Re: [DG-AM] Significant cleanup of DG-AM report and some questions

Very very good feedback. It has been incorporated in to the doc. -Heather ----- Original Message ----- From: "Salvatore D'Agostino" To: "Kenneth' 'Dagg" , "Heather Flanagan" , dg-am@kantarainitiative.org Sent: Wednesday, April 4, 2012 12:29:23 PM Subject: RE: [DG-AM] Significant cleanup of DG-AM report and some questions Ken, Heather tremendous! Gap 6, I think we want to identities as opposed to entities below In addition, a means is needed to ask a broad set of identity providers anything about the entities I would add SCIM to efforts Regards, Sal -----Original Message----- From: dg-am-bounces@kantarainitiative.org [mailto:dg-am-bounces@kantarainitiative.org] On Behalf Of Dagg, Kenneth Sent: Wednesday, April 04, 2012 3:10 PM To: 'Heather Flanagan'; dg-am@kantarainitiative.org Subject: Re: [DG-AM] Significant cleanup of DG-AM report and some questions Heather, Fantastic job!!!! In reworking the report you have enabled me to identify some points that before your reorganization I couldn't put my finger on. Number 1 - The relationship between the identified requirements and the gaps It appears to me, though I could be convinced otherwise, that the requirements section is a bit of an orphan. In reading it a couple of times I thought that it overlapped with the gaps in a lot of ways. To that end, I would suggest that the entire "Identifying Requirements for Attribute Management" section be removed. I also suggest that the lead paragraph for the gap analysis section become the following: During the work conducted by the Discussion Group it identified areas that had no cohesive, supporting effort behind them. Analysis of these areas identified the following gaps in the Attribute Management space: - Definitions in the Attribute Space - Identification of common core business activity (and matching process) sets - Establishing common semantics and terminology - Identification and definition of contexts - Agreement on a common language - Schema and Metadata - Agreement on a standard query Language - Interoperability between protocols - Trust frameworks - Defining and implementing consent - Governance around use of attributes The following elaborates each of these gaps including the work, if any, that Discussion Group members were aware was happening in the area. I removed the concept of "prioritization" from this lead paragraph because I did not believe that the list of gaps was presented in any priority order. Number 2 - The tag line for some of the gaps Gap #1: Definitions in the Attribute Space - in order to clearly distinguish between gap1 and gap3 I would suggest the tag line for gap1 become "Terminology in the attribute space" Gap #3: Establishing common semantics and terminology - the description of the gap sounds (at least to me) to be concerned about ensuring everyone has the same meaning of a specific attribute (e.g., address means the same thing to everyone) rather than defining the terminology in the attribute management space. As such, I would suggest the tag line become, "Normalization and categorization of identity attributes" Gap #6: Agreeing to a standard query Language AND Gap #7: Interoperability between protocols - To me these seem to be tightly coupled. Both to me are protocol related. I would suggest merging them to the following: Gap #6: Interoperability between protocols The protocol space around attributes is comparatively stable. Protocols such as SAML and OAuth are in broad use and fairly well understood. PKI certificates and web services also have strong community support and understanding. What is missing, however, is better guidance on how exactly to use those protocols to carry attributes and their associated metadata in a secure and interoperable fashion. In particular, how to use these protocols in the mobile device market is an issue. In addition, a means is needed to ask a broad set of identity providers anything about the entities they are authoritative for. When a service provider needs to ask dozens of identity providers across the globe "Is this person of legal age to use my service?" the attribute space has no answer. Efforts in this space: . SAML . SAML Attribute Query (profiled)? . OAuth . PKI certificates . OASIS Web Services over SOAP . OpenID Connect Number 3 - no recommendation for Gap #7 "Interoperability between protocols" By merging Gap#6 and #7 this issue goes away. Ken Kenneth Dagg Senior Project Co-ordinator | Coordonnateur de projet supérieur Security and Identity Management | Sécurité et gestion des identités Chief Information Officer Branch | Direction du dirigeant principal de l'information Treasury Board of Canada Secretariat | Secrétariat du Conseil du Trésor du Canada Ottawa, Canada K1A 0R5 Kenneth.Dagg@tbs-sct.gc.ca Telephone | Téléphone 613-957-7041 / Facsimile | Télécopieur 613-954-6642 / Teletypewriter | Téléimprimeur 613-957-9090 Government of Canada | Gouvernement du Canada -----Original Message----- From: dg-am-bounces@kantarainitiative.org [mailto:dg-am-bounces@kantarainitiative.org] On Behalf Of Heather Flanagan Sent: April 4, 2012 1:46 PM To: dg-am@kantarainitiative.org Subject: [DG-AM] Significant cleanup of DG-AM report and some questions Hi all - I've been updating the draft Report based on the emails and telecons over the last few weeks. One particular area of concern at this point is the Recommendations section. I have highlighted which gaps the individual recommendations covered as best I understood them, and noted that Gap #7 "Interoperability between protocols" has no associated recommendation. So, the homework assignment for this group to be done by our next call is: 1 - review the Recommendations and provide input as to whether I matched the appropriate Gap(s) to the individual recommendations 2 - offer feedback on the rest of the doc, the changes in language and attempts at clarifying the overall structure Thanks! http://kantarainitiative.org/confluence/display/AMDG/Report+-+DRAFT -Heather _______________________________________________ DG-AM mailing list DG-AM@kantarainitiative.org http://kantarainitiative.org/mailman/listinfo/dg-am _______________________________________________ DG-AM mailing list DG-AM@kantarainitiative.org http://kantarainitiative.org/mailman/listinfo/dg-am