[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: 13 May 2013 Meeting Minutes
=================== anonymous morphed into Chris Kappler, PwC Room Information: <place room info (eg call-in #s) here> US Call: (800) 451-8679 CONFERENCE CODE: 6703828003 anonymous morphed into Cathy Tilton (Daon) anonymous: hi anonymous morphed into Dominique Nguyen (Bank of America) AnilSaldhana(RedHat): ================== AnilSaldhana(RedHat): PROPOSED AGENDA 1. Minute taker, Roll Call, Agenda Review 2. Approval of minutes * Draft minutes of 29 April 2013 meeting: https://lists.oasis-open.org/archives/id-cloud/201304/msg00022.html 3. Action item review AI: Gershon and Anil: Work with TC Admin to request handling of the Gap Analysis, PaaS Profile and Outsourcing Profile Documents Public Reviews. -> DONE 4. Gap Analysis Document * Status update Public Review 5. Profile Documents * Status update Public Review * Mobile Identity Profile - Working Draft 1.0a https://www.oasis-open.org/committees/document.php?document_id=49147&wg_abbrev=id-cloud 6. Other Business 7. Adjourn AnilSaldhana(RedHat): ========================== RollCall Company Name ascending Role PricewaterhouseCoopers LLP: Chris Kappler Member Bank of America Dominique Nguyen Member Red Hat Anil Saldhana Chair Daon Cathy Tilton Voting Member Microsoft David Turner Voting Member Quorum: Not achieved. 3 out of 11 voting members (27%) AnilSaldhana(RedHat): No Quorum Achieved. Cathy Tilton (Daon): Cathy assigned as note taker. Cathy Tilton (Daon): Approval of minutes will be deferred till next meeting. Cathy Tilton (Daon): Action items: Gap Analysis doc has gone out for a 30 day PR> Cathy Tilton (Daon): Docs on PAS and outsourcing > TC admin has notified us of formatting issues, so these are being corrected before being sent out for PR. Cathy Tilton (Daon): Gap Analysis doc - no comments have come in yet. Cathy Tilton (Daon): Profile docs - 2 in queue for PR. Cathy Tilton (Daon): New Profile on Mobile Identity - link above. Cathy Tilton (Daon): Content provided by Dominique. Anil has a few things to add. Cathy Tilton (Daon): Dominique describes the doc. Cathy Tilton (Daon): Focused on using the smartphone itself as a 2nd authentication factor. Cathy Tilton (Daon): This is different than others that just address mobile users. Cathy Tilton (Daon): This is a consumer use case with BYOD. Cathy Tilton (Daon): Reference come from NIST 800 series (e.g., 800-145 & 164) Cathy Tilton (Daon): Definitions come from these 2 docs. Cathy Tilton (Daon): Who owns the device, device integrity Cathy Tilton (Daon): User carries smartphone, logs into web app. Normally uses UID/PW, then would use his mobile device (with its unique identity/attributes). Cathy Tilton (Daon): Initiate request with 1st factor. Cathy Tilton (Daon): Cloud service provider then request 2nd factor. Cathy Tilton (Daon): Attributes automatically created by the device and be transparent to the user. Cathy Tilton (Daon): Attributes passed to Cloud SP and matched. Cathy Tilton (Daon): Diagram shows additional steps (more detail). Cathy Tilton (Daon): Mutual auth and secure channel are key components. Cathy Tilton (Daon): Secure connection required during session. Cathy Tilton (Daon): Addresses Use Case 21. Cathy Tilton (Daon): Gap - SAML and OAUTH dependent on external security mechanism and do not mandate mutual auth. Cathy Tilton (Daon): Would want to make this mandatory rather than optional. Cathy Tilton (Daon): PMRM addresses privacy considerations. Cathy Tilton (Daon): Questions for Dominique? Cathy Tilton (Daon): Is user already connected to the financial inst? Yes, then redirected. Cathy Tilton (Daon): No dynamic discovery. Cathy Tilton (Daon): How enforce secure connection? Disallow otherwise. Cathy Tilton (Daon): Require https Cathy Tilton (Daon): Anil planning to add some detail on mobile ID. Will contribute for next draft. Cathy Tilton (Daon): Dominique has iterated on specific device attributes. Cathy Tilton (Daon): Level of detail is sufficient Cathy Tilton (Daon): Can add detail where useful, based on feedback from reviewers. Cathy Tilton (Daon): Can make some attributes optional. Dominique Nguyen (Bank of America): I have to drop - business calls anonymous morphed into Cathy Tilton Cathy Tilton: Greg also to send input to next draft. Cathy Tilton: Roger working on intercloud profile (use case #25) Cathy Tilton: Involved DNS based discovery of entities, which is addressed by the BDX TC. Cathy Tilton: Anil - reference this. Cathy Tilton: Add reference in gap anal to RFCs? Yes. Cathy Tilton: May apply to other use cases as well. Cathy Tilton: Next meeting in 2 weeks. ==================================== *** Action Items *** Chris Kappler to send in information about mobile endpoints to the TC list. |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]