Notes from October 2 call

["Mary Ruddy" <mary@meristic.com>]

Minutes for the meeting of the Electronic Identity Credential Trust Elevation Methods (Trust Elevation) Technical Committee

October 2, 2014.

1. Call to Order and Welcome.

 

2. Roll Call

 

Attending (please notify me if you attended the meeting but are not on the list below)

 

Abbie Barbir, Bank of America  - y

Anil Saldhana, Red Hat  

Bob Sunday

Brendan Peter, CA

Carl Mattocks, Bofa 

Cathy Tilton, Daon  - y 

Charline Duccans, DHS

Duane DeCouteau

Calvin

Colin Wallis, New Zealand Government  - y

Dale Rickards, Verizon Business 

David Brossard, Axiomatics 

Dazza Greenwood 

Debbie Bucci, NIH 

Deborah Steckroth, RouteOne LLC

Detlef Huehnlein, Federal Office for Information

Diana Proud-Madruga - y   

Diego Matute, Centrify

Don Thibeau, Open Identity Exchange -  y   

Doron Cohen, SafeNet

Doron Grinstein, BiTKOO

Gershon Janssen     

Ilene Bridges 

Ivonne Thomas, Hasso Plattner Institute

Jaap Kuipers, Amsterdam  

James Clark – Oasis

Jeff Broburg, CA

Jim Macabe (Kaiser) - y

John Bradley 

John "Mike" Davis, Veteran's Affairs 

John Walsh, Sypris Electronics

Jonas Hogberg

Julian Hamersley, Adv Micro Devices

Kevin Mangold, NIST  

Lucy Lynch  ISOC

Marcus Streets, Thales e-Security

Marty Schleiff, The Boeing Company

Mary Ruddy, Identity Commons  - y

Massimiliano Masi, Tiani "Spirit" GmbH 

Mike Harrop

Mohammad Jafari, ESC - 

Peter Alterman, SAFE-BioPharma 

Peter Jones -

Rainer Hoerbe -

Rebecca Nielsen, Booz Allen Hamilton - y 

Rich Furr

Ronald Perez, Advanced Micro Devices

Scott Fitch Lockeed Martin

Shaheen Abdul Jabbar, JPMorgan Chase Bank, N.A. - y  

Shahrokh Shahidzadeh (Intel Corp)  

Suzanne Gonzales-Webb, VA  - y 

Tony Rutkowski

Tony Nadlin

Thomas Hardjono, M.I.T.  

William Barnhill, Booz Allen Hamilton

Adrianne James, VA 

Patrick, Axiomatics

Steve Olshansky - y 

Andrew Hughes - y

 

77 percent of the voting members were present at the meeting.  We did have quorum.

 

2. Agenda review and approval

 

We used the following chat room for the call: http://webconf.soaphub.org/conf/room/trust-el

 

 

The agenda was approved.

 

 

3. Approval of the Minutes

 

 

Abbie made a motion to approve the minutes from September 4.

Suzanne seconded.

There were no objections.

The minutes were approved.

 

 

4. Editor update

 

The good news, bad news is that Andrew N received NSTIC funding so we need a new editor. So we are looking for an editor. There is not too much to report as we are looking for an editor.  We still have funding.

 

Mary commented that she had sent Abbie an email about a volunteer. 

 

Abbie asked about the next step.

 

Mary replied the next step is for him to talk with Andrew.

 

Abbie replied that the process needs to be delegated to Don and Peter as he will be traveling out of the country.  So Peter, Mary and Don please carry on with next steps and getting the contract. 

 

Abbie continued. We also need someone to chair the next meeting.

 

The next meeting will have an outside speaker:   Pieter Vander….. He will talk to us about his version of trust elevation.  He will show architecture and SAML implementation for trust elevation. It is a proxy based trust elevation. 

 

Andrew H announced that he is the person that Mary is referring to. 

 

Abbie said asked Peter/Mary if they could process this quickly.  Don can you work with the team to start Andrew quickly to be our official editor.  With Andrew N gone, we had a hiccup.  We have plenty of material.

 

Abbie announced that in four weeks we need to change the bridge, as it was leaked.

 

Peter said that he and Andrew are scheduled to talk this afternoon.

 

Abbie said we have one example of a trust–el protocol that will be presented to us. They may be interested in contributing the implementation to the TC.

 

Peter said perhaps what we should do is map our trust-el policy against this practice and see how it works.

 

Abbie said we can start that at our next editors call. Also, we should bring back the FIDO Alliance. We need to evaluate the impact of FIDO on our work.  With FIDO, the UN/password will go thru an intermediary.  If the FIDO Alliance succeeds, people will authN through the device. The device is part of the trust system. To identify the person, you will rely on indirect attribute(s).  This is a different ball game for identity/auth.  You don’t just rely on the finger print. Everything is heading back our way. It is authN for a given LOA so there is a slight difference of behavior.  It should be one of the use cases.

 

Cathy commented FIDO is implemented with chained MFA rather than parallel MFA.  It is one of the use cases. It is consistent with 800-63 for MFA software crypto token.

 

Abbie said yes, if there is a single device.  The default is one finger print, one user, one app.  But this is not always the case.

 

Cathy replied I thought FIDO had a way for multiple cryptographic secrets to be invoked.  Doesn’t it have to do more with how the keys are bound to the identity?

 

Abbie replied exactly. The step-up may work with an identifier that needs to be identified later, not up front.  This is a key issue.  ID happens with a fingerprint, but which identity was it registered under?  Some people think they should use a different finger for different tasks, but I don’t think that is practical.

 

Abbie said we need to identify how trust- el will work with a FIDO enabled device, especially with multiple users, for example, maybe one person with personal and work accounts.  One solution is to use cookies, but that is not good enough. So there are a lot of details that we need to make sure we have covered.

 

Abbie said welcome Andrew H. We are very glad to have you.

 

Andrew commented that he already knows several people on the call.

 

Abbie is very glad to have him.  He is very active. 

 

Abbie welcomed all new comers.  Aetna is also joining.

 

 

5. Adjourn

 

Abbie asked for a motion to adjourn.

Don made the motion.

Diana seconded the motion.                                      

The meeting was adjourned.

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> 

abbie: Passcode: 637 218 8139

 

US toll free 1-866-222-6652

 

Int'l Toll: 1-980-939-6928

 

- Australia, Sydney: +61 (0) 2 8064 4811

 

abbie: 1. roll call

 

2. agenda bashing

 

3. Editor update

 

4. roll call

 

5. Adjourn

 

anonymous morphed into Suzanne Gonzales-Webb

 

anonymous1 morphed into Diana Proud-Madruga

 

anonymous morphed into Tim McKay

 

anonymous1 morphed into SteveO

 

Gershon Janssen14: I'm in the UK at a client's office and I have some trouble dailing out... trying to sort it...

 

Andrew Hughes: Based on the echo-backs the echo is coming from Cathy's line...