[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Notes fron July 9
Minutes for the meeting of the Electronic Identity Credential Trust Elevation Methods (Trust Elevation) Technical Committee July 9, 2015. 1. Call to Order and Welcome. 2. Roll Call Attending (please notify me if you attended the meeting but are not on the list below)
We achieved quorum. 2. Agenda review and approval
We used the following chat room for the call: http://webconf.soaphub.org/conf/room/trust-el
The agenda was approved. 3. Approval of the Minutes Abbie made a motion to approve of the minutes of the previous meeting. Don seconded the approval. There were no objections. The minutes were approved. 4. Editors Update
Andrew began by posting the draft in the joinme room. He hoped folks had a chance to take a look at it and determine if this is the right scope of content. He is looking for volunteers for editing, and to provide more content.
Andrew continued. As we have been discussing over the last few minutes, Instead of defining the protocol as a standalone deliverable, we have gotten more into design considerations. So that it could be transitioned to a real protocol. Andrew asked for comments
Colin said it looks pretty good. He hasn’t yet had the time to give it that he would like to give it. One observation, one of the challenges is it is quite hard for people to contribute.
John sees a natural tie in to SAML. It is a really good first draft and he will do what he can to get comments from others.
Andrew asked if he could forward it to the XCAML TC for input.
John replied they have regular biweekly call this afternoon, and he will bring back whether he can.
Colin suggested that Andrew walk us thru it, and people can offer comments as they come up.
Colin said he struggled with the TOC. Section 5.3 says it is a definition of trust elevation policy. Can we change it to trust elevation components or something?
Andrew asked is there anything else in the TOC we need to look at.
Andrew continued, Section 2, he wants to ask someone who has been here from the beginning to edit and comment on section 2.
Don volunteered.
Section 3,
Abbie said to assign this to Peter.
Section 3.4.1, Andrew told John T. it would be very helpful it we could get contributions from the XACML TC for, as we will also go out to the UMA and other groups.
John replied that yes, he thought he can do that. That is, put together a one pager.
Abbie replied that he didn’t think he wants it in XACML per say, but done with enough info that an XACML writer could do it.
***Don took an action item to get a hold of John Bradley to do the same thing for OIDC
Andrew will reach Eve for section 3.4.3 for UMA. Is there a particular name for OAuth?
Mary recommended sending the OAuth section to John Bradley and let him delegate it if appropriate.
[Seconded]
Andrew asked Shaheen to work on section 4.
Shaheen asked that Abbie help him.
Shaheen agreed to take a pass on section 4.
John asked if there is a short list of common questions that each protocol should address in their responses to increase consistency.
Andrew replied, not specifically, but that would be a great idea. We should come up with a list of questions for protocol reviewers.
Colin had a comment. We start getting into normative language here. Was that intended?
Andrew, responded that this section is written in English, not normative language, Must probably meant normative, but it is a little fuzzy. That is a good catch. We should capitalize Musts and Shalls, and tighten the language.
Andrew continued with the architectural components. As discussed previously, this section is just setting out information data flows, relying generally on the ABAC pattern and tacking on the trust el services. Is this sufficient? Does someone want to volunteer to work on this section?
Shaheen said it looks like it is based on ABAC. Do other frameworks need to be brought in here?
Andrew replied for this first version, if ABAC serves the purpose, it can be left as a single pattern. If the other modes are better, we should have one model with the best and closest fit. I don’t think we have found any issues with ABAC to discount it. So for first version, leave it with a single pattern.
Cathy said the only thing she is seeing in this pattern that makes it specifically ABAC is the attribute repository. Am I missing something? What makes this an ABAC pattern? Would it be possible to do a generic pattern that would be more adoptable?
Shaheen responded that is why I asked this question. If we could make it generic that would be good. I think Andrew is trying to use ABAC to establish the point of view that could be applied to other patterns.
Andrew asked for help with making the patterns general.
[Generally agreement that PDP, PEP language is generic.]
Cathy said HL7 is working on a healthcare specific model. She was looking at this to determine what we could do for harmonizing. Sher will look at this, and compare it to what she has. Her initial reaction is that yes, she believes that the attribute repository is the only thing that makes it specifically ABAC.
Andrew said the offer is open for them to write a section that is HL7 specific.
Cathy will bring that offer back to them.
John said he would flip the order of the risk based engines. We may need environmental attributes to make the trust-el.
Andrew said some of these lines might move around, depending on the specific implementation architecture. He might add in some dotted lines as well.
Andrew continued. Section 4.3, Andrew will make another pass on this section.
Colin had a quick observation. When we get this fined grained, it can be harder for some people to make comments.
Andrew wants to makes section 4.3 as mature as section 4.1
Andrew asked abbie to write section 4.4
Abbie can look after section 4.4
Section 5, implementation considerations.
Abbie will make a pass on section 5. Some of these sections are FIDOish.
Shaheen asked if the sequence diagram needs to be updated.
Andrew will take notes from the Face-to-face meeting and make a pass on updating section 6.
Section 7, Andrew will give it to Shaheen. We will leave use case diagrams for now. They may change.
Andrew asked if we need the conformance section. It is from the template.
John said it is usually callout things that should be normative and non-normative and what is mandatory or optional.
Andrew commented, so we are too early for that.
Andrew will cut down appendix B.
Appendix C, Andrew will clean this up and send it back to the group for further comments.
Appendix D, an example.
Cathy volunteered.
Appendix E, needs to wait for input from the other TCs.
We returned to what questions the protocol reviewers should consider.
John commented that it would be helpful to have an example trust-el policy to put in an appendix. Also, any extra guidance could give to implementers, but this is not the palace to start.
Andrew responded, this may be particularly addressed with appendix E
5. Adjourn
Shaheen moved to adjourn the meeting. Diana seconded the motion.
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> abbie barbir (Aetna) morphed into abbie and don
anonymous morphed into Orlando Adams
anonymous morphed into John Tolbert - Queralt
Andrew Hughes: Hi folks - for screensharing today use join.me/connectwithandrew - audio is the regular concall number
anonymous morphed into Rick Grow
Andrew Hughes: https://join.me/connectwithandrew - or type connectwithandrew into the app
abbie and don: Telecom Bridge
(877) 658-8148 , (214) 556-4103; PC 58 5 07 44 9 77 #.
anonymous morphed into Orlando Adams |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]