Minutes for the face-to-face meeting of the Electronic Identity Credential Trust Elevation Methods (Trust Elevation) Technical Committee
5 April, 2012.
1. Call to Order and Welcome.
2. Roll Call
Attending (please notify me if you attended the meeting but are not on the list below)
Abbie Barbir, Bank of America - y |
Anil Saldhana, Red Hat Bob Sunday |
Brendan Peter, CA Technologies - y |
Carl Mattocks, Bofa |
Cathy Tilton, Daon - y Charline Duccans, DHS |
Duane DeCouteau |
Colin Wallis, New Zealand Government |
Dale Rickards, Verizon Business - y |
David Brossard, Axiomatics |
Dazza Greenwood |
Debbie Bucci, NIH |
Deborah Steckroth, RouteOne LLC |
Detlef Huehnlein, Federal Office for Information |
Don Thibeau, Open Identity Exchange - y |
Doron Cohen, SafeNet |
Doron Grinstein, BiTKOO |
Ed Coyne, Dept Veterans Affairs - y Gershon Janssenll - y |
Ivonne Thomas, Hasso Plattner Institute |
Jaap Kuipers, Amsterdam |
Jeff Broburg, CA |
John Bradley |
John "Mike" Davis, Veteran's Affairs -y |
John Walsh, Sypris Electronics |
Julian Hamersley, Adv Micro Devices |
Kevin Mangold, NIST - y Lucy Lynch ISOC |
Marcus Streets, Thales e-Security |
Marty Schleiff, The Boeing Company |
Mary Ruddy, Identity Commons - y |
Massimiliano Masi, Tiani "Spirit" GmbH - y |
Nick Pope, Thales e-Security |
Peter Alterman, NIST - y |
Rebecca Nielsen, Booz Allen Hamilton |
Rich Furr, SAFE-BioPharma Assn - y |
Ronald Perez, Advanced Micro Devices |
Scott Fitch Lockeed Martin |
Shaheen Abdul Jabbar, JPMorgan Chase Bank, N.A. - y |
Shahrokh Shahidzadeh (Intel Corp) |
Tony Rutkowski Tony Nadlin, Microsoft Thomas Hardjono, M.I.T. - y |
William Barnhill, Booz Allen Hamilton Antonio, Bofa |
|
77 percent of the voting members were present at the meeting. We did have quorum.
2. Agenda review and approval
We used the following chat room for the call: http://webconf.soaphub.org/conf/room/trust-el chat room text is included at the end of the minutes.
Abbie stated he would like to amend the agenda to discuss the funding for the second stage. The approved support will end at the end of the first deliverable. He strongly recommends that we ask for funding for the second stage. We will need to have analytical and editorial support for the second deliverable. If the TC agrees, he would like to raise a motion for continued support for stage 2 and 3 and ask for the same amount as for stage 1, and also for support for stage 2 F2F meeting. We saved budget by OIX and CA hosting the F2F meetings for stage 1 [Thank you again]. He would like to ask for $5k for F2F support for the second stage of the deliverable.
Abbie made a motion to request money for editorial help and for a face-to-face meeting.
Don seconded enthusiastically because he thinks we have some great momentum in the group, and part of the job is to share what we developed with the larger community, and this is an appropriate time to share this with the broader committee.
Brendan asked what is the total amount of the budget?
Abbie replied 10K for support of the deliverable and 5K for a F2F meeting.
Abbie said we should really plan a workshop in September, maybe in DC. If we don’t have the budget, we won’t have any event.
Abbie asked if there was any discussion. [Silence.]
Abbie asked if there were any objections. [Silence.]
The motion passed.
**action item for Abbie and Don to ask the IDtrust steering committee for further funding of this TC.
Brendan asked the TC to let him know how he can be helpful. These requests go to his colleague. The steering committee would like to have as much specificity as possible.
**Added Brendan to the phase 2 funding action item.
3. Approve Minutes
Abbie made a motion to approve the minutes of March 15.
Gershon seconded the motion.
There were no objections. The motion passed.
Abbie made a motion to approve the minutes for March 22.
Gershon seconded the motion.
There were no objections. The motion approved.
Abbie commented that we are up to date and all minutes are approved.
Abbie commented that he sent a paper to the TC yesterday called Interoperability Guidelines".
It focuses on all kind of technical details for writing specs. Though someone may say this won’t impact us for our second deliverable, it eventually may for deliverable three. If you want to discuss it, add an item to the agenda.
4. Editors update on the first deliverable: a Survey of Methods of Trust Elevation.
Abbie stated that we would like to spend as much time today as possible going over the first deliverable. The idea is that after this meeting, or at most next meeting, we can agree on a ballot to freeze this as a committee draft. The ballot would run for a week. Need to have majority approval. The idea is to quickly move on to stage two.
Version 1.0 of the first deliverable has been posted at http://www.oasis-open.org/apps/org/workgroup/trust-el/documents.php?folder_id=2598
Mary began by discussing the five categories of trust elevation methods that we recognize in the document. The first three are the traditional ‘who you are’, ‘what you know’, and ‘what you have’. To these we have added a category for behavioral habits [now called ‘what you typically do’] to be consistent with ITU-T’s x1254. The fifth category is context.
Next Mary walked thru the various entries in the Trust Elevation Method List, which is about 4 pages long. She differentiated between behavioral biometrics, such as keyboard signature which is based on a person’s physical activity and the “what you typically do” category which includes behavioral habits such as browsing patterns.
Cathy asked a question about where geo location belonged. She noted that earlier on we had put geo location in the Context category. Geo location is also a behavioral habit.
There was a discussion of whether it was ok to list geo location in both the behavioral habits and context categories.
Abbie replied that he thought so. He agreed with the comments and that we need to document more what we mean by context. We may address this more in the second deliverable.
Cathy commented that she thought geo location should be put in one place with a reference to multiple places.
Abbie commented that this is also a possibility.
** action item to address treatment of geo location with editors. This will be handled off line.
Mary continued through the rest of the list, then paused for comments before discussing appendix A, which is 30 pages of method examples.
Cathy said that use of biometrics for trust elevation typically comes in for higher levels.
There was a discussion about whether to include or not include information about the strengths or weakness of biometric methods in the list. Mary commented that editors had been asking her to remove comments on this level from the list as the strengths and weakness of a particular biometric method depend on the use case. She gave the example that Disney rolled out a finger print system to ensure that people didn’t resell unused portions of their multi-day entry tickets, even though finger print recognition had been found to have too many issues to be practical for some other applications. The current approach is to put details about suitability in the method example appendix, so the method list itself can be kept simple.
Next Mary reviewed the list of method examples in the appendix. The method examples are grouped by the five categories plus a hybrid group (which is the largest group) and a credential group. While credentials used as primary authenticators are out of scope for this effort, there are use cases where a credential can be used to elevate trust, as necessary.
Hybrid examples include different systems by which attributes can be leveraged to elevate trust. For example, by using a process that separates the policy enforcement points from the decision points as outlined in the PLOA (Personal Levels of Assurance) method.
Some of the hybrid examples are ways to lower risk, such as by splitting large transactions into multiple smaller transactions. There was a lot of feedback during the drafting about whether to include this type of examples. Some thought this example was commonplace in their industry (financial services), others though this was a new and difficult approach. Trust elevation is about reducing the gap between the current level of trust and the perceived risk level of the session or transaction. There are two ways to reduce this gap. The first is elevating the trust. The second is lowering the risk level of the transaction. So ultimately we decided to include a couple of examples of how to lower risk.
Mary paused for more questions [silence] and then concluded.
The final appendices are ones standard for all OASIS documents such as acknowledgements, dictionary definitions, acronyms, references and revision history.
Mary asked if there were any more questions. [Silence.]
Then she asked if the silence meant this was a good resting point.
Don replied silence is good. I really admire the granularity that you have been able to pull off.
Abbie thanked Mary and the other editors. This is excellent.
Abbie said that we can stop [the first deliverable] at a committee draft. He thinks we need a ballot to get to that status.
There was at least one action item: on geo location. We need to address this before issuing the ballot.
There was a discussion about next steps. It was agreed that the document would be republish after discussing final changes at the next editors call [April 12].
Abbie suggested we approve a ballot to stop at the next version. We will have a ballot, and do it at one week, and stop. He will do ballot when he gets the green light from Mary.
Abbie said we need to plan for the next call and move quickly forward with the analytical stage. He would like to start the call with analysis of the use cases elevation trust.
He would like to have a volunteer to jump start the next phase.
Don said that one of the things that might be of general interest is to hear an update from leadership in the United Kingdom on the deployment of their online identity system. It is part of their move to take their existing welfare and benefit systems on line. This will take trust elevation to a high level and scale. We should get a briefing from them.
Abbie ask Don to arrange a session.
Don replied that he is happy to do so. His goal will be to have a presentation from a couple of leaders of that program. The more technical we can go, the better,
Abbie said he is also hoping that the editors of the first deliverable will want to continue. If they object, they should let him know.
It was asked if the UK guys have a paper on this.
Don replied that he will see if can send links. The UK is now in procurement mode, so much information is from the government.
Abbie said that at some point we should also arrange for the UK universal postal service to present.
Don replied that yes, one piece of this procurement is from the UK postal authorities – a trust elevation in person proofing process. What they have is a pure example of where the output of the TC will go. They want secure electronic mail, where they can issue a subpoena by sending a secure email; a system that is universal, but privacy protecting, with some means to provide for anonymity. They really have a lot of road map going forward.
Abbie commented so we made good progress.
**Action item to have a ballot to approve the document as a committee draft after the final changes are made.
5. Attendance Update
We achieved quorum.
6. Adjournment
Abbie asked for a motion to conclude.
Gershon moved to adjourn.
Brendan seconded the motion.
There were no objections. The meeting was adjourned.
>>>>>>>>>>>>>>>>>>>>>>>>
abbie: 1. roll call
2. agenda approval
3. approve minutes
4. editors update
6. roll call
7. conclude
anonymous morphed into Mike Davis
Don Thibeau Open Identity Exchange : http://digital.cabinetoffice.gov.uk/category/id-assurance/
Don Thibeau Open Identity Exchange : sorry to send that link without context
Don Thibeau Open Identity Exchange : I thought it might be of interest to the TC to pint out a "nation-wide" trust elevation deployment. Her Majesty's Government's PWB procurement promises the first nation-wide deployment of an internet ecosystem composed of identity attribute exchange, trust elevation and citizen/user experience in the context of a open trust framework. It is an important test of the value proposition of a "trust mark" in the context of usability and citizen engagement. The UK experience may well inform relying party best practices worldwide.
Thomas Hardjono (MIT): Don, is there a paper related to the UK proposal?
Peter Alterman: I'm interested in working on the analytic round but it's best if I'm not lead.
Don Thibeau Open Identity Exchange : there are several official procurement related papers
Don Thibeau Open Identity Exchange : My action item is to explore a briefing for the TC direct from the UK Cabinet office POC David Rennie for our next meeting