SASIG20080612

Jump to: navigation, search

Liberty Alliance Project
Strong Authentication SIG
Conference Call
Meeting Notes
Thursday, June 12, 2008
12:30pm-1:30pm EST
Author: Kurt Kolok

Attendance:

Lina Pandey, Greenback Systems
Rob Marano, Indorse Technologies (Chair)
Shelagh Callahan, Intel
Shin Adachi NTT

Kurt Kolok Liberty Staff

Guy Huntington: Liberty member/consultant/expert in SA implementation.

Draft Agenda:
1) Open elections for co-chair or vice-chair
2) Discuss schedule of meetings
3) Review and discuss Draft 2 of charter/ Attempt to provide some structure to the deliverables (a-h from Charter)
4) Prioritize most important deliverables and assign resources

1. Open elections for co-chair or vice-chair

Would like to have a co-chair or vice-chair step up. The responsibility would be to chair calls in Rob’s absence.
Please notify Rob if you have an interest in co-chair/vice-chair.
Note: Lina Pandey has volunteered for nomination as co-chair.

2. Discuss schedule of meetings

We will schedule a call every two weeks; one of which will be the main SIG call and the other call will be a working group/deliverable ownership call. The working group call may be canceled with advanced notice depending on whether or not it is needed.

8:00-9:00am PDT alternating weeks between IAEG calls
Next call will be July 2, 8:00-9:00am


3. Review and discuss Draft 2 of charter/ Attempt to provide some structure to the deliverables (a-h from Charter)

• Drive discussions of interoperability for standalone and web services.
• Contribute to a public wiki (we want Liberty to be the first place people go to for information on Strong Authentication).
• Remain vendor agnostic
• Talk about high level solutions and technologies.
• Serve as a focal point of discussions on strong authentication.

Action: All: please add links to some of your favorite strong authentication resources to the wiki.

• Engage Identity Gang (don’t have a public site for their discussions).

There does not seem to be any group within Identity Gang that is working specifically on strong authentication. Our purpose in communicating with them is to have an academic/real life discussion when it comes to interoperability and drive interoperability discussions between the two groups (Identity Gang and the LAP SA SIG).

Internet Identity Workshop (IIW) Group: there were a couple of sessions on strong authentication at their recent conference. Someone from PGP led one open discussion regarding how to make strong authentication with Open ID (also from the enterprise side). We want to ensure that we have information publicly available and socialize it with the other groups.

Scope: Information sharing with members and non-members (educate Liberty and educate public on what Liberty is doing). We should key into the BMEG group and their strong authentication-related activities.

Goal: Within a year we should have a dozen or so use cases/lessons learned to be made freely available and vendor agnostic (central components and services). These would address areas such as provisioning, fulfillment, strong authentication business agreements, systems management, privacy and regulatory compliance. Provide feedback to other SIGs as they request input. Improve information sharing within Liberty. The charter is set up for 2 years ending October 2009.

Action: Rob will create a section of the wiki that will be a Google-like repository of all things Strong Authentication (provisioning, subscription notices, etc…). The wiki will also be a repository for use cases behind strong authentication.

We need to look at ID-SAFE (abstracted use cases) and at the authentication part of the combined BMEG document.

Action: Shelagh will work to pull together the basic context for use cases in the BMEG combined MRD as well as those from ID-SAFE.

We need to all understand what we mean when we use certain terms (demand just enough strength and not any more—‘appropriate authentication’). We need to identify all that one needs to know to perform a specific task and no more. We need to consider the technology, business, governmental/regulatory, and legal perspectives in our discussions.

Things to consider during our discussions and deliverables:
--What is going on in the industry as a whole (best practices and use cases, etc…)?
--Certain guidelines which should be followed.
--What concepts do we start pulling together?

We have to define what we mean by strong authentication. Basic authentication would be a user name and password while the most extreme authentication example would be biometric with everything else falling in between the two.

Action: Shelagh will propose a foundation for using a term such as ‘appropriate authentication’ for the SIG work.

4. Prioritize most important deliverables and assign resources

This discussion will be ongoing due to lack of time on today’s call.

Meeting Adjourned

Retrieved from "http://wiki.projectliberty.org/index.php/SASIG20080612"
Personal tools