Minutes for the second meeting of the Trust Elevation TC, 22 Sep. 2011

["Mary Ruddy" <mary@meristic.com>]

Minutes for the second meeting of the Electronic Identity Credential Trust

Elevation Methods (Trust Elevation) Technical Committee

22 September, 2011

 

1. Call to Order and Welcome.

 

2. Roll Call

Attending (please notify me if you attended the meeting but are not on the

list below)

·         Abbie Barbir, Bank of America

·         Anil Saldhana, Red Hat

·         Colin Wallis, New Zealand Government

·         Dale Rickards, Verizon Business

·         Debbie Bucci, NIH

·         Don Thibeau, Open Identity Exchange

·         Ed Coyne, Dept Veterans Affairs

·         Ivonne Thomas, Hasso Plattner Institute

·         Jaap Kuipers, Amsterdam

·         Kevin Mangold, NIST

·         Peter Alterman, NIST

·         Mary Ruddy, Identity Commons

·         Marty Schleiff, The Boeing Company

·         Massimiliano Masi, Tiani "Spirit" GmbH

·         Mike Davis Dept Veterans Affairs

·         Rebecca Nielsen, Booz Allen Hamilton

·         Scott Fitch Lockeed Martin

·         Shaheen Abdul Jabbar, JPMorgan Chase Bank, N.A.

·         Shahrokh Shahidzadeh (Intel Corp)

·         Thomas Hardjono, M.I.T.

 

We proceed with the following:

3.  Review charter and deliverable

4.  Discuss document road, identify immediate documents and editors

5.  Discuss and formulate funding request for IDTrust Member Section

 

Don wanted to discuss the extent of participation - how to organize

ourselves into productive players.  He also wanted to suggest some ideas

around self organization and get a sense of the resources.

 

Peter indicated he has some ideas in this regard.

Peter believes we want to do a baseline of what techniques are out there and

some other analytic touch points.  The OASIS IDTrust Member Section Steering

Committee has some resources to hire a contractor to do some of that work

for us.  We could vote to send a request for X number of hours to do that

work for us.  This technical committee is one of a number of technical

committees are in that member section. The member section has a steering

committee of five. John Sabo is the chair of the Steering Committee.  He and

Kaliya are also members of the Steering Committee.  The member section gets

a budget based on the number of TCs and entities participating.  We got a

budget last year that has a few thousand dollars that could be pointed at

that kind of task.  He has been in informal discussion about resources to

kick start this.  He plans to make a motion that this TC make a formal

request for 3-5K to hire an analyst.

 

There was a request to use an electronic ballot.

 

There was a request for more background about the motion.

 

Peter explained that this idea had been brought up on the mailing list and

in the first meeting.  He wants to do this in a way that most companies will

not feel threatened.

 

Don elaborated that we want to 1, identify our resource base and 2, make the

request for a modest amount of $ from the steering committee so that we can

organize for success.

We could ask members to bring their organization and resources to bear.  One

task is to organize a request of the steering committee.  The other is for

each of us to provide to the broader group any specific research or other

resources that could help with the task at hand.

 

Mike commented that it is a good idea to do some baselining.  He asked if we

are familiar with the Standards and Interoperability framework.  When people

join they submit a statement of commitment.  Some simply monitor, some

provide resources.  It might be useful if we had a notion of people's

intentions.  It is ok to be a lurker.  He is looking for those folks that

are able to provide resources: business background, technical, policy,

legal, etc.  The key is to identify the resources in the committee. This

would identify any gaps, so that funding can be applied in the most

efficient way.

 

Don commented that some can help with communications (bloggers or

organizations) so please add that category when you self identify.

 

Is there any other OASIS process we need to be mindful of as we self

organize in this regard?  Someone suggested getting approval for electronic

voting and Thomas explained that someone needs to create a motion with very

precise text, then indicate the number of days the vote will be open.

 

Don commented that we will be looking for document editors.  If you want to

self identify early that would aid.

 

Thomas said he is interesting in being an editor of deliverable number 1.

His background is with the Kerberos consortium at MIT.  He has 20 years

experience.

 

A description of the initial deliverable was read from the charter

http://www.oasis-open.org/committees/trust-el/charter.php

 

"The initial deliverable is a comprehensive list of methods being used

currently to authenticate identities online to the degree necessary to

transact business where material amounts of economic value or personally

identifiable data are involved. First Public Review Draft to be completed by

six months after the first meeting."

 

Peter also volunteered to work on that draft as well.

Jaap would like to contribute if someone gives him a stepping stone.

Shaheed also offered to help.

Mary is also interested.

 

At this point we started using http://webconf.soaphub.org/conf/room/trust-el

 

Mike indicated he is also happy to contribute.

 

It was commented that TC members should have the opportunity to join the

initiative at a later date based on reviewing the minutes.

 

Don confirmed that this would be the case.

 

There was a discussion of the appropriate level of detail for the document.

Peter recommended that it is best to start from a strawman.  So his thinking

is to pay someone to do the first cut, then it goes out to all the members

to fill in the details.  He indicated the Steering Committee had someone in

mind who could do the work. 

 

Peter made a motion to request the creation of an electronic ballot for 7

days with the following words:

 

The Trust Elevation TC requests resources from the IDTrust Steering

Committee to perform a baseline survey to compile a comprehensive list of

methods being used currently to authenticate identities online to the degree

necessary to transact business where material amounts of economic value or

personally identifiable data are involved.

 

It was seconded by Thomas.

 

All those in favor were asked to indicate so in the chat room.

 

Colin made a motion to amend the motion to add "and description".

 

Peter seconded that.

 

Jaap asked if we can refer to a comparable document.  In the Netherlands

there was a survey of authentication methods. Eve Maler is also dong a note

on authentication methods.

 

Peter talked to Eve yesterday and indicated that she has a more particular

focus.

 

Ivonne asked if we are considering all the identity assurance frameworks and

trust levels

 

Jaap commented that this is about methods, things like OTP.

 

Peter commented that we can put this on the upcoming agenda and can bring

this back to the TC, assuming the Steering Committee votes to give us some

resources and recommendation on individuals who will be golden pens.  He is

probably happy to take recommendations on quality candidates.

 

Marty wondered about the size of the resources.

 

Mike asked how can we know how much to ask for until we know a scope?  Peter

indicated that we will scope this to the budget that is made available.

 

Mike commented that we need to put some constraints on it.  They will be

searching publically available resources for the project.

 

LOAs are important as a second step, but take that off the table for now.

We can constrain it by focusing on identity methods - international in scope

- government and private resources.  The focus is on customer identity

rather than methods used inside an organization. The focus is not primarily

credential based.

 

Peter commented that we also need to publish a scope of work after we have

resources.

 

Marty said he is starting to think that the people on the call we could do

this themselves

 

Peter commented that we are the experts.  He wants someone to do a survey or

baseline, then we can add stuff and work the document.  The external

resource is only doing the first draft. We will do the additional

subtractions and elaborations until we are satisfied with it.  It is easier

to have something to work off.

 

Expectations were discussed that the initial draft would be in the 5-30 page

range. Then we would expand it substantially to include strengths and

weaknesses, etc.  Peter commented that any of us who are contractors if we

were to get 3-5K, could make phone calls and draft something.

 

Don asked for any negative votes or abstention.  Hearing none, the motion

carried.

 

Anil provided the link for the OASIS admin request that needs to be

submitted to create the ballot request pages:

http://www.oasis-open.org/resources/tc-admin-requests

 

Don commented that the first documentation deliverable is more inventory

than analysis.  The final outcome will depend on the quality of input the

initial deliverable receives from this group.

 

We will work though the process with the OASIS Steering Committee and will

get back to the group with a detailed agenda for the next call.

 

6. Close Meeting

Peter made a motion to adjourn.

It was seconded by Thomas.

 

The meeting adjourned at 11:07 ET.

 

Minutes submitted by Mary Ruddy, Trust Elevation TC Secretary, OASIS

 

--

About 25 minutes into the meeting, we started using the following chat room:

http://webconf.soaphub.org/conf/room/trust-el

 

·         anonymous morphed into don thibeau oix

·         abbie barbir (Canada): hi on the chat room and on mute on the call bad

·         connection with skype

·         anonymous1 morphed into Shaheen Abdul Jabbar

·         anonymous morphed into Massimiliano Masi

·         abbie barbir (Canada): all please mention that we have a chat room

·         Massimiliano Masi morphed into Massimiliano Masi (Tiani Spirit)

·         abbie barbir (Canada): great to have tom volunteer

·         abbie barbir (Canada): we quckly need a scope of the document and a call for

·         contributions to it

·         anonymous morphed into Kevin Mangold (NIST)

·         abbie barbir (Canada): one thing to worry about is how would this relate to

·         funded work from IDTrust

·         abbie barbir (Canada): me 2 i will work also

·         Thomas Hardjono (MIT): Hows this for the test of the motion:  Motion to

·         request the creation of an electronic ballot for 7 days with the following

·         words:

·         abbie barbir (Canada): shaheen this is great

·         Please change your name from 'anonymous2' using the Settings button

·         Shaheen Abdul Jabbar: happy to give back

·         anonymous3 morphed into Jaap Kuipers

·         abbie barbir (Canada): we already have editors

·         abbie barbir (Canada): we can start moving the work forward

·         abbie barbir (Canada): our editors are peter, mary , tom and shaheen

·         Peter Alterman: The Trust Elevation TC requests resources from the IDTrust

·         Steering Committee to perform a baseline survey to compile a comprehensive

·         list of methods being used currently to authenticate identities online to

·         the degree necessary to transact business where material amounts of economic

·         value or personally identifiable data are involved.

·         anonymous4 morphed into Rebecca Nielsen

·         anonymous morphed into Ivonne Thomas

·         anonymous5 morphed into a Might Morphin` Power Ranger!

·         anonymous3 morphed into Dale Rickards (VzB)

·         abbie barbir (Canada): i do second

·         Jaap Kuipers: i second

·         abbie barbir (Canada): yes

·         abbie barbir (Canada): in favour

·         Kevin Mangold (NIST): in favor

·         Peter Alterman: yes

·         anonymous2 (Mary Ruddy): Yes

·         Rebecca Nielsen: Yes

·         Shaheen Abdul Jabbar: Yes

·         Dale Rickards (VzB): yes

·         Ivonne Thomas: yes

·         Jaap Kuipers morphed into Jaap Kuipers Amsterdam

·         Kevin Mangold (NIST): for those listed as anonymous, say your name too so it

·         can be accurately recorded 

·         Massimiliano Masi (Tiani Spirit): yes

·         abbie barbir (Canada): need to open the floor for motion discussion before

·         we vote

·         abbie barbir (Canada): i did send it to the tc list

·         anonymous morphed into Ed Coyne

·         abbie barbir (Canada): i do second the ammended motion

·         abbie barbir (Canada): well we can define the scope on the list

·         anonymous morphed into Marty Schleiff

·         anonymous: Shahrokh Shahidzadeh (Intel Corp): Yes

·         anonymous morphed into Shahrokh S-Intel

·         Shahrokh S-Intel: BTW Does such study already exist from other TCs in some

·         form or shape,

·         anonymous5 morphed into Ed Coyne

·         Jaap Kuipers Amsterdam: no loa, authentication tools, protocols, projects?,

·         vetting, relation to access management, research documents already

·         available, standards, life examples

·         Kevin Mangold (NIST) asked for a victim, I choose... anonymous3

·         AnilSaldhana(RedHat): I joined the call late, for the roll

·         AnilSaldhana(RedHat): negative vote only affects perception

·         AnilSaldhana(RedHat): on the vote. has no major standing if there is quorum

·         AnilSaldhana(RedHat): will get the link

·         AnilSaldhana(RedHat): http://www.oasis-open.org/resources/tc-admin-requests

·         anonymous morphed into Deb Bucci