Minutes for the meeting of the Electronic Identity Credential Trust Elevation Methods (Trust Elevation) Technical Committee
October 5, 2012
1. Call to Order and Welcome.
2. Roll Call
Attending (please notify me if you attended the meeting but are not on the list below)
Abbie Barbir, Bank of America - y |
Anil Saldhana, Red Hat Bob Sunday |
Brendan Peter, CA - y |
Carl Mattocks, Bofa |
Cathy Tilton, Daon - y Charline Duccans, DHS |
Duane DeCouteau |
Colin Wallis, New Zealand Government |
Dale Rickards, Verizon Business |
David Brossard, Axiomatics |
Dazza Greenwood |
Debbie Bucci, NIH |
Deborah Steckroth, RouteOne LLC |
Detlef Huehnlein, Federal Office for Information |
Don Thibeau, Open Identity Exchange |
Doron Cohen, SafeNet |
Doron Grinstein, BiTKOO Gershon Janssen - y |
Ivonne Thomas, Hasso Plattner Institute |
Jaap Kuipers, Amsterdam |
Jeff Broburg, CA |
John Bradley |
John "Mike" Davis, Veteran's Affairs |
John Walsh, Sypris Electronics |
Jonas Hogberg |
Julian Hamersley, Adv Micro Devices |
Kevin Mangold, NIST - y Lucy Lynch ISOC |
Marcus Streets, Thales e-Security |
Marty Schleiff, The Boeing Company |
Mary Ruddy, Identity Commons – y |
Massimiliano Masi, Tiani "Spirit" GmbH |
Nick Pope, Thales e-Security |
Peter Alterman, SAFE-BioPharma, - y Rainer Hoerbe |
Rebecca Nielsen, Booz Allen Hamilton - y |
Rich Furr, SAFE-BioPharma Assn |
Ronald Perez, Advanced Micro Devices |
Scott Fitch Lockeed Martin |
Shaheen Abdul Jabbar, JPMorgan Chase Bank, N.A. |
Shahrokh Shahidzadeh (Intel Corp) - y |
Suzanne Gonzales-Webb, VA – y Tony Rutkowski Tony Nadlin Thomas Hardjono, M.I.T. |
William Barnhill, Booz Allen Hamilton |
|
60 percent of the voting members were present at the meeting. We did have quorum.
2. Agenda review and approval
We used the following chat room for the call: http://webconf.soaphub.org/conf/room/trust-el chat room text is included at the end of the minutes.
Abbie asked for additions to the agenda.
Brendan made a motion to discuss the F2F.
Mary seconded it. There were no objections.
Mary confirmed the next face-to-face (F2F) meeting is set for October 9 in Washington DC.
The event will be from 8:30 AM to 5:00 PM. (The official start is 9:00, doors open at 7:30).
The location is CA’s new office at 607 14th street (between F and G streets.)
Abbie thanked CA again for offering to host. We will use the BofA call bridge.
Brendan asked to let him know if you need WiFi. CA is providing refreshments. We will go out for lunch.
3. Approve Minutes
Abbie asked the TC to approve the minutes from the last meeting of September 20.
He asked if there were any objections. There being no objections, the minutes were approved.
4. Editors update on Second Deliverable (Analysis phase)
Mary explained that the purpose of the F2F event is to review the phase two method analyses and also to begin discussion of how to structure phase 3. Mary suggested that even if we don’t finish with phase 2 during the meeting, it is important to spend some of the session discussing how best to begin Phase 3.
The first deliverable has been re-pulled into the latest OASIS template. There were no material changes. We need to vote to have a ballot to approve the reformatted version as the final version of our committee note.
Abbie asked to make a motion to have a ballot as required by OASIS.
Gershon so moved.
Suzanne seconded the motion.
The motion passed.
Abbie asked what other methods assigned still need to be assigned for analysis.
Mary reviewed the list and will email the list about items that still need to be analyzed. Today Abbie and Cathy are going to review more method analyses.
Abbie explained that he will review the password and OTP methods. Passwords have many vulnerabilities. Lots of users use keyboard patterns [to select their passwords] that are very easy to crack… Users can be tricked into disclosing their passwords. There are end user and technical vulnerabilities. The examples provided summarize a snapshot of what threats we need to correct. We may need to further solidify some of these. This is left for the editors
Cathy suggested that on the usability issues we need to consider forgetting passwords.
Abbie replied yes, we should mention that.
Cathy said that is the biggest usability issue.
Abbie asked if there were any questions.
Abbie mentioned Peter’s table [at the bottom of the analysis.] We can discuss this at the F2F. The next method is the OTP. This one took longer than passwords. For OTP, he gave the definition starting from the password definition. He split OTP into 3 categories. One is time synchronization… Abbie continued reviewing the document. He isn’t sure how usable this method is. It is inconvenient. Abbie asked for questions.
Shahrokh commented that the analysis doesn’t make it clear that OTP is not a standalone method, it is add on. For example: here is OTP and it needs five other things to give us the trust we want.
Abbie replied I like where you are going with this. Can I just go to a site and just use OTP? OTP in combination with other factors could get you entry. This can be used in combination with other stuff. We are moving towards providing continuous authentication.
Shahrokh said you classify session key as a type of OTP. If you create a session key in combination with other things, is session key classified as automated OTP?
Abbie replied if your question is, is session key sufficient, Abbie says no. A session key is only generated after you are approved for session creation.
Shahrokh replied ok good. I will send you a draft diagram. It is like a maze.
Abbie replied this would be contributed to the TC, he hopes.
Shahrokh replied yes.
Mary introduced Cathy, who will discuss the analysis of physical biometrics.
Cathy started with an ISO standard definition and provided some examples. The strength of function of a biometric is proportional to the threshold. The main advantage is that it links an auth event to a specific human, so it can potentially provide higher levels of non repudiation and auditing. With biometrics there are lots of different ways to implement where it is stored or matched. You also need to take into consideration sensor attacks. In general convenience is high, but for some modalities there is some finite part of the population for which there will be failure.
How to address eavesdropping depends on where you are storing the data. If you match on a card locally, it does address eavesdropping. There are a lot of things that are implementation specific. It is possibly to guess a biometric, but it is harder because of the size. Replay is not directly addressed unless used in conjunction with nonces, etc. For man-in-the-middle, there is a similar answer. Does the method address spoofing? It depends on if liveliness countermeasures are employed. She identified several things that could improve trust. These are not requirements. Concerning privacy and confidentially, biometrics are generally considered PII. So you need to use precautions. Usability depends on modality. You do need exception handling conditions for people who are unable to enroll. In NIST 800-63 there isn’t a place for biometrics for levels 1 and 2. It does bring them in for 3 or 4 as additional factors.
***Mary took an action item to post the remaining analysis items to the list.
Abbie said that for the meeting after the F2F, there is a new startup, CyberCore, that has a nice way of doing trust-el, and he would like to give them 15-20 minutes to present their solutions. Part of the third deliverable could be a slight mod to SAML. Trust is implied at the policy level. It is one of the options we should look at for the third deliverable. So if no objections, we will give them the option to present.
5. Attendance Update
We achieved quorum.
6. Adjournment
Mary asked for a motion to adjourn.
Gershon moved to adjourn.
Shahrokh seconded the motion.
Abbie really thanked the TC for their work. The first method analysis is being used internally [at BofA] and they loved the work, so he really congratulates us. We are documenting a lot of things we take for grant, but there is a lot of education still needed.
The meeting was adjourned.
>>>>>>>>>>>>>>>>>>>>
anonymous morphed into Cathy Tilton (Daon)
abbie1: roll call
abbie1: agenda review
abbie1: editor update
abbie1: abbie and cathy
abbie1: presentation
abbie1: roll call
abbie1: adjourn
abbie1: agenda modification discuss f2f from brendon
anonymous morphed into Suzanne Gonzales-Webb
abbie1: add item on approval of first deliverable
No virus found in this message.
Checked by AVG - www.avg.com
Version: 10.0.1427 / Virus Database: 2441/5335 - Release Date: 10/16/12