Very very good feedback. It has been incorporated in to the doc.
-Heather
----- Original Message -----
From: "Salvatore D'Agostino"
To: "Kenneth' 'Dagg" , "Heather Flanagan" , dg-am@kantarainitiative.org
Sent: Wednesday, April 4, 2012 12:29:23 PM
Subject: RE: [DG-AM] Significant cleanup of DG-AM report and some questions
Ken, Heather tremendous!
Gap 6, I think we want to identities as opposed to entities below
In addition, a means is needed to ask a broad set of identity providers
anything about the entities
I would add SCIM to efforts
Regards,
Sal
-----Original Message-----
From: dg-am-bounces@kantarainitiative.org
[mailto:dg-am-bounces@kantarainitiative.org] On Behalf Of Dagg, Kenneth
Sent: Wednesday, April 04, 2012 3:10 PM
To: 'Heather Flanagan'; dg-am@kantarainitiative.org
Subject: Re: [DG-AM] Significant cleanup of DG-AM report and some questions
Heather,
Fantastic job!!!!
In reworking the report you have enabled me to identify some points that
before your reorganization I couldn't put my finger on.
Number 1 - The relationship between the identified requirements and the gaps
It appears to me, though I could be convinced otherwise, that the
requirements section is a bit of an orphan. In reading it a couple of times
I thought that it overlapped with the gaps in a lot of ways.
To that end, I would suggest that the entire "Identifying Requirements for
Attribute Management" section be removed.
I also suggest that the lead paragraph for the gap analysis section become
the following:
During the work conducted by the Discussion Group it identified areas that
had no cohesive, supporting effort behind them. Analysis of these areas
identified the following gaps in the Attribute Management space:
- Definitions in the Attribute Space
- Identification of common core business activity (and matching process)
sets
- Establishing common semantics and terminology
- Identification and definition of contexts
- Agreement on a common language - Schema and Metadata
- Agreement on a standard query Language
- Interoperability between protocols
- Trust frameworks
- Defining and implementing consent
- Governance around use of attributes
The following elaborates each of these gaps including the work, if any, that
Discussion Group members were aware was happening in the area.
I removed the concept of "prioritization" from this lead paragraph because I
did not believe that the list of gaps was presented in any priority order.
Number 2 - The tag line for some of the gaps
Gap #1: Definitions in the Attribute Space - in order to clearly distinguish
between gap1 and gap3 I would suggest the tag line for gap1 become
"Terminology in the attribute space"
Gap #3: Establishing common semantics and terminology - the description of
the gap sounds (at least to me) to be concerned about ensuring everyone has
the same meaning of a specific attribute (e.g., address means the same thing
to everyone) rather than defining the terminology in the attribute
management space. As such, I would suggest the tag line become,
"Normalization and categorization of identity attributes"
Gap #6: Agreeing to a standard query Language AND Gap #7: Interoperability
between protocols - To me these seem to be tightly coupled. Both to me are
protocol related. I would suggest merging them to the following:
Gap #6: Interoperability between protocols The protocol space around
attributes is comparatively stable. Protocols such as SAML and OAuth are in
broad use and fairly well understood. PKI certificates and web services also
have strong community support and understanding. What is missing, however,
is better guidance on how exactly to use those protocols to carry attributes
and their associated metadata in a secure and interoperable fashion. In
particular, how to use these protocols in the mobile device market is an
issue. In addition, a means is needed to ask a broad set of identity
providers anything about the entities they are authoritative for. When a
service provider needs to ask dozens of identity providers across the globe
"Is this person of legal age to use my service?" the attribute space has no
answer.
Efforts in this space:
. SAML
. SAML Attribute Query (profiled)?
. OAuth
. PKI certificates
. OASIS Web Services over SOAP
. OpenID Connect
Number 3 - no recommendation for Gap #7 "Interoperability between protocols"
By merging Gap#6 and #7 this issue goes away.
Ken
Kenneth Dagg
Senior Project Co-ordinator | Coordonnateur de projet supérieur Security and
Identity Management | Sécurité et gestion des identités Chief Information
Officer Branch | Direction du dirigeant principal de l'information Treasury
Board of Canada Secretariat | Secrétariat du Conseil du Trésor du Canada
Ottawa, Canada K1A 0R5 Kenneth.Dagg@tbs-sct.gc.ca Telephone | Téléphone
613-957-7041 / Facsimile | Télécopieur 613-954-6642 / Teletypewriter |
Téléimprimeur 613-957-9090 Government of Canada | Gouvernement du Canada
-----Original Message-----
From: dg-am-bounces@kantarainitiative.org
[mailto:dg-am-bounces@kantarainitiative.org] On Behalf Of Heather Flanagan
Sent: April 4, 2012 1:46 PM
To: dg-am@kantarainitiative.org
Subject: [DG-AM] Significant cleanup of DG-AM report and some questions
Hi all -
I've been updating the draft Report based on the emails and telecons over
the last few weeks. One particular area of concern at this point is the
Recommendations section. I have highlighted which gaps the individual
recommendations covered as best I understood them, and noted that Gap #7
"Interoperability between protocols" has no associated recommendation.
So, the homework assignment for this group to be done by our next call is:
1 - review the Recommendations and provide input as to whether I matched the
appropriate Gap(s) to the individual recommendations
2 - offer feedback on the rest of the doc, the changes in language and
attempts at clarifying the overall structure
Thanks!
http://kantarainitiative.org/confluence/display/AMDG/Report+-+DRAFT
-Heather
_______________________________________________
DG-AM mailing list
DG-AM@kantarainitiative.org
http://kantarainitiative.org/mailman/listinfo/dg-am
_______________________________________________
DG-AM mailing list
DG-AM@kantarainitiative.org
http://kantarainitiative.org/mailman/listinfo/dg-am