[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Minutes for August 22 call
Minutes for the meeting of the Electronic Identity Credential Trust Elevation Methods (Trust Elevation) Technical Committee August 22, 2013. 1. Call to Order and Welcome. 2. Roll Call Attending (please notify me if you attended the meeting but are not on the list below)
60 percent of the voting members were present at the meeting. We did have quorum. 2. Agenda review and approvalWe casually discussed Fido as an example of trust elevation.We used the following chat room for the call: http://webconf.soaphub.org/conf/room/trust-el chat room text is included at the end of the minutes.The agenda was approved. 3. Approval of the Minutes Abbie asked if there were any objections to approving the minutes from the last meeting on July 25, 2013. Abbie asked for a motion. Steve made a motion to approve the July 25th minutes. Mary seconded the motion. There were no objections. The minutes were approved. 4. Editors Update.Abbie explained we are starting with the draft version Peter sent out last night (after the version that Steve sent out.) Steve explained that some changes are not reflected in track changes, as there were so many changes he accepted some of the changes. He changed the title of section 2 to differentiate it from the title of section 1.Steve continued with Section 3 – delete attribute assertion information as it is out of scope.Peter commented that maybe we or someone else needs to take this up in another deliverable.Steve continued at the end of section 4.1Colin asked is there a scope section?Abbie said we don’t have a scope section. Steve we need to add a scope section.Peter explained there are data elements frequently used in the assertion of identity and there are data elements that are generally considered to be extended attributes (name and DOB, vs. role and education.) While the determination of which data elements are part of the identity bucket vs. the extended attribute bucket is not fixed, it is the IDP that makes the determination of which data elements are part of the identity assertion.Abbie asked so what is needed?Peter responded enhanced confidence in the assertion of one or more data elements that the IDP uses to assert identity.Abbie said hopefully Steve now knows what needs to be added.Abbie said whoever asserted the attribute, is the authoritative source on the attribute, regardless of how they acquired the information. Should we say those things here?Peter replied no. We should say what we are looking at it the combination of data elements that IDPs use to assert an identity online. That is separate from all other data elements that are related to that individual or device. For the purpose of this TC, extended attributes are out of scope.Abbie commented based on this, I could see us adding one more section. We need to depict this in a figure – how the authentication elevation flows across the ecosystem. For example, you get an assertion from Verizon, next there is additional information from the phone. The system can get information from multiple exchanges before login is allowed.Peter said what you are saying is very useful. One of the most frequently used methods of trust-el is to ask for extended attributes either from the individual or from the entity with which the user is transacting business.Abbie is learning. The line between the device and the user is very weak. We have more trust in the device. You are bound to the device, through a risk engine validation of habits. We predict it is you, before we think it is you. If they don’t match, need additional trust-el. There is an ecosystem of trust-el.Peter said let me put it a different way. Trust-el can occur when additional attributes, extrinsic to the initial identity assertion are brought into play. They may come from elements associated with the individual or data elements associated with the system the individual is using to maintain the transaction.Abbie replied exactly. We need to put this into the text. Now in one transaction there are multiple elevations happening.Abbie is using the term continuous authentication. The idea is you are elevating trust. It is not a single static step. It is a process.Steve said it is multi-vector. Abbie said we need to tie to access control based on identity and it also has to do with policy. Some financial services people are licensed to work with multiple funds, some only for certain fund products. What they are allowed to do can change based on location (jurisdiction).Peter said you are creaping the scope.Shaheen… Steve said one thing that is important is the quality of the attribute.Shaheen said if one is not speaking of a particular LOA, it is hard to be prescriptive about attribute quality.Steve said I think this goes into the goals section.Colin commented I think you are right.Mary pointed out that while it is out of scope, authentication and authorization processing are growing together.Abbie said we should state that we are aware of it, but it is out of scope.Abbie the Cloud Authentication TC is doing a lot of profiling on thatPeter said they should take our doc as input.Abbie said task me with writing that paragraph.Steve continued with section 4.2, Peter’s comment is that last paragraph is confusing as written.Abbie said we can take that offline.Steve continued with 4.3.1, Peter’s comment is that it doesn’t flow.Abbie said delete it or find it a new home.Shaheen said you could put this with Abbie’s multi-vector comment.Steve continued, next is appendix A. We did lots of clean-up. What is the significance of red?Steve will remove the red.Steve numbered the rows. Third column…Peter had a comment on the header.Abbie said it should be accepted.Colin is surprised there is no control for online guessing.Abbie is sure we had a control for that.Steve will check.Abbie said sometimes you can guess a password pretty well. One can know someone’s credential based on a blog post, then run a low frequency guessing bot trying to login with a dictionary or another approach. Hopefully the user will login in the meantime. The approach may take a couple of weeks and succeed in breaking-in without detection. Some organizations are protected against this.Steve wasn’t’ sure what the spoofing control for the second deliverable was. Peter said it is referred to as item 4 in the table.………… discussion of x.1254………….Steve will draft something for Colin and Abbie to reviewAbbie asked if putting the table in the appendix makes it harder to make the document an ITU-T standard.Shaheen said the meat of the document is the table. We will use x.1254 as an example for how to implement this table.Cathy will be providing a use case. She has asked for an extension.Abbie said we need to make sure we move all the use cases in the identity in the cloud TC.Peter suggested we could take a couple of the use cases and run through them.Abbie asked Steve to take an action item to work with Anil on this.Comment to add the Verizon dual persona to the use case.5. Attendance Update We achieved quorum. 6. Adjournment Peter made a motion to adjourn. Shaheen seconded it. The meeting was adjourned. >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>abbie barbir (BofA): 1. roll call 2. agenda bashing 3. approve minutes and summer vacation 4. editors update 5. roll call 6. adjourn abbie barbir (BofA): dial in info abbie barbir (BofA): Passcode: 637 218 8139 US toll free 1-866-222-6652 Int'l Toll: 1-980-939-6928 - Australia, Sydney: +61 (0) 2 8064 4811 Webex: Meeting scheduled: Trust Elevation TC Bi-weekly ------------------------------------------------------- To join the online meeting (Now from mobile devices!) ------------------------------------------------------- 1. Go to https://attend.webex.com/attend/j.php?ED=179798197&UID=1382908852&RT=MiMxMQ%3D%3D 2. If requested, enter your name and email address. 3. If a password is required, enter the meeting password: (This meeting does not require a password.) 4. Click "Join". anonymous morphed into Suzanne Gonzales-Webb |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]