SAFE-BioPharma Association
AllWe do not have a meeting today since we have just had our F2F
regards
From: Mary Ruddy <mary@meristic.com>
Date: Thursday, May 14, 2015 at 8:45 AM
To: "trust-el@lists.oasis-open.org" <trust-el@lists.oasis-open.org>
Cc: Mary Ruddy <mary@meristic.com>
Subject: [trust-el] Notes from April 30th call
Minutes for the meeting of the Electronic Identity Credential Trust Elevation Methods (Trust Elevation) Technical Committee
April 30, 2014.
1. Call to Order and Welcome.
2. Roll Call
Attending (please notify me if you attended the meeting but are not on the list below)
Abbie Barbir, Bank of America - y
Andrew Hughes - y
Anil Saldhana, Red Hat
Bob Sunday
Brendan Peter, CA
Carl Mattocks, Bofa
Cathy Tilton, Daon - y
Charline Duccans, DHS
Duane DeCouteau
Calvin
Colin Wallis, New Zealand Government
Dale Rickards, Verizon Business
David Brossard, Axiomatics
Dazza Greenwood
Debbie Bucci, NIH
Deborah Steckroth, RouteOne LLC
Detlef Huehnlein, Federal Office for Information
Diana Proud-Madruga - y
Diego Matute, Centrify
Don Thibeau, Open Identity Exchange - y
Doron Cohen, SafeNet
Doron Grinstein, BiTKOO
Gershon Janssen
Ilene Bridges
Ivonne Thomas, Hasso Plattner Institute
Jaap Kuipers, Amsterdam
James Clark – Oasis
Jeff Broburg, CA
Jeff Shultz , NIST
Jim Macabe (Kaiser)
John Bradley
John "Mike" Davis, Veteran's Affairs
John Tolbert
John Walsh, Sypris Electronics
Jonas Hogberg
Julian Hamersley, Adv Micro Devices
Kevin Mangold, NIST - y
Lucy Lynch ISOC
Marcus Streets, Thales e-Security
Marty Schleiff, The Boeing Company
Mary Ruddy, Identity Commons - y
Massimiliano Masi, Tiani "Spirit" GmbH
Mike Harrop
Mohammad Jafari, ESC -
Peter Alterman, SAFE-BioPharma
Peter Jones -
Rainer Hoerbe -
Rebecca Nielsen, Booz Allen Hamilton
Rich Furr
Rick Grow - y
Ronald Perez, Advanced Micro Devices
Scott Fitch Lockeed Martin
Shaheen Abdul Jabbar, JPMorgan Chase Bank, N.A. - y
Shahrokh Shahidzadeh (Intel Corp)
Suzanne Gonzales-Webb, VA
Tony Rutkowski
Tony Nadlin
Thomas Hardjono, M.I.T.
William Barnhill, Booz Allen Hamilton
Adrianne James, VA
Patrick, Axiomatics
Steve Olshansky
We achieved quorum.
2. Agenda review and approval
We used the following chat room for the call: http://webconf.soaphub.org/conf/room/trust-el
The agenda was approved.
We have a request to move the meeting. We are considering moving it.
Next 800-63 feedback input is Monday.
3. Approval of the Minutes
Don moved and Andrew seconded approval of the minutes of the previous meeting April 16th.
There were no objections.
The minutes were approved.
4. Administrative issues
Don began by stating that Shaheen had requested an alternative meeting time.
Mary asked does it work to move the meeting an hour later or earlier.
Don commented that if we could propose to move the meeting an hour later it could help the West coast, but then it would conflict with another standing meeting.
Mary proposed moving the meeting two hours ahead.
Cathy and don indicated that they could do that.
Andrew noted that is the time of the standing UMA call. It would give us the option of a joint meeting.
Diana said two hours would work for her.
There were no objections on to the time change.
At Don’s request Mary recorded a shift of two hours as a working hypothesis.
Don asked if there is a note on the status of the response to a request for comments on 800-63. He asked Mary to comment.
Mary replied that the NIST levels of assurance in 800-63 can be an input to the process of trust elevation. NIST has requested suggestions on how NIST might improve 800-63, so this is an important opportunity for the TC to provide strategic comments. The TC is collaborating with other groups to provide joint comments and has already held one call. Another call is scheduled.
The goal is to get feedback in well before the due date.
Cathy Tilton provided a link to the 800-63 call for comments: http://csrc.nist.gov/groups/ST/eauthentication/sp800-63-2_call-comments.html
Cathy noted that the minutes for the last call incorrectly listed the due date as the 29th of May. Responses are due by the 22nd.
Mary posted a correction to the Minutes of April 16.
Diane said if anyone else is putting together responses, we are sharing responses sot if one group says something we agree on we can all mention it. It doesn’t hurt for NIST to hear something from multiple sources.
Diane said that the trust-el TC may have some more influence due to its standing.
Andrew said providing comments will give the TC additional visibility.
Don agreed and asked Don asked Andrew to put together a short statement that we as a committee could endorse and communicate to NIST that would alert them to the expertise and work to date of the committee. This could be helpful to NIST and provide advertising to the TC.
Andrew took that as an action item.
Don said he was thinking of something that was blog like or executive summary like.
Don said that formal response would allow Gartner and other influencers to formally respond.
So we will bring this up at our next call.
Don said we should also minute a proposed transition date for the proposed change of time for the meeting. We could have this take effect for our first meeting in May.
Andrew commented so presumably the meeting would be May 14.
Don said Jane H. is organizing a presentation at the OASIS and EEMA meeting scheduled for July 8-9 outside of London. Don will send details to Mary so she can minute them. He is trying to organize a presentation about trust-el. We are looking for people who can participate on a panel.
Don proposed an action item for the next TC to organize a panel from people who may already be attending the event.
Andrew said he will pencil it into his calendar.
Don continued. Part of the work there is the opportunity to expose the work of the TC to a real life use case. The opportunity is to pull together the work of the TC and the UK IDAP, which is a substantial nationwide identity verification structure. Trust-el will be important as it is how commercial IDPs get paid – so this is not academic exercise. He hopes to pull together some side meetings. Don will send information along so that we capture it in the minutes.
Abbie and I have for some time talked about making sure the OASIS Electronic Identity Credential Trust Elevation Methods (Trust Elevation) Technical Committee was grounded in a real world use case at scale. I discussed this earlier this year with Roger Dean of EEMA.
The UK Cabinet Office Identity Assurance Program Gov.Verify.UK can be an important proof point. Abbie and I have presented on just this topic at an EEMA event late last year. I’m sure Peter and Abbie might have thoughts on this topic as well.
I think HMG representatives might be willing to share a panel time and approvals permitting.
Don Thibeau
Call for presentations
Deadline for Proposals: 8 May
Programme Theme: A look across applications, devices, borders & the cloud!
OASIS, in collaboration with EEMA, plan to bring together privacy and identity international experts to stimulate fresh thinking and novel approaches to dealing with security and privacy risks in our increasingly hyperconnected world of complex cloud applications and distributed devices. Hosted at CA Technologies historic Ditton Manor conference centre, near Windsor, the conference will generate dialogue across government and business, combining high-profile keynote speakers, interactive roundtable sessions, and moderated debates.
About the event theme
As critical infrastructures, applications, devices, and individuals rapidly become networked and inter-dependent, impacting virtually every facet of our personal, social, governmental and economic lives, the management of information security and privacy risks must also expand and deepen to keep pace with the threat landscape. Understanding risks and having mitigation strategies are our only hope. Long term planning, that incorporates solutions at every level, including very large-scale systems such as complex cloud applications, is key. For most people it is exhausting having to think about all the different devices, applications, accounts and identities each with their own privacy regimes, applications, access controls, and determined adversaries that we have to deal with. And with new, hyperconnected devices and infrastructures – the Internet of Everyone and Everything – risk becomes even more difficult to assess and control.
This community event is designed to provide practical guidance to those looking to take advantage of secure and creditable identity and privacy options. Thought-provoking presentations and panel discussions will tackle the key issues in our hyperconnected world.
OASIS invites our members to submit proposals that share experiences and knowledge, through case study presentations, interoperability demonstrations, and Q&A roundtables. Presentation ideas that advocate responsible risk management measures that will work in this new hyperconnected world and allow us to invest in building long term, secure and privacy-sensitive systems, devices and data centers that protect individuals’ privacy, and reliably execute responsible security policies. The agenda will accommodate both 30 minute presentations and/or 60 minute roundtable discussions. The Program Committee will peer-review all proposals and reserves the right to adapt or restructure proposals submitted to ensure an interesting and compelling program. Marketing/promotional proposals will not be considered for the programme.
The programme committee is soliciting proposals in the following areas:
• Managing privacy and its risks and responsibilities
• Achieving higher levels of trust in devices and their networked infrastructure
• Working through identity provisions for cloud applications
• Finding trusted and reliable service providers
• Ongoing efforts to strengthen identity in the cloud
• Defining privacy in our new open society
• Discussing security solutions for unique M2M challenges
• Exploring physical and digital identity in the 21st century
• Enhancing privacy across borders w/advanced authorization and authentication options
• Addressing cyber security threats and response models after attacks
• And more…
To submit a proposal, please email the following information to events@oasis-open.org:
• Full contact details of each presenter (including name, affiliation, postal address, email, and phone)
• Brief biography (750 words or less) and/or link to online profile (Linked-In or other)
• And a brief abstract between 500 and 1000 words outlining the subject, title, and summarizing the key points of your proposal.
Contact us directly with any questions about the submission process and/or the conference – events@oasis-open.org.
Dates to Remember:
• Proposals due by – 8 May 2015
• Notifications will be sent by – 22 May 2015
• Conference Dates – 8-9 July 2015
This is to introduce you to the standards lead for the UK Cabinet Office Identity Assurance Program Alastair Treharne.
Others in HMG Government Digital Service that may have an interest in this effort are:
Howard Staple <howard.staple@digital.cabinet-office.gov.uk>
Livia Ralph <livia.ralph@digital.cabinet-office.gov.uk>
David Rennie <david.rennie@digital.cabinet-office.gov.uk
5 Editors Update
We used a join me for the discussing the 4th deliverable.
Andrew is struggling with how to present the concept in a way that is usable and describable.
After the IIW discussion and thinking over the last couple of weeks of having to describe sequence and protocol elements, what he is finding is that he has to set up a lot of preconditions and assumptions as to what he is trying to do in the text in order to describe constraints and underlying conditions. For example, the list of authN methods that are viable in that federation; and also, the mapping of the authN methods to define which types are compatible and considered to be trust-elevations. These need to be pre-determined. They maybe locally defined, and eventually universally defined. The access control policy needs to be able to accommodate the concept of trust-el.
Andrew is trying to simplify the complexity to a table or at least a wide table.
He asked for comments on the approach. We are recording some stuff at enrollment time so that the trust-el engine knows how to choose trust-el methods at run time. Otherwise we would have cycle of user and device discovery at authentication time, which doesn’t seem practical.
Diane would like to comment but needs to take time to digest the information. She asked if it has been posted.
Andrew replied not yet, as it is a little rough.
Diane said if there is a section that you want comments on, even sending out just a section would help.
Don commented yes, something that could be redlined.
Diana said this is well thought out. She wants to provide a response that is equally well thought out.
Andrew will post this later today and send out the link. This is the direction he is taking deliverable 4 now. It doesn’t replace the work of prior discussions. He was finding that he couldn’t get to a good explanation point without setting up these pre-conditions.
Don asked if there were any other topics.
Mary responded that there are none.
Don summarized action items from the meeting. Don said for our own sanity, Mary will post a specific proposal for a new meeting time and place. The approach we are taking is to speak now or hold your peace. Also, he would like to get a piece of this work done before we raise the visibility of the committee. Andrew took action item to draft statement that would be useful to NIST and other self-selecting interested parties.
Don is sending out information about the opportunity with OASIS and EMA outside of London. It would be a great opportunity to get more exposure for the committee as a whole and Don will try to arrange a meeting between the UK IDAP and the committee.
Cathy said the information on the TC website is a little bit sketchy. The home page talks about technical work and expository work. There is nothing there. If someone goes to our website there is nothing listed there. It would be great if we could include some information on the deliverables.
Don responded great idea. Andrew, when you draft the next summary, there may also be an opportunity to use some of that content to populate the website.
Mary asked how.
Cathy said we can embed links on that page, but you do have to use the public link – not the one via the work page.
Andrew said if you can give him a free hand. I can try to move things around.
Mary replied go for it.
Cathy said even going through work groups – it is hard to find the last (good) version.
Andrew said call me if you have questions.
Don said this is a timely point to do a refresh.
Shaheen asked about the requests to move the time.
Mary responded the time is 12:00 starting on May 14th.
Shaheen said good.
6. Adjourn
Don moved to adjourn the meeting.
Cathy seconded the motion.
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
anonymous111 asked for a victim, I choose... anonymous111
Room information was updated by: anonymous1111
<place room="room" info="info" call-in="call-in" here="here"></place>
anonymous111111 asks: null
Magic 8-Ball says: My sources say no
anonymous111 asked for a victim, I choose... Mary1
anonymous111111 asks: null
Magic 8-Ball says: Yes
anonymous111 asked for a victim, I choose... anonymous1
anonymous111111 asks: null
Magic 8-Ball says: Without a doubt
anonymous2111 asked for a victim, I choose... anonymous211
anonymous2111111 asks: null
Magic 8-Ball says: Without a doubt
anonymous morphed into Shaheen
Andrew Hughes: https://join.me/376-458-908
anonymous morphed into Rick Grow
anonymous morphed into Cathy Tilton
Kevin Mangold (NIST): Kevin Mangold just joined the phone call -- didn't want to interrupt.
Cathy Tilton: Link to 800-63 call for comments: http://csrc.nist.gov/groups/ST/eauthentication/sp800-63-2_call-comments.html
Colin_NZ: Guys, I'm in a meeting in London but just to say I'll looking in here on soaphub, and I hope to be in NY on day 2 of the F2F... Cheers Colin
anonymous111 asked for a victim, I choose... anonymous11
anonymous2111 asked for a victim, I choose... Shaheen
anonymous2111111 asks: null
Magic 8-Ball says: Outlook not so good
anonymous111111 asks: null
Magic 8-Ball says: Outlook good
anonymous: meow
Mary: thanks Kevin
.>>>>>>>>>>>>>>>.
anonymous111 asked for a victim, I choose... anonymous111
Room information was updated by: anonymous1111
<place room="room" info="info" call-in="call-in" here="here"></place>
anonymous111111 asks: null
Magic 8-Ball says: My sources say no
anonymous111 asked for a victim, I choose... Mary1
anonymous111111 asks: null
Magic 8-Ball says: Yes
anonymous111 asked for a victim, I choose... anonymous1
anonymous111111 asks: null
Magic 8-Ball says: Without a doubt
anonymous2111 asked for a victim, I choose... anonymous211
anonymous2111111 asks: null
Magic 8-Ball says: Without a doubt
anonymous morphed into Shaheen
Andrew Hughes: https://join.me/376-458-908
anonymous morphed into Rick Grow
anonymous morphed into Cathy Tilton
Kevin Mangold (NIST): Kevin Mangold just joined the phone call -- didn't want to interrupt.
Cathy Tilton: Link to 800-63 call for comments: http://csrc.nist.gov/groups/ST/eauthentication/sp800-63-2_call-comments.html
Colin_NZ: Guys, I'm in a meeting in London but just to say I'll looking in here on soaphub, and I hope to be in NY on day 2 of the F2F... Cheers Colin
anonymous111 asked for a victim, I choose... anonymous11
anonymous2111 asked for a victim, I choose... Shaheen
anonymous2111111 asks: null
Magic 8-Ball says: Outlook not so good
anonymous111111 asks: null
Magic 8-Ball says: Outlook good
anonymous: meow
Mary: thanks Kevin
anonymous: :o*
anonymous: hugs
anonymous: sometimes I get so lonely
anonymous morphed into abbie
abbie: HAT ROOM
http://webconf.soaphub.org/conf/room/ibops
Telecom Bridge
Call-in toll-free number: +1-8667475167 (US)
Call-in number: +1-7046650860 (US)
Attendee access code: 792 879 64
Australia: 1800209726; 0280662408; +61 280662408
Webex-----
To join the online meeting
-------------------------------------------------------
Go to
https://attend.webex.com/attend/j.php?MTID=mae414767bf95c2b7e835ab29d3b36ce7
abbie: for all meetings the agenda include
1. roll call
2. approve minutes
3. editor update
4. roll call
5. adjourn
anonymous morphed into abbie
abbie: HAT ROOM
http://webconf.soaphub.org/conf/room/ibops
Telecom Bridge
Call-in toll-free number: +1-8667475167 (US)
Call-in number: +1-7046650860 (US)
Attendee access code: 792 879 64
Australia: 1800209726; 0280662408; +61 280662408
Webex-----
To join the online meeting
-------------------------------------------------------
Go to
https://attend.webex.com/attend/j.php?MTID=mae414767bf95c2b7e835ab29d3b36ce7
abbie: for all meetings the agenda include
1. roll call
2. approve minutes
3. editor update
4. roll call
5. adjourn
This message, and any attachments, is for the intended recipient(s) only, may contain information that is privileged, confidential and/or proprietary and subject to important terms and conditions available at http://www.bankofamerica.com/emaildisclaimer. If you are not the intended recipient, please delete this message.
