[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [trust-el] Notes for November 13, 2014 call
Minutes for the meeting of the Electronic Identity Credential Trust Elevation Methods (Trust Elevation) Technical Committee
November 13, 2014.
1. Call to Order and Welcome.
2. Roll Call
Attending (please notify me if you attended the meeting but are not on the list below)
Abbie Barbir, Bank of America - y
Andrew Heath - y
Anil Saldhana, Red Hat
Bob Sunday
Brendan Peter, CA
Carl Mattocks, Bofa
Cathy Tilton, Daon - y
Charline Duccans, DHS
Duane DeCouteau
Calvin
Colin Wallis, New Zealand Government - y
Dale Rickards, Verizon Business
David Brossard, Axiomatics
Dazza Greenwood
Debbie Bucci, NIH
Deborah Steckroth, RouteOne LLC
Detlef Huehnlein, Federal Office for Information
Diana Proud-Madruga - y
Diego Matute, Centrify
Don Thibeau, Open Identity Exchange
Doron Cohen, SafeNet
Doron Grinstein, BiTKOO
Gershon Janssen - y
Ilene Bridges
Ivonne Thomas, Hasso Plattner Institute
Jaap Kuipers, Amsterdam
James Clark – Oasis
Jeff Broburg, CA
Jim Macabe (Kaiser)
John Bradley
John "Mike" Davis, Veteran's Affairs
John Walsh, Sypris Electronics
Jonas Hogberg
Julian Hamersley, Adv Micro Devices
Kevin Mangold, NIST
Lucy Lynch ISOC
Marcus Streets, Thales e-Security
Marty Schleiff, The Boeing Company
Mary Ruddy, Identity Commons - y
Massimiliano Masi, Tiani "Spirit" GmbH
Mike Harrop
Mohammad Jafari, ESC -
Peter Alterman, SAFE-BioPharma - y
Peter Jones -
Rainer Hoerbe -
Rebecca Nielsen, Booz Allen Hamilton
Rich Furr
Ronald Perez, Advanced Micro Devices
Scott Fitch Lockeed Martin
Shaheen Abdul Jabbar, JPMorgan Chase Bank, N.A. - y
Shahrokh Shahidzadeh (Intel Corp)
Suzanne Gonzales-Webb, VA
Tony Rutkowski
Tony Nadlin
Thomas Hardjono, M.I.T.
William Barnhill, Booz Allen Hamilton
Adrianne James, VA
Patrick, Axiomatics
Steve Olshansky
70 percent of the voting members were present at the meeting. Abbie declared quorum.
2. Agenda review and approval
We used the following chat room for the call: http://webconf.soaphub.org/conf/room/trust-el
The agenda was approved.
3. Approval of the Minutes
Approval of the minutes was deferred until the next meeting.
4. Next Steps for the Next Deliverable
Abbie said that the last meeting in December and the first January meeting we will cancel. We may have a face to face (F2F) meeting next year. He has a little budget. Is there another event we could combine with in January, February or March? Start thinking about it. If someone can host let us know. The city is dependent on the host. We need a room for 6-10 people. Worst case we will host the meeting in Charlotte, NC. Is that a good plan?
Cathy replied yes, but not the last week in January. Maybe the first week of March, just before or after Spring break.
Peter asked where?
Abbie replied a two day F2F to work on the 4th deliverable. Maybe in NYC or Charlotte or DC.
Peter said he will explore options.
4. Editors Update
Andrew posted the OASIS template with all the material to date to the document section of portal. This includes the current sequence diagram and story, and that is it. They discussed getting some of the flows from the previous week’s presentation so he is looking for direction on where to go next.
Abbie replied that is fair. Send an email to the list and ask for contributions to sections. You can task me with a couple of use cases to submit. Do we consider machine to machine (M2M) setups to be in scope or out of scope?
Mary indicated that yes, it is important because increasingly the first service a human accesses, itself needs to call multiple other services.
Abbie said that is good to know, so let’s note that.
Shaheen said he can come up with use cases, but not real time use cases.
Peter said ping Eve and ask her for a use case.
Abbie asked do we have threats and balances for M2M interactions? Do we need to add that?
Peter said we are excluding M2M encryption. We are talked about M2M auth.
Abbie asked do you have multiple apps on a device and need to access a proxy to talk to a database?
Peter replied I’ve seen that. What I’m asking is one device performing AuthN to another device.
Abbie answered yes, but device to back end server i.e. his app running on this device talking to me.
Shaheen said for the use case of a mobile device with an app and the user using one of the apps, the service needs to know if the request is coming from a verified app action on behalf of the user.
Abbie said the app authenticates to the back end server, usually a container or app. The device has a certificate and talks to the other server.
Peter asked are you presuming signed code?
Abbie replied that could be. The actual request coming …
Peter asked what protocol is expected on the receiving end?
Abbie said make it simple RESTful services.
Peter replied ok. That makes it an easy case.
Abbie commented with the IoT coming, we should at least be thinking of that.
Peter agreed. It is not out of scope. Maybe we should finish deliverable four before addressing the
IoT (Internet of things.)
Peter said this is a real need. He underscored what Mary said. But don’t we need to finish the work on our plate before we expand it?
Abbie agreed. We need to note it. Andrew we need a section for roadmaps for future deliverables, or a parking lot.
Peter said we need to put this on Mary’s plate.
Abbie said we need to have a future work, matrix.
Mary said that makes sense.
Colin said since that is covered in previous deliverables, it is out of scope for the 4th deliverable.
Abbie said increasingly the IoT will be a key issue.
Peter said it is a key environment that all deliverables will have to address.
Cathy asked can we talk about the 1st and 2nd deliverables and something confusing? When I went to the website, there is nothing there. The only place to find these is to go to the document register. Can we put links to the final version on the website so people can find them?
Abbie replied you are right.
Suzanne said that would be good.
Cathy commented it would help her too.
Abbie said it is a mistake. The public page should have a link to what has been delivered. The approved version should be public.
***Action item: Abbie to talk to OASIS on this.
Andrew said the 2nd and 3rd deliverables should be tagged. Somehow, somewhere we need to fix it.
Abbie said he is getting a lot of interest. Our spreadsheets are becoming valuable. Part of the FIDO engagement is that FIDO is really a step up. The actual verification and authentication is a step-up and now there is big demand to come-up with the step-up matrix. Not all devices have the same capabilities. The device could receive a get pin or voiceprint or fingerprint. The trust in any FIDO attestation varies depending on the trust certification and accuracy of the device. So step-up is very important. He gets questions about the documents.
Cathy asked is there a recent presentation on the progress? That would also be useful to have easily available from the home page.
Abbie replied yes, he presented in Belgium a couple of weeks ago. He will post the PPT.
*** Action item: Abbie to post the slides.
6. Adjourn
Abbie asked for a motion to adjourn.
Colin made the motion.
The meeting was adjourned.
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Shaheen Abdul Jabbar (JPMC): joining soon
Gershon Janssen: Joined the call; apologies for being late...
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]