[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Minutes from October 9th Face-to-Face TC Meeting - another tweak to the member list
Minutes for the face-to-face meeting of the Electronic Identity Credential Trust Elevation Methods (Trust Elevation) Technical Committee October 9, 2012, in DC. 1. Call to Order and Welcome. 2. Roll Call Attending (please notify me if you attended the meeting but are not on the list below)
70 percent of the voting members were present at the meeting. We did have quorum. 2. Agenda review and approvalWe used the following chat room for the call: http://webconf.soaphub.org/conf/room/trust-el chat room text is included at the end of the minutes. Abbie welcomed everyone and reviewed the agenda. The goal is to get the second deliverable in order. We will
3. Work on Second Deliverable (Analysis phase)We reviewed the new method analyses that had been posted and made updates directly to the documents. These included: hard token, behavioral biometric, behavioral habit of time of access, and out of band. There are some generic comments that need to be widely applied. We should reference IDP and or RP as the RP may or may not be its own IdP. We also need to account for situations where the user is a program (Non-Person Entity, NPE) rather than a human. We also need to say how a method increases trust in the analyses, not just say that it does. Cathy provided additional perspective on biometrics. In discussing behavioral biometrics, Cathy made reference to ISO2382-37. A biometric measure only matters if it can be used for recognition and or identification. We talked about a signature’s signature: biometric attributes about how a signature is made. We also discussed that some biometrics such as voice can be used as part of a challenge response. One also needs to consider liability issues associated with a biometric: which biometrics are accepted methods. Some methods are still R&D. It is possible to spoof a biometric. Mimicry is possible. There can also be a big difference in readings from different sensors. It was commented that over time mouse and keyboard will go away and be replaced by touch and voice. We discussed the fact that over time there has been an evolution in what has been considered best practice for various methods. Therefore we need to document baseline security assumptions. For example: this is a minimum starting point and if you are not using these techniques, then you are not ready to elevate trust. Colin made some notes about assumptions which he offered to send. *** Action item for Colin to send his assumption notes It was commented that the out of band method consists of methods that are OTP and methods that aren’t OTP. Some of the sub-methods such as use of a post card are generally just for enrollment. We reviewed methods that still needed to be analyzed. Shahrokh volunteered to do cookies. Peter will do digital certificates next week. We discussed that the categories of threat in the analysis template were too gross. The final document needs much more granularity. We need to identify all the things that can mitigate a particular threat, and specifically list which of them are supported by a particular trust elevation method. For example: OTP over SMS mitigates X. ** Action item to make a list of all sub categories of mitigation for each threat. We also need to address the sub categories of threat: man-in-the-middle of a browser, app, OS, device, near field communications card presentment, etc. Then we can discuss it. We can then use this list to revisit the analyses and make them more granular. This will involve re-normalizing the analysis template. We will remove the NIST matrices in this pass as they are a Phase 3 issue. *** There was an action item to check for a reference to CAPCHA. We also discussed mutual authentication. The Gartner document, the Death of Authentication was mentioned. It was suggested that we look at the FICAM OTP profile for best practice. *** Action item to get the FICAM OTP profile We discussed the possibility of creating a phase 4 which would be an online tool (perhaps open source) that allowed an identity management architect to navigate to specific methods that could mitigate certain threats. Abbie would like the second deliverable to be peer reviewed before it is published. 4. Discussion of Approach for the Third DeliverableA critical stop for phase 3 is to determine a methodology, a common currency for combining methods. The x1254 and 800-63 are options. Also M-04-04, but that is too generic. In phase 2 the methods are uncorrelated and unsystematic. The Phase 2 deliverable doesn’t address combinations. The phase 3 goal is that combining methods should reduce risk, i.e. mitigate vulnerabilities. Maybe need a look-up matrix. Then, we take a look at how well a method does (depending on implementation) Shahrokh is working on a graphical representation, a pipeline with filters that change color. Then people can make sensible cost based trade offs. We targeted the 3rd deliverable for Jan /Feb 2013. The first examples for Phase 3 will be the hardest. We will use the x1254 list for the threats (or ISO 29115, which only varies by a little. Trust-el happens after initial authentication and before authorization (except when is continuous.) We reviewed the x1254 document. Section 10.2.1 matters if the elevation method is a secondary credential. We confirmed that we are not elevating trust in the credential, we are elevating trust in the transaction We discussed the basic paradigm of trust elevation, and drew a diagram. ***Action item for Mary to turn the draft picture into a slide. We start with an initial identity assertion. Then the RP has a stated policy that I need a more trust worthy understanding. The RP engages the methods to get more. We will include the diagram created above in the deliverable. Maybe the elevation process engages a third party rather than going back to the requestor. Maybe it divide task across multiple IdPs. The Guard knows the policy for what is good enough. So we can use the X combination of methods to reduce Y vulnerabilities. Why does NSTIC care? It helps with gap between RP needs and offered /available credentials. Section 10.3.2 of x1254 has controls for the above. It lists what you need to mitigate. We discussed evaluating each of the methods against this list. We can create a matrix, perhaps with a 5 color scale – red, orange, yellow, blue, green. Our goal is to cover elevation from 1 to 2, and 2 to 3, but not 3 to 4. So for example, your policy menu will say you need to protect against X so you need to find the right combo to mitigate against X. 5. Attendance Update We achieved quorum. 6. Adjournment The meeting was adjourned. >>>>>>>>>>>>>>>>>>>> abbie: all we are just starting abbie: first document to review is anonymous morphed into Colin_NZ abbie: https://www.oasis-open.org/apps/org/workgroup/trust-el/documents.php?folder_id=2575 abbie: biometric behaviors Rebecca Nielsen (Booz Allen): I'm going to have to sign out for another meeting, I'll dial back in when I can. abbie: methods abbie: looking at Out of band abbie: https://www.oasis-open.org/apps/org/workgroup/trust-el/documents.php?folder_id=2575 abbie: Draft Analysis Benavioral Habits - Time of Access Shaheen: let us know when you start abbie: still lunch we will start back in 15 minutes Shaheen: will be back in an hour |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]