OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

id-cloud message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: MINUTES OASIS IDCloud TC Meeting 06 February 2012

OASIS IDCloud TC Meeting
06 February 2012, 02:00pm to 03:00pm ET

Scribe: Gershon Janssen

1. Roll Call and Agenda Review

Name              Status
----              ------
Anil Saldhana     Member
David Kern        Member
Gershon Janssen   Member
Matthew Rutkowski Member
Roger Bass        Member
Dominique Nguyen  Member
Cathy Tilton      Member
Rich Furr         Member


8 people joined the meeting.

This meeting quorates.

Member status status changes:

Lost voting rights:

Gained voting rights:

Now: 11 voting members in TC.

2. Approval of Minutes

- 23 Jan 2012 Meeting: 

Dominique Nguyen moves to approve the 23/Jan minutes.  Roger seconds. No
discussion; motion carries.

3. Use Case Document

* Public Review Status

- Matt put forward a request to the TC-admin; hopefully it gets published
this week.
- 15-day review; after the 15-day review, working on received comments, etc.
we can formalize the Use Case document.

- Question: will there be an HTML version available?

- Word version is the proper document; HTML will be created though will not
be the master version.
- referencing from other docs, though, should be the PDF rather than the

4. Gap Analysis Document

- Talks to group through revision 1a of the gap analysis document and
progress made during the informal gap analysis calls.
- Process currently is to perform a coarse gap analysis for all use cases.
First step is to identify standards only / identify relevant standards to
all use cases
- Ask input on the following:

   - list of standards in chapter 2 of the document: split out in available
versions of standards? e.g. oAuth 1.0 oAuth 2.0

   - Split out in various separate parts? e.g. OpenID consists of OpenID
Authentication 2.0 (txt), OpenID Attribute Exchange 1.0 (txt), OpenID
Provider Authentication Policy Extension 1.0 (txt), OpenID 

Authentication 1.1 (txt), OpenID Simple Registration Extension 1.0 (txt) and
Yadis Discovery Protocol (Developed separately from OpenID, though used in

   - Categorization for standards; what normalization to use?

- Breaking it down by versions seems needed; e.g. oAuth 1.1 versus oAuth 2.0
- Also when talking about frameworks of standards, such as OpenID connect,
we need to break it down in order to know what we are talking about.
- About categorization of standards, consider using the already existing use
case categorization.
  o this might be difficult with framework standards such as OpenID Connect

- Trust between standards seems an important topic for us.
- OASIS EICTEM is also looking at this.
- Ask trust elevation TC to explain to us what they know and maybe help us
with some frameworks, etc. for our benefit? Trust levels / definitions /
gaps in with respect to trust; what framework do we analyse 

- AI for Matt: to post document to their list to ask for guidance on trust
frameworks or pointers

- trust elevation TC is at the use case gathering stage.
- currently talking about the 4-levels of trust (NIST definition).
- they were also looking at the ISO version, which is broader than the NIST

- There is a gap in understanding AuthN/AuthZ; any form of clearity is
likely to be invaluable.

- Can we track back to initial submitters / owners of the use cases? Maybe
we can ask them for their first take at the gap analysis to spur the inital

Next meeting on GAP analysis on upcoming Thursday.

5. Conferences

Conferences coming up:
- Gershon going to attend the EIC2012

6. Other Business

No other business.

7. Adjourn

Meeting adjourned.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]