[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Minutes for the second meeting of the Trust Elevation TC, 22 Sep. 2011
Minutes for the second meeting of the Electronic Identity Credential Trust Elevation Methods (Trust Elevation) Technical Committee 22 September, 2011 1. Call to Order and Welcome. 2. Roll Call Attending (please notify me if you attended the meeting but are not on the list below) · Abbie Barbir, Bank of America · Anil Saldhana, Red Hat · Colin Wallis, New Zealand Government · Dale Rickards, Verizon Business · Debbie Bucci, NIH · Don Thibeau, Open Identity Exchange · Ed Coyne, Dept Veterans Affairs · Ivonne Thomas, Hasso Plattner Institute · Jaap Kuipers, Amsterdam · Kevin Mangold, NIST · Peter Alterman, NIST · Mary Ruddy, Identity Commons · Marty Schleiff, The Boeing Company · Massimiliano Masi, Tiani "Spirit" GmbH · Mike Davis Dept Veterans Affairs · Rebecca Nielsen, Booz Allen Hamilton · Scott Fitch Lockeed Martin · Shaheen Abdul Jabbar, JPMorgan Chase Bank, N.A. · Shahrokh Shahidzadeh (Intel Corp) · Thomas Hardjono, M.I.T. We proceed with the following: 3. Review charter and deliverable 4. Discuss document road, identify immediate documents and editors 5. Discuss and formulate funding request for IDTrust Member Section Don wanted to discuss the extent of participation - how to organize ourselves into productive players. He also wanted to suggest some ideas around self organization and get a sense of the resources. Peter indicated he has some ideas in this regard. Peter believes we want to do a baseline of what techniques are out there and some other analytic touch points. The OASIS IDTrust Member Section Steering Committee has some resources to hire a contractor to do some of that work for us. We could vote to send a request for X number of hours to do that work for us. This technical committee is one of a number of technical committees are in that member section. The member section has a steering committee of five. John Sabo is the chair of the Steering Committee. He and Kaliya are also members of the Steering Committee. The member section gets a budget based on the number of TCs and entities participating. We got a budget last year that has a few thousand dollars that could be pointed at that kind of task. He has been in informal discussion about resources to kick start this. He plans to make a motion that this TC make a formal request for 3-5K to hire an analyst. There was a request to use an electronic ballot. There was a request for more background about the motion. Peter explained that this idea had been brought up on the mailing list and in the first meeting. He wants to do this in a way that most companies will not feel threatened. Don elaborated that we want to 1, identify our resource base and 2, make the request for a modest amount of $ from the steering committee so that we can organize for success. We could ask members to bring their organization and resources to bear. One task is to organize a request of the steering committee. The other is for each of us to provide to the broader group any specific research or other resources that could help with the task at hand. Mike commented that it is a good idea to do some baselining. He asked if we are familiar with the Standards and Interoperability framework. When people join they submit a statement of commitment. Some simply monitor, some provide resources. It might be useful if we had a notion of people's intentions. It is ok to be a lurker. He is looking for those folks that are able to provide resources: business background, technical, policy, legal, etc. The key is to identify the resources in the committee. This would identify any gaps, so that funding can be applied in the most efficient way. Don commented that some can help with communications (bloggers or organizations) so please add that category when you self identify. Is there any other OASIS process we need to be mindful of as we self organize in this regard? Someone suggested getting approval for electronic voting and Thomas explained that someone needs to create a motion with very precise text, then indicate the number of days the vote will be open. Don commented that we will be looking for document editors. If you want to self identify early that would aid. Thomas said he is interesting in being an editor of deliverable number 1. His background is with the Kerberos consortium at MIT. He has 20 years experience. A description of the initial deliverable was read from the charter http://www.oasis-open.org/committees/trust-el/charter.php "The initial deliverable is a comprehensive list of methods being used currently to authenticate identities online to the degree necessary to transact business where material amounts of economic value or personally identifiable data are involved. First Public Review Draft to be completed by six months after the first meeting." Peter also volunteered to work on that draft as well. Jaap would like to contribute if someone gives him a stepping stone. Shaheed also offered to help. Mary is also interested. At this point we started using http://webconf.soaphub.org/conf/room/trust-el Mike indicated he is also happy to contribute. It was commented that TC members should have the opportunity to join the initiative at a later date based on reviewing the minutes. Don confirmed that this would be the case. There was a discussion of the appropriate level of detail for the document. Peter recommended that it is best to start from a strawman. So his thinking is to pay someone to do the first cut, then it goes out to all the members to fill in the details. He indicated the Steering Committee had someone in mind who could do the work. Peter made a motion to request the creation of an electronic ballot for 7 days with the following words: The Trust Elevation TC requests resources from the IDTrust Steering Committee to perform a baseline survey to compile a comprehensive list of methods being used currently to authenticate identities online to the degree necessary to transact business where material amounts of economic value or personally identifiable data are involved. It was seconded by Thomas. All those in favor were asked to indicate so in the chat room. Colin made a motion to amend the motion to add "and description". Peter seconded that. Jaap asked if we can refer to a comparable document. In the Netherlands there was a survey of authentication methods. Eve Maler is also dong a note on authentication methods. Peter talked to Eve yesterday and indicated that she has a more particular focus. Ivonne asked if we are considering all the identity assurance frameworks and trust levels Jaap commented that this is about methods, things like OTP. Peter commented that we can put this on the upcoming agenda and can bring this back to the TC, assuming the Steering Committee votes to give us some resources and recommendation on individuals who will be golden pens. He is probably happy to take recommendations on quality candidates. Marty wondered about the size of the resources. Mike asked how can we know how much to ask for until we know a scope? Peter indicated that we will scope this to the budget that is made available. Mike commented that we need to put some constraints on it. They will be searching publically available resources for the project. LOAs are important as a second step, but take that off the table for now. We can constrain it by focusing on identity methods - international in scope - government and private resources. The focus is on customer identity rather than methods used inside an organization. The focus is not primarily credential based. Peter commented that we also need to publish a scope of work after we have resources. Marty said he is starting to think that the people on the call we could do this themselves Peter commented that we are the experts. He wants someone to do a survey or baseline, then we can add stuff and work the document. The external resource is only doing the first draft. We will do the additional subtractions and elaborations until we are satisfied with it. It is easier to have something to work off. Expectations were discussed that the initial draft would be in the 5-30 page range. Then we would expand it substantially to include strengths and weaknesses, etc. Peter commented that any of us who are contractors if we were to get 3-5K, could make phone calls and draft something. Don asked for any negative votes or abstention. Hearing none, the motion carried. Anil provided the link for the OASIS admin request that needs to be submitted to create the ballot request pages: http://www.oasis-open.org/resources/tc-admin-requests Don commented that the first documentation deliverable is more inventory than analysis. The final outcome will depend on the quality of input the initial deliverable receives from this group. We will work though the process with the OASIS Steering Committee and will get back to the group with a detailed agenda for the next call. 6. Close Meeting Peter made a motion to adjourn. It was seconded by Thomas. The meeting adjourned at 11:07 ET. Minutes submitted by Mary Ruddy, Trust Elevation TC Secretary, OASIS -- About 25 minutes into the meeting, we started using the following chat room: http://webconf.soaphub.org/conf/room/trust-el · anonymous morphed into don thibeau oix · abbie barbir (Canada): hi on the chat room and on mute on the call bad · connection with skype · anonymous1 morphed into Shaheen Abdul Jabbar · anonymous morphed into Massimiliano Masi · abbie barbir (Canada): all please mention that we have a chat room · Massimiliano Masi morphed into Massimiliano Masi (Tiani Spirit) · abbie barbir (Canada): great to have tom volunteer · abbie barbir (Canada): we quckly need a scope of the document and a call for · contributions to it · anonymous morphed into Kevin Mangold (NIST) · abbie barbir (Canada): one thing to worry about is how would this relate to · funded work from IDTrust · abbie barbir (Canada): me 2 i will work also · Thomas Hardjono (MIT): Hows this for the test of the motion: Motion to · request the creation of an electronic ballot for 7 days with the following · words: · abbie barbir (Canada): shaheen this is great · Please change your name from 'anonymous2' using the Settings button · Shaheen Abdul Jabbar: happy to give back · anonymous3 morphed into Jaap Kuipers · abbie barbir (Canada): we already have editors · abbie barbir (Canada): we can start moving the work forward · abbie barbir (Canada): our editors are peter, mary , tom and shaheen · Peter Alterman: The Trust Elevation TC requests resources from the IDTrust · Steering Committee to perform a baseline survey to compile a comprehensive · list of methods being used currently to authenticate identities online to · the degree necessary to transact business where material amounts of economic · value or personally identifiable data are involved. · anonymous4 morphed into Rebecca Nielsen · anonymous morphed into Ivonne Thomas · anonymous5 morphed into a Might Morphin` Power Ranger! · anonymous3 morphed into Dale Rickards (VzB) · abbie barbir (Canada): i do second · Jaap Kuipers: i second · abbie barbir (Canada): yes · abbie barbir (Canada): in favour · Kevin Mangold (NIST): in favor · Peter Alterman: yes · anonymous2 (Mary Ruddy): Yes · Rebecca Nielsen: Yes · Shaheen Abdul Jabbar: Yes · Dale Rickards (VzB): yes · Ivonne Thomas: yes · Jaap Kuipers morphed into Jaap Kuipers Amsterdam · Kevin Mangold (NIST): for those listed as anonymous, say your name too so it · can be accurately recorded · Massimiliano Masi (Tiani Spirit): yes · abbie barbir (Canada): need to open the floor for motion discussion before · we vote · abbie barbir (Canada): i did send it to the tc list · anonymous morphed into Ed Coyne · abbie barbir (Canada): i do second the ammended motion · abbie barbir (Canada): well we can define the scope on the list · anonymous morphed into Marty Schleiff · anonymous: Shahrokh Shahidzadeh (Intel Corp): Yes · anonymous morphed into Shahrokh S-Intel · Shahrokh S-Intel: BTW Does such study already exist from other TCs in some · form or shape, · anonymous5 morphed into Ed Coyne · Jaap Kuipers Amsterdam: no loa, authentication tools, protocols, projects?, · vetting, relation to access management, research documents already · available, standards, life examples · Kevin Mangold (NIST) asked for a victim, I choose... anonymous3 · AnilSaldhana(RedHat): I joined the call late, for the roll · AnilSaldhana(RedHat): negative vote only affects perception · AnilSaldhana(RedHat): on the vote. has no major standing if there is quorum · AnilSaldhana(RedHat): will get the link · AnilSaldhana(RedHat): http://www.oasis-open.org/resources/tc-admin-requests · anonymous morphed into Deb Bucci |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]