Board of Trustees Minutes - 2011 Redwood City F2F

Skip to end of metadata
Go to start of metadata
These DRAFT minutes have been APPROVED by the Board of Trustees.
BOARD
STAFF
GUEST
CA - Michelle Waugh
ISOC - Lucy Lynch
LC - Colin Wallis
LC - John Bradley
Gov of Canada - Ken Dagg
NRI - Nat Sakimura 		Joni Brennan
Dervla O'Reilly 		Leif Johansson (NORDUnet)
Patrick curry (BBFA)
David Temoshok (GSA)

Day 1 - Board of Trustees

Reviewed Agenda

MEMBERSHIP
  • Proposed formation of Membership Drive BoT Sub Committee:
  • Signed up: Joni / Lucy / Patrick / Leif / Wallis / Michelle
MARKETING AND RECRUITMENT
  • Refining the KI Mission and Vision for clarity
  • Maturation from Harmonization to Certification and Federation

MISSION: Shaping the Future of Identity
VISION: Kantara enables the Implementation of Scalable and Trustworthy Identity Federations

  • Certifying for High Levels of Assurance
  • Public Cloud is Federation
  • Something internationally faced

AUDIENCE: Targeting specific level of audience / narrow

  • End-user Industry Sectors
  • Federal, State and Local Government Agency Services
    (examples: IRS / VA / Health Services)
  • Identity Providers / Service Providers
  • DRM Provider (Cable, Video, TV Anywhere, etc)
  • Auditors
  • CC-TLDs
STRUCTURE
  • develop category of membership that targets Deployment

Concretely solidifies Organizational direction.

  • "Policy Management" level between Member and Trustee
    • Pay for membership to review and contribute to Profile Development of the IAWG which would be overseen by the *RBs
    • Access to Inter-Federation Policy Agreements (Model Agreements)
  • "Subscriber" Organizations that use KI Product
    • Online testing or verification tools (REFEDs: SAML 2.0, OpenID, Cloud… ? SCIM, Oauth)
  • Federation Operator Membership Level (maybe even the same price tag maybe more steep)
LEADERSHIP

ARB = Assurance Review Board
DRB = IRB repurposed Interoperability Review Board as Deployments Review Board

fooRB Certifications – Proposed Certification Review Board as hierarchical to other RBs / PROPOSED: Repurpose the IRB to be the DRB Deployment Review Board

  • DRB: SaaS Cloud Certification (US - Gov on-boarding) (SAML2.0 INT + Sub-Set of eGov 2.0 <insert magic> OpenID Connect / SCIM (talk with ChuckM))
  • DRB: Implementation / Deployment Review Board**
  • DRB: Certification / Training Federation Architect
    FI-WG can be the place for dev of these testing profiles (etc)
    • ARB: Identity Proofing Certification
    • Module of the SACs for the purpose of revising the Identity Proofing (providing the tools to compare across jurisdictions) section of the SACs VALUE PROP: reduce the risk considerably and standardize the risk and significantly reduce the cost, increases confidence and market via broader consistency and transparency.
    • Q: Would it be done at 4 levels? Not sure today if 4 levels is the correct approach… should at least be mappable to 4 levels but needs to recognize that there may be other gradients outside of the 4 levels
    • IAWG Work Item – get some Gov’t ID Proofing (Rainer TFMM) / police organizations / financial action task force (FATF), (possible interest to SwissSign), ASINP
      • Action: Patrick Curry would work with others to socialize
      • Action: Ken (Gov of Canada has interest)
      • Action: RW review the SACs to see where/how ID Proofing model would plug-in
        • LIKELY – part of the new proposed Subscriber/ User Member level
        • Possible work around – if your going to financially benefit from this work if not you may not need to pay (non-profit?)
  • ARB: Certification of Federation Operators
  • KI Accreditation Body as a Service / Product

ACTION: Joni to review OPs for possible change regarding access to profile development based on membership access via *RBs.

Day 2 - Board of Trustees

PARTNERSHIPS AND CHAPTERS
  • GEANT (GN3) – technical level partnership
  • SimpleSAMLphp – Andreas Solberg Author.
  • Federation-Lab – on-line testing harness specifically for SAML 2.0 INT

HISTORY: 2006 The Klingensteins, Scott Cantor, Eve, RL, Drummond, Leif spawned out of ad-hoc desire for SAML profile geared toward multi-party scaled up federation (SAML2int.org). Scott and John ‘wedged’ the SAML2 INT work in to the US SAML SSO Deployment Profile and aligned with KI eGov 2.0 Profile

IOP LANDSCAPE: less and less likely of a full matrix (mesh) testing desire. More likely on-line (always available) testing tools (harness). You (product) goes and tests and when you get all ‘green’ lights you know you’re product passes.

  • GEANT3:
    • not only for SAML 2.0 but also OpenID Connect. Interest for reference implementation and on-line test harness…. Tentatively calling it Fed-lab2 (together with GN3 mgmt board)
    • PLAN:
      • Take implementation and launch it as a joint KI GN3 tool kit. Partnership has been well developed even if it has not bubbled up to political layer. Good results via actions and no politics necessary. IP is being reviewed but no hard stops envisaged.
      • Next steps (3-6 months) – development on going in GN3 (Andreas and Licia) timeline where in 10-12 months from now the project (test harness) is working with OpenID Connect capabilities.
    • COMMON GOALS:
      • By project completion KI would be a strong brand and association with KI brand would be attractive for GN3 also benefit for GN3 to land the tools in KI for potential long term funding operation
  • REFEDs.org:
    • joint working partnership supporting federation.
    • Forum for federation operators in the REN space
    • KI to approach private sector “scaled up meta-data driven federation is a viable option for both inter and intra enterprise federation.” If you’re a large Enterprise or Cloud enabled company you’d want something likely close to FICAM aligned model.
      • VALUE: avoid vendor lock-in.
      • BRANDING: people think eGov profile is only for Governments. It’s not.  New protocol does not make old problems go away necessarily… OpenID connect also has point to point federation challenges.
      • CHALLENGE: Large cloud vendor having issues conforming to large federation deployer. (REN example)
      • TASK: Discuss with key players EduGain and InCommon value of becoming certified Federation Operators (market build and demonstration).
  • PEER:
    • market confusion regarding use of Janis
    • Used to be no tools for running federation.
    • PEER evolved as tool for federation and there are other tools for this purpose but they are locked as proprietary business.
  • MDX:
    • meta-data exchange (Found in KI FIWG federation tools section)
    • more work needed on MDX to ensure high security to operate with Certificate Authorities) CAs
  • PING:
    • interested in MDX so PING MDX channel to use MDX to query and extract subset of XML for SAML meta-data sets (set instead of as typically done in bulk). Involves dynamically signing to maintain the providence.
  • Internet Assigned Numbers Authority (registries of protocol elements) IANA:
    • Registry could be potential partnership
    • IANA Registry for LoA descriptors. Use: register short names for URLs that point to the descriptions of the LoA policy
  • WAYF next generation
    • new generation of WAYFs using dynamic construction NOTE: Goes in to Cloud Federation Profile. ULX / Account Chooser need dynamic meta-data to be useful.
KI STAKEHOLDER ABILITY TO SEEK FUNDING FROM EC
  • KI EU possible focus for government facing entities. Concern about dilution of what we do to be business of Federation2Federation.
  • KI EU INC risk is that it could get far away from the goals and mission of KI (original flavor). How to set up an organization eligible for EC funding and yet not have risk regarding divergence from mission and vision. == get the value but not incur the risk.
  • Suggestion that Terena could be the vehicle. Critique that Terena may not be the right home or provide the broad coverage sought.
  • PROPOSAL: umbrella project that helps Terena, REFEDs and KI mission to cooperate – larger org which could incorporate and house KI EU.
  • NOTE: Need 2 nations to drive toward EC funding

"Imagined International Identity Standards Alliance”

  • BBFA
  • IDMgmt Centrum (NL)
  • German Data Protection Authority
  • Belgian gov direct contact

ACTION FOR IEEE-LEGAL – Incorporate KI in 2 countries under same name?
ACTION: Lucy to ask ISOC chapters if any have Incorporated in the countries in which they are based. If there are such entities we could look at them as an example. Terms and Conditions would be based so that the incorporated ORG must comply with the Ts&Cs to be able to use the brand. Some example terms are that a member of KI X Country Chapter Inc would also be members of KI and not separate members of KI X Country Chapter Inc. Leveraging IP across chapter. Requirements for released EC work (project like Prime) is an example.
Potentially – one entity arching but grounding based on originating address of membership
GOAL: 2 or more chapters in EU at least 1 must be a legal entity.

  • ACTION: Leif to cycle with REFEDs to ask if they’d have interest / willing to partner with KI for EU Chapter (not geo locked but interest based)
  • ACTION: Patrick to cycle with IDMgmt Centrum (NL) for interest / willing to partner with KI EU Chapter
  • ACTION: Patrick to talk to BBFA (same as above)
  • ACTION: Investigate - Possible tune and Adopt IPR for EC constrains. CC Share-Alike Attribution might be acceptable.
  • ACTION: Investigate - All Rights Reserved as possible IPR that aligns with ISO
  • ACTION: Joni/Anna partnership visualization / partner with Patrick Curry on this gantt visualization.

See also for Action Tracking:
Trustees Tactical Planning

  
Bookmarks

Is this site useful to you? Please share it!

| | More
On This Page:
Pages in this Space:
Wiki How To's:
Wiki Notation Quick Guide
Full List of Macros
Full Documentation
Labels:
None
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.