouteau Calvin Colin Wallis, New Zealand Government - y Dale Rickards, Verizon Business David Brossard, Axiomatics Dazza Greenwood Debbie Bucci, NIH Deborah Steckroth, RouteOne LLC Detlef Huehnlein, Federal Office for Information Diana Proud-Madruga - y Diego Matute, Centrify Don Thibeau, Open Identity Exchange Doron Cohen, SafeNet Doron Grinstein, BiTKOO Gershon Janssen - y Ilene Bridges Ivonne Thomas, Hasso Plattner Institute Jaap Kuipers, Amsterdam James Clark – Oasis Jeff Broburg, CA Jim Macabe (Kaiser) John Bradley John "Mike" Davis, Veteran's Affairs John Walsh, Sypris Electronics Jonas Hogberg Julian Hamersley, Adv Micro Devices Kevin Mangold, NIST Lucy Lynch ISOC Marcus Streets, Thales e-Security Marty Schleiff, The Boeing Company Mary Ruddy, Identity Commons - y Massimiliano Masi, Tiani "Spirit" GmbH Mike Harrop Mohammad Jafari, ESC - Peter Alterman, SAFE-BioPharma - y Peter Jones - Rainer Hoerbe - Rebecca Nielsen, Booz Allen Hamilton Rich Furr Ronald Perez, Advanced Micro Devices Scott Fitch Lockeed Martin Shaheen Abdul Jabbar, JPMorgan Chase Bank, N.A. - y Shahrokh Shahidzadeh (Intel Corp) Suzanne Gonzales-Webb, VA Tony Rutkowski Tony Nadlin Thomas Hardjono, M.I.T. William Barnhill, Booz Allen Hamilton Adrianne James, VA Patrick, Axiomatics Steve Olshansky 70 percent of the voting members were present at the meeting. Abbie declared quorum. 2. Agenda review and approval We used the following chat room for the call: http://webconf.soaphub.org/conf/room/trust-el The agenda was approved. 3. Approval of the Minutes Approval of the minutes was deferred until the next meeting. 4. Next Steps for the Next Deliverable Abbie said that the last meeting in December and the first January meeting we will cancel. We may have a face to face (F2F) meeting next year. He has a little budget. Is there another event we could combine with in January, February or March? Start thinking about it. If someone can host let us know. The city is dependent on the host. We need a room for 6-10 people. Worst case we will host the meeting in Charlotte, NC. Is that a good plan? Cathy replied yes, but not the last week in January. Maybe the first week of March, just before or after Spring break. Peter asked where? Abbie replied a two day F2F to work on the 4th deliverable. Maybe in NYC or Charlotte or DC. Peter said he will explore options. 4. Editors Update Andrew posted the OASIS template with all the material to date to the document section of portal. This includes the current sequence diagram and story, and that is it. They discussed getting some of the flows from the previous week’s presentation so he is looking for direction on where to go next. Abbie replied that is fair. Send an email to the list and ask for contributions to sections. You can task me with a couple of use cases to submit. Do we consider machine to machine (M2M) setups to be in scope or out of scope? Mary indicated that yes, it is important because increasingly the first service a human accesses, itself needs to call multiple other services. Abbie said that is good to know, so let’s note that. Shaheen said he can come up with use cases, but not real time use cases. Peter said ping Eve and ask her for a use case. Abbie asked do we have threats and balances for M2M interactions? Do we need to add that? Peter said we are excluding M2M encryption. We are talked about M2M auth. Abbie asked do you have multiple apps on a device and need to access a proxy to talk to a database? Peter replied I’ve seen that. What I’m asking is one device performing AuthN to another device. Abbie answered yes, but device to back end server i.e. his app running on this device talking to me. Shaheen said for the use case of a mobile device with an app and the user using one of the apps, the service needs to know if the request is coming from a verified app action on behalf of the user. Abbie said the app authenticates to the back end server, usually a container or app. The device has a certificate and talks to the other server. Peter asked are you presuming signed code? Abbie replied that could be. The actual request coming … Peter asked what protocol is expected on the receiving end? Abbie said make it simple RESTful services. Peter replied ok. That makes it an easy case. Abbie commented with the IoT coming, we should at least be thinking of that. Peter agreed. It is not out of scope. Maybe we should finish deliverable four before addressing the IoT (Internet of things.) Peter said this is a real need. He underscored what Mary said. But don’t we need to finish the work on our plate before we expand it? Abbie agreed. We need to note it. Andrew we need a section for roadmaps for future deliverables, or a parking lot. Peter said we need to put this on Mary’s plate. Abbie said we need to have a future work, matrix. Mary said that makes sense. Colin said since that is covered in previous deliverables, it is out of scope for the 4th deliverable. Abbie said increasingly the IoT will be a key issue. Peter said it is a key environment that all deliverables will have to address. Cathy asked can we talk about the 1st and 2nd deliverables and something confusing? When I went to the website, there is nothing there. The only place to find these is to go to the document register. Can we put links to the final version on the website so people can find them? Abbie replied you are right. Suzanne said that would be good. Cathy commented it would help her too. Abbie said it is a mistake. The public page should have a link to what has been delivered. The approved version should be public. ***Action item: Abbie to talk to OASIS on this. Andrew said the 2nd and 3rd deliverables should be tagged. Somehow, somewhere we need to fix it. Abbie said he is getting a lot of interest. Our spreadsheets are becoming valuable. Part of the FIDO engagement is that FIDO is really a step up. The actual verification and authentication is a step-up and now there is big demand to come-up with the step-up matrix. Not all devices have the same capabilities. The device could receive a get pin or voiceprint or fingerprint. The trust in any FIDO attestation varies depending on the trust certification and accuracy of the device. So step-up is very important. He gets questions about the documents. Cathy asked is there a recent presentation on the progress? That would also be useful to have easily available from the home page. Abbie replied yes, he presented in Belgium a couple of weeks ago. He will post the PPT. *** Action item: Abbie to post the slides. 6. Adjourn Abbie asked for a motion to adjourn. Colin made the motion. The meeting was adjourned. >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Shaheen Abdul Jabbar (JPMC): joining soon Gershon Janssen: Joined the call; apologies for being late... |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]