Notes from June 26 call

Minutes for the meeting of the Electronic Identity Credential Trust Elevation Methods (Trust Elevation) Technical Committee

June 26, 2014.

1. Call to Order and Welcome.

2. Roll Call

Attending (please notify me if you attended the meeting but are not on the list below)

Abbie Barbir, Bank of America - y

Anil Saldhana, Red Hat

Bob Sunday

Brendan Peter, CA

Carl Mattocks, Bofa

Cathy Tilton, Daon - y

Charline Duccans, DHS

Duane DeCouteau

Calvin

Colin Wallis, New Zealand Government - y

Dale Rickards, Verizon Business

David Brossard, Axiomatics

Dazza Greenwood

Debbie Bucci, NIH

Deborah Steckroth, RouteOne LLC

Detlef Huehnlein, Federal Office for Information

Diana Proud-Madruga - y

Diego Matute, Centrify

Don Thibeau, Open Identity Exchange - y

Doron Cohen, SafeNet

Doron Grinstein, BiTKOO

Gershon Janssen

Ilene Bridges

Ivonne Thomas, Hasso Plattner Institute

Jaap Kuipers, Amsterdam

James Clark – Oasis

Jeff Broburg, CA

John Bradley

John "Mike" Davis, Veteran's Affairs

John Walsh, Sypris Electronics

Jonas Hogberg

Julian Hamersley, Adv Micro Devices

Kevin Mangold, NIST

Lucy Lynch ISOC

Marcus Streets, Thales e-Security

Marty Schleiff, The Boeing Company

Mary Ruddy, Identity Commons - y

Massimiliano Masi, Tiani "Spirit" GmbH

Mike Harrop

Mohammad Jafari, ESC -

Peter Alterman, SAFE-BioPharma

Peter Jones -

Rainer Hoerbe -

Rebecca Nielsen, Booz Allen Hamilton

Rich Furr

Ronald Perez, Advanced Micro Devices

Scott Fitch Lockeed Martin

Shaheen Abdul Jabbar, JPMorgan Chase Bank, N.A. - y

Shahrokh Shahidzadeh (Intel Corp

Suzanne Gonzales-Webb, VA - y

Tony Rutkowski

Tony Nadlin

Thomas Hardjono, M.I.T.

William Barnhill, Booz Allen Hamilton

Adrianne James, VA

Patrick, Axiomatics

Steve Olshansky

Andrew Nash - y

67 percent of the voting members were present at the meeting. We did have quorum.

Peter wanted the TC to know that we are hiring Andrew Nash to edit the fourth deliverable. Shaheen has sent out a current draft which is a protocol for trust-el in XML and JSON. Shortly we will have a version for the whole TC to review. At that point we will want everyone to dig into it and give us thoughtful comments.

2. Agenda review and approval

We used the following chat room for the call: http://webconf.soaphub.org/conf/room/trust-el

chat room text is included at the end of the minutes.

The agenda was approved.

3. Approval of the Minutes

Abbie asked for a motion to approve the minutes from April 3.

Don made the motion.

Shaheen seconded it.

There were no objections

The minutes for the meeting were approved.

4. OIX update

Abbie said the event was very well done. It was well received by UK government. They are working on a whitepaper to look at deltas from our work.

Don continued we were able to present at both the EMA conference and also to some key people in the UK government. We came to an agreement around a proposed white paper to apply our Trust-el work to the IDAP program, and talked about IDAP being an early and large adopter of the proposed standard.

Abbie said he was very encouraged to hear the discussions stating the value of assurance levels for identity attributes. IDAP is different from using social login. The nature of the trust model is different. A foundation for trusted attributes is in place. Our TC is in the right place at the right time. Maybe we should have an OS project with source code for anyone to adopt it.

5. Editor update

Abbie announced that Andrew is kind enough to help us with the fourth deliverable. He has accepted being our editor. Andrew is our key editor of the 4th deliverable.

Andrew thanked the TC. Sounds like I already know most people. Looking forward to working with you and bring things to conclusion.

Suzanne made motion to have Andrew as the editor of the 4th deliverable

Dianna seconded the motion.

There were no objections.

Abbie welcomed Andrew.

Abbie then asked Shaheen to please give a summary of where we are.

Shaheen welcomed Andrew. He explained the first process was to collect current trust-el methods, then analyze them, and then we came up with a technique. Then we came up with a framework. Then build a trust-el sequence, based on that sequence we developed an XML format for interacting with various RP and IDP and attribute providers and LOA assessors. One of the key concepts introduced is incorporated response from attribute providers, etc.

Abbie said so basically we have the trust sequences and metadata. We need to formalize where we want to go and what is missing. Need to assign people to work on gaps. So please suggest what we need to do and what we should do next.

Shaheen said I think we need to understand the relationship with the existing framework that we may be leveraging.

Abbie said what you have so far is a step-up process. This doesn’t translate to a protocol yet. We need to define the terms of how parties request and discover trust-el and then we can bind it to a protocol.

Shaheen responded exactly. We need to do analysis to see where we fit in other protocols.

Abbie asked or should we say that we need to be complaint. We also need to see the output of the UK paper.

Don said he would be happy to lead that team.

Abbie said this is an ad hoc team with Don leading it. Abbie volunteered also. They would work with the UK to ensure alignment. In parallel, we still need to define the protocol at the abstraction level, where it will kick in, how it will work with FIDO and what is the handshake, and how to discover attributes. Colin what do you think?

Colin said it sounds like a way forward.

Abbie continued we need to go from a sequence to a protocol. We fit at the layer of a trust framework.

Don agreed.

Abbie said the policy may change, and the vocabulary may change, but the mechanism should be the same. We need a metadata definition of what a trust attribute should be and how to represent it. Then we will look at how to use OIDC or SAML to implement it, and publish protocols.

Abbie said silence sounds like agreement. Today is kicking off the next phase. Do we want to take a summer break?

Don likes it. Andrew is out the week of July 4th.

Abbie said that for lots of Europeans, August is a month not to meet. Abbie maybe skip week after 4th.

Editors still can meet.

Abbie said it if is ok, I make a motion to cancel the next meeting for vacation (July 10). We can also take August 7th off.

Don said the UK white paper may be in September. We will finalize our response when have that white paper.

***Don took an action item in September a committee/editors to meet with counterparts in the UK cabinet office.

6. Resolution and feedback on third deliverable.

We need to do redo the vote on the third deliverable, since not enough people voted.

Steve made a motion to approve requesting Special Majority Vote on approving Electronic Identity Credential Trust Elevation Framework Version 1.0 at https://www.oasis-open.org/committees/document.php?document_id=52634&wg_abbrev=trust-el

with Non-Material Changes as a Committee Specification.

Don seconded it.

Abbie asked if there were any objections.

None heard.

The motion passed.

Abbie announced that we have victory.

7. Adjourn

Abbie asked for a motion to adjourn.

Dianne made the motion.

Suzanne seconded the motion.

The meeting was adjourned.

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

anonymous morphed into Don Thibeau

Cathy Tilton (Daon): Mary - I have a conflict today, but if you need quorum, let me know and I will step out momentarily to assist.

abbie: cathy please dial in for 20 seconds for quroum

abbie: pretty please cathy

anonymous morphed into colin_nz

Cathy Tilton (Daon): Will be there shortly - vote in progress.

abbie: thanks cathy

abbie: u r the king + queen

abbie: thank u

trust-el message