OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

trust-el message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Notes fron July 9

Minutes for the meeting of the Electronic Identity Credential Trust Elevation Methods (Trust Elevation) Technical Committee

July 9, 2015.

1. Call to Order and Welcome.


2. Roll Call


Attending (please notify me if you attended the meeting but are not on the list below)


Abbie Barbir, Bank of America - y

Andrew Hughes - y

Anil Saldhana, Red Hat  

Bob Sunday

Brendan Peter, CA

Carl Mattocks, Bofa 

Cathy Tilton, Daon - y    

Charline Duccans, DHS

Duane DeCouteau


Colin Wallis, New Zealand Government  - y  

Dale Rickards, Verizon Business 

David Brossard, Axiomatics 

Dazza Greenwood 

Debbie Bucci, NIH 

Deborah Steckroth, RouteOne LLC

Detlef Huehnlein, Federal Office for Information

Diana Proud-Madruga - y    

Diego Matute, Centrify

Don Thibeau, Open Identity Exchange - y     

Doron Cohen, SafeNet

Doron Grinstein, BiTKOO

Gershon Janssen 

Ilene Bridges 

Ivonne Thomas, Hasso Plattner Institute

Jaap Kuipers, Amsterdam  

James Clark – Oasis

Jeff Broburg, CA

Jeff Shultz , NIST 

Jim Macabe (Kaiser)

John Bradley 

John "Mike" Davis, Veteran's Affairs 

John Tolbert - y

John Walsh, Sypris Electronics

Jonas Hogberg

Julian Hamersley, Adv Micro Devices

Kevin Mangold, NIST   

Lucy Lynch  ISOC

Marcus Streets, Thales e-Security

Marty Schleiff, The Boeing Company

Mary Ruddy, Identity Commons  - y

Massimiliano Masi, Tiani "Spirit" GmbH 

Mike Harrop

Mohammad Jafari, ESC - 

Orlando Adams

Peter Alterman, SAFE-BioPharma   

Peter Jones -

Rainer Hoerbe -

Rebecca Nielsen, Booz Allen Hamilton  

Rich Furr

Rick Grow

Ronald Perez, Advanced Micro Devices

Scott Fitch Lockeed Martin

Shaheen Abdul Jabbar, JPMorgan Chase Bank, N.A. - y  

Shahrokh Shahidzadeh (Intel Corp)   

Suzanne Gonzales-Webb, VA   

Tony Rutkowski

Tony Nadlin

Thomas Hardjono, M.I.T.  

William Barnhill, Booz Allen Hamilton

Adrianne James, VA 

Patrick, Axiomatics

Steve Olshansky


We achieved quorum.



2. Agenda review and approval
We used the following chat room for the call: http://webconf.soaphub.org/conf/room/trust-el

The agenda was approved.


3. Approval of the Minutes


Abbie made a motion to approve of the minutes of the previous meeting.

Don seconded the approval.

There were no objections.

The minutes were approved.


4. Editors Update
Andrew began by posting the draft in the joinme room. He hoped folks had a chance to take a look at it and determine if this is the right scope of content.  He is looking for volunteers for editing, and to provide more content.
Andrew continued. As we have been discussing over the last few minutes, Instead of defining the protocol as a standalone deliverable, we have gotten more into design considerations. So that it could be transitioned to a real protocol.
Andrew asked for comments
Colin said it looks pretty good. He hasn’t yet had the time to give it that he would like to give it. One observation, one of the challenges is it is quite hard for people to contribute.
John sees a natural tie in to SAML.  It is a really good first draft and he will do what he can to get comments from others.
Andrew asked if he could forward it to the XCAML TC for input.
John replied they have regular biweekly call this afternoon, and he will bring back whether he can.
Colin suggested that Andrew walk us thru it, and people can offer comments as they come up.
Colin said he struggled with the TOC. Section 5.3 says it is a definition of trust elevation policy. Can we change it to trust elevation components or something?
Andrew asked is there anything else in the TOC we need to look at.
Andrew continued, Section 2, he wants to ask someone who has been here from the beginning to edit and comment on section 2.  
Don volunteered.
Section 3, 
Abbie said to assign this to Peter.
Section 3.4.1, Andrew told John T. it would be very helpful it we could get contributions from the XACML TC for, as we will also go out to the UMA and other groups.
John replied that yes, he thought he can do that.  That is, put together a one pager.
Abbie replied that he didn’t think he wants it in XACML per say, but done with enough info that an XACML writer could do it.  
***Don took an action item to get a hold of John Bradley to do the same thing for OIDC
Andrew will reach Eve for section 3.4.3 for UMA.  Is there a particular name for OAuth?
Mary recommended sending the OAuth section to John Bradley and let him delegate it if appropriate.
Andrew asked Shaheen to work on section 4.
Shaheen asked that Abbie help him.
Shaheen agreed to take a pass on section 4.
John asked if there is a short list of common questions that each protocol should address in their responses to increase consistency.
Andrew replied, not specifically, but that would be a great idea. We should come up with a list of questions for protocol reviewers.
Colin had a comment.  We start getting into normative language here.  Was that intended?
Andrew, responded that this section is written in English, not normative language, Must probably meant normative, but it is a little fuzzy. That is a good catch. We should capitalize Musts and Shalls, and tighten the language.
Andrew continued with the architectural components. As discussed previously, this section is just setting out information data flows, relying generally on the ABAC pattern and tacking on the trust el services. Is this sufficient? Does someone want to volunteer to work on this section?
Shaheen said it looks like it is based on ABAC.  Do other frameworks need to be brought in here?
Andrew replied for this first version, if ABAC serves the purpose, it can be left as a single pattern.  If the other modes are better, we should have one model with the best and closest fit. I don’t think we have found any issues with ABAC to discount it. So for first version, leave it with a single pattern.
Cathy said the only thing she is seeing in this pattern that makes it specifically ABAC is the attribute repository. Am I missing something?  What makes this an ABAC pattern? Would it be possible to do a generic pattern that would be more adoptable?
Shaheen responded that is why I asked this question. If we could make it generic that would be good.  I think Andrew is trying to use ABAC to establish the point of view that could be applied to other patterns.
Andrew asked for help with making the patterns general. 
[Generally agreement that PDP, PEP language is generic.]
Cathy said HL7 is working on a healthcare specific model.  She was looking at this to determine what we could do for harmonizing. Sher will look at this, and compare it to what she has.  Her initial reaction is that yes, she believes that the attribute repository is the only thing that makes it specifically ABAC.
Andrew said the offer is open for them to write a section that is HL7 specific.
Cathy will bring that offer back to them.
John said he would flip the order of the risk based engines.  We may need environmental attributes to make the trust-el.
Andrew said some of these lines might move around, depending on the specific implementation architecture. He might add in some dotted lines as well.
Andrew continued.  Section 4.3, Andrew will make another pass on this section.
Colin had a quick observation. When we get this fined grained, it can be harder for some people to make comments.
Andrew wants to makes section 4.3 as mature as section 4.1  
Andrew asked abbie to write section 4.4
Abbie can look after section 4.4
Section 5, implementation considerations.
Abbie will make a pass on section 5. Some of these sections are FIDOish.
Shaheen asked if the sequence diagram needs to be updated.
Andrew will take notes from the Face-to-face meeting and make a pass on updating section 6.
Section 7, Andrew will give it to Shaheen.  We will leave use case diagrams for now. They may change.
Andrew asked if we need the conformance section. It is from the template.
John said it is usually callout things that should be normative and non-normative and what is mandatory or optional.
Andrew commented, so we are too early for that.
Andrew will cut down appendix B.
Appendix C,  Andrew will clean this up and send it back to the group for further comments.
Appendix D, an example.
Cathy volunteered. 
Appendix E, needs to wait for input from the other TCs.
We returned to what questions the protocol reviewers should consider.
John commented that it would be helpful to have an example trust-el policy to put in an appendix. Also, any extra guidance could give to implementers, but this is not the palace to start.
Andrew responded, this may be particularly addressed with appendix E
5. Adjourn
Shaheen moved to adjourn the meeting.
Diana seconded the motion.
abbie barbir (Aetna) morphed into abbie and don
anonymous morphed into Orlando Adams
anonymous morphed into John Tolbert - Queralt
Andrew Hughes: Hi folks - for screensharing today use join.me/connectwithandrew  
- audio is the regular concall number
anonymous morphed into Rick Grow
Andrew Hughes: https://join.me/connectwithandrew  - or type connectwithandrew into the app
abbie and don: Telecom Bridge
(877) 658-8148 , (214) 556-4103;  PC 58 5 07 44 9 77 #.
anonymous morphed into Orlando Adams


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]