OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

id-cloud message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: 13 May 2013 Meeting Minutes

===================
anonymous morphed into Chris Kappler, PwC
Room Information:
<place room info (eg call-in #s) here>
US Call:  (800) 451-8679 
CONFERENCE CODE: 6703828003
anonymous morphed into Cathy Tilton (Daon)
anonymous: hi
anonymous morphed into Dominique Nguyen (Bank of America)
AnilSaldhana(RedHat): ==================
AnilSaldhana(RedHat): PROPOSED AGENDA
 
1. Minute taker, Roll Call, Agenda Review
 
2. Approval of minutes
* Draft minutes of 29 April 2013 meeting:
https://lists.oasis-open.org/archives/id-cloud/201304/msg00022.html
 
3. Action item review
AI: Gershon and Anil: Work with TC Admin to request handling of the Gap Analysis, PaaS Profile and Outsourcing Profile Documents Public Reviews.
-> DONE
 
4. Gap Analysis Document
* Status update Public Review
 
5. Profile Documents
* Status update Public Review
* Mobile Identity Profile - Working Draft 1.0a
https://www.oasis-open.org/committees/document.php?document_id=49147&wg_abbrev=id-cloud
 
6. Other Business
 
7. Adjourn
AnilSaldhana(RedHat): ==========================

RollCall
Company 	Name ascending 	Role
PricewaterhouseCoopers LLP: 	Chris Kappler 	Member
Bank of America 	Dominique Nguyen 	Member
Red Hat 	Anil Saldhana 	Chair
Daon 	Cathy Tilton 	Voting Member
Microsoft 	David Turner 	Voting Member 

Quorum: Not achieved. 3 out of 11 voting members (27%)


AnilSaldhana(RedHat): No Quorum Achieved.
Cathy Tilton (Daon): Cathy assigned as note taker.
Cathy Tilton (Daon): Approval of minutes will be deferred till next meeting.
Cathy Tilton (Daon): Action items:  Gap Analysis doc has gone out for a 30 day PR>
Cathy Tilton (Daon): Docs on PAS and outsourcing > TC admin has notified us of formatting issues, so these are being corrected before being sent out for PR.
Cathy Tilton (Daon): Gap Analysis doc - no comments have come in yet.
Cathy Tilton (Daon): Profile docs - 2 in queue for PR.
Cathy Tilton (Daon): New Profile on Mobile Identity - link above.
Cathy Tilton (Daon): Content provided by Dominique.  Anil has a few things to add.
Cathy Tilton (Daon): Dominique describes the doc.
Cathy Tilton (Daon): Focused on using the smartphone itself as a 2nd authentication factor.
Cathy Tilton (Daon): This is different than others that just address mobile users.
Cathy Tilton (Daon): This is a consumer use case with BYOD.
Cathy Tilton (Daon): Reference come from NIST 800 series (e.g., 800-145 & 164)
Cathy Tilton (Daon): Definitions come from these 2 docs.
Cathy Tilton (Daon): Who owns the device, device integrity
Cathy Tilton (Daon): User carries smartphone, logs into web app.  Normally uses UID/PW, then would use his mobile device (with its unique identity/attributes).
Cathy Tilton (Daon): Initiate request with 1st factor.
Cathy Tilton (Daon): Cloud service provider then request 2nd factor.
Cathy Tilton (Daon): Attributes automatically created by the device and be transparent to the user.
Cathy Tilton (Daon): Attributes passed to Cloud SP and matched.
Cathy Tilton (Daon): Diagram shows additional steps (more detail).
Cathy Tilton (Daon): Mutual auth and secure channel are key components.
Cathy Tilton (Daon): Secure connection required during session.
Cathy Tilton (Daon): Addresses Use Case 21.
Cathy Tilton (Daon): Gap - SAML and OAUTH dependent on external security mechanism and do not mandate mutual auth.
Cathy Tilton (Daon): Would want to make this mandatory rather than optional.
Cathy Tilton (Daon): PMRM addresses privacy considerations.
Cathy Tilton (Daon): Questions for Dominique?
Cathy Tilton (Daon): Is user already connected to the financial inst?  Yes, then redirected.
Cathy Tilton (Daon): No dynamic discovery.
Cathy Tilton (Daon): How enforce secure connection?  Disallow otherwise.
Cathy Tilton (Daon): Require https
Cathy Tilton (Daon): Anil planning to add some detail on mobile ID. Will contribute for next draft.
Cathy Tilton (Daon): Dominique has iterated on specific device attributes.
Cathy Tilton (Daon): Level of detail is sufficient
Cathy Tilton (Daon): Can add detail where useful, based on feedback from reviewers.
Cathy Tilton (Daon): Can make some attributes optional.
Dominique Nguyen (Bank of America): I have to drop - business calls
anonymous morphed into Cathy Tilton
Cathy Tilton: Greg also to send input to next draft.
Cathy Tilton: Roger working on intercloud profile (use case #25)
Cathy Tilton: Involved DNS based discovery of entities, which is addressed by the BDX TC.
Cathy Tilton: Anil - reference this.
Cathy Tilton: Add reference in gap anal to RFCs?  Yes.
Cathy Tilton: May apply to other use cases as well.
Cathy Tilton: Next meeting in 2 weeks.
====================================


*** Action Items ***

Chris Kappler to send in information about mobile endpoints to the TC list.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]