[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Notes from Sep 9 TC call
Minutes for the face-to-face meeting of the Electronic Identity Credential Trust Elevation Methods (Trust Elevation) Technical Committee September 9, 2012 1. Call to Order and Welcome. 2. Roll Call Attending (please notify me if you attended the meeting but are not on the list below)
67 percent of the voting members were present at the meeting. We did have quorum. 2. Agenda review and approval
We used the following chat room for the call: http://webconf.soaphub.org/conf/room/trust-el chat room text is included at the end of the minutes.
Mary asked for additions. There being no additions, the agenda was approved.
3. Approve Minutes
Mary asked the TC approval to approve the minutes from the last meeting.
Gershon moved to approve the minutes.
Cathy seconded the motion to approve the minutes of August 23. There were no objections. The minutes were approved.
The next F2F is confirmed for October 9 in Washington DC. The event will be from 8:30 AM to 5:00 PM. (The official start is 9:00, doors open at 7:30). The location is CA’s new office at 607 14th street (between F and G streets.) Thanks again to CA for hosting.
4. Editors update on Second Deliverable (Analysis phase)
For this call we reviewed a new analysis: Behavior habits – browsing methods, which is now available at https://www.oasis-open.org/apps/org/workgroup/trust-el/documents.php?folder_id=0
Mary walked thru the document.
Mike commented that he viewed privacy invasion as an issue in this particular method.
Mary replied that it could be possible to design this method so that it didn’t collect information that would be valuable outside of the context of the website using the method.
Mike replied that there is huge potential for using the information for marketing purposes and sharing it. There is an incentive to collect information to sell and they are likely to sell it.
Peter considers it offensive and undesirable and widely in use.
Jaap says Forrester summed up some of the packages in a report and addresses some of these things. See Forrester Wave report from February on risk based auth.
Cathy said she is also interested in that.
Mary commented that a few years ago there was a company that claimed it could determine a user’s age cohort by the way the user moused over links.
Shaheen commented that false positives are an issue.
Jaap agreed that the concept is squishy.
Peter commented that he liked the conversation
Shaheen asked do we know what kind of tools can be used to capture this information. From a usability point of view, _javascript_ depends on browser compatibility issues.
Peter commented that we need more research
Mary said she would look for information on specific vendor implementations
Cathy asked a question about the template. There is a question about which party is performing the method. It seems vague. In many protocols there are different components: the person responding to the challenge and the verifier.
Mary replied the original intention was to differentiate between methods implemented by the RP and methods that used a third party. We have repeatedly changed this question as we learn more from performing the sample analyses.
Cathy commented that many of the other methods could be used in multiple configurations. So often, it could be either. Mary replied that we need to continue to evolve this question.
Cathy asked do you mean who is performing the method.
Mary replied yes.
Shaheen asked about his analysis about the context method.
Mary said that it had been discussed in a previous session. She thanked him for being a guinea pig.
Mary asked if there were any more questions. Since there were none, we gave the TC their time back to work on the analyses. For the next call we will review two additional new analyses.
>>>>>>>>>>>>>>>>>> 6. Attendance Update We achieved quorum. 9. Adjournment Mary moved to adjourn. Peter seconded the motion. The meeting was adjourned. >>>>>>>>>>>>>>>>>>>> anonymous morphed into Jaap Kuipers (Id Network) anonymous1 morphed into Cathy Tilton (Daon) anonymous1 morphed into Massimiliano Masi (Tiani Spirit) Mike Davis: The tracking of behavioral and browsing patterns raises potential privacy issues. |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]