Minutes for June 25th call

Minutes for the meeting of the Electronic Identity Credential Trust Elevation Methods (Trust Elevation) Technical Committee

June 25, 2015.

1. Call to Order and Welcome.

2. Roll Call

Attending (please notify me if you attended the meeting but are not on the list below)

Abbie Barbir, Bank of America - y

Andrew Hughes - y

Anil Saldhana, Red Hat

Bob Sunday

Brendan Peter, CA

Carl Mattocks, Bofa

Cathy Tilton, Daon

Charline Duccans, DHS

Duane DeCouteau

Calvin

Colin Wallis, New Zealand Government - y

Dale Rickards, Verizon Business

David Brossard, Axiomatics

Dazza Greenwood

Debbie Bucci, NIH

Deborah Steckroth, RouteOne LLC

Detlef Huehnlein, Federal Office for Information

Diana Proud-Madruga - y

Diego Matute, Centrify

Don Thibeau, Open Identity Exchange

Doron Cohen, SafeNet

Doron Grinstein, BiTKOO

Gershon Janssen - y

Ilene Bridges

Ivonne Thomas, Hasso Plattner Institute

Jaap Kuipers, Amsterdam

James Clark – Oasis

Jeff Broburg, CA

Jeff Shultz , NIST

Jim Macabe (Kaiser)

John Bradley

John "Mike" Davis, Veteran's Affairs

John Tolbert - y

John Walsh, Sypris Electronics

Jonas Hogberg

Julian Hamersley, Adv Micro Devices

Kevin Mangold, NIST

Lucy Lynch ISOC

Marcus Streets, Thales e-Security

Marty Schleiff, The Boeing Company

Mary Ruddy, Identity Commons - y

Massimiliano Masi, Tiani "Spirit" GmbH

Mike Harrop

Mohammad Jafari, ESC -

Orlando Adams

Peter Alterman, SAFE-BioPharma

Peter Jones -

Rainer Hoerbe -

Rebecca Nielsen, Booz Allen Hamilton

Rich Furr

Rick Grow

Ronald Perez, Advanced Micro Devices

Scott Fitch Lockeed Martin

Shaheen Abdul Jabbar, JPMorgan Chase Bank, N.A. - y

Shahrokh Shahidzadeh (Intel Corp)

Suzanne Gonzales-Webb, VA - y

Tony Rutkowski

Tony Nadlin

Thomas Hardjono, M.I.T.

William Barnhill, Booz Allen Hamilton

Adrianne James, VA

Patrick, Axiomatics

Steve Olshansky

We achieved quorum.

2. Agenda review and approval

We used the following chat room for the call: http://webconf.soaphub.org/conf/room/trust-el

The agenda was approved.

3. Approval of the Minutes

Andrew made a motion to approve of the minutes of the previous meeting.

Diana seconded the approval.

There were no objections.

The minutes were approved.

4. Editors Update

Andrew reported that he had restructured the documents and we are now ready to assign people to working on different sections.

He reviewed the new structure and asked for feedback.

Section 2.1, the goals, hasn’t changed,

Section 2.2, defines trust system

Section 3, core model

Section 3.3, brief discussion of why a state model is useful, and what it needs to be (synopsis from version 3)

Section 3.4, discussion of architecture and models, abstracted from NIST, ABAC, OAuth and UMA, Trust elevation can be viewed as authorization

Section 4, architecture and design considerations (looking for feedback)

Section 4.2, is mostly to be written

Section 4.4, policy repositories

Section 5, implementation considerations, mostly to be written, should touch on FIDO

Section 5.1, rolls and responsibilities

Section 5.2, authentication methods

Section 5.3, device capabilities, device capabilities can changes, FIDO discussion is especially relevant here

…..

Section 5.9, orchestration, something needs to orchestrate all of the parts

Section 6, sequence examples, unchanged

Section 7, various assertions, unchanged

…

Appendix B, will probably reduce

Appendix C, needs more depth

Appendix D, design considerations example

Appendix E, needs input from other protocol groups, what needs to change, etc.

Colin commented that it is pretty extensive. We may want to add privacy and security considerations.

Andrew can see privacy considerations, but not security [out of scope].

Andrew 5.1 thru 5.5 the headings are new. Some of the text needs to be moved and the sections reordered.

Andrew asked how does this structure feel and when can I have the text?

Abbie and others are still digesting.

Abbie asked what is next.

Andrew replied a general read thru and comments on structure and anything missing. Also content, for those who are willing to take a section and write a paragraph or two

Abbie said let me ask for volunteers.

Shaheen asked if Andrew had included the conclusions from the face-to-face meeting.

Andrew responded that it is getting there.

Shaheen commented that we came up with a couple of models and diagrams.

Andrew replied that belongs in the appendix. That is where most of that material would be, in design considerations. A lot of the stuff we talked about in the F2F is the missing parts, like policy design, and implementation considerations.

Shaheen said those conversations would definitely influence the metadata and xml format.

Andrew replied that the greatest part of the metadata would come from the policy discussion and interaction between components. i.e., 4.2. Once these have been determined, it will be clearer what the metadata need to be.

Colin asked are there vendors who want to implement this. It would be helpful to have that kind of review.

Andrew replied that some of them are in the tent. If people have contacts in product companies, it would be great to have their input.

Andrew continued, so we will let folks digest it. Then he will send an email asking for volunteers.

He will also reach out to Eve and Mike S.

Abbie said to keep asking for input on the TC list.

Abbie will be presenting TC work in a July meeting. So he needs the TC to approve the material he presents. So if anyone has a major objection to what we have done so far, let him know.

[silence]

6. Adjourn

Mary moved to adjourn the meeting.

Abbie seconded the motion.

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

anonymous morphed into abbie-1

abbie-1: (877) 658-8148 , (214) 556-4103; PC 58 5 07 44 9 77 #.

Andrew Hughes: Also for screen sharing only: https://join.me/connectwithandrew

anonymous morphed into Shaheen

anonymous morphed into Suzanne Gonzales-Webb

trust-el message