Colin,
My apologies with respect to LoA - I did miss it.
Given that LoA is a key component of Trust Frameworks I don't think that it needs a topic of its own. I am in agreement with the recommendations and would suggest that the answer to your question is yes - the experience of the IAWG should be applied to evolving the existing LoA framework and SAC to accommodate attributes.
Ken
Kenneth Dagg
Senior Project Co-ordinator | Coordonnateur de projet supérieur
Security and Identity Management | Sécurité et gestion des identités
Chief Information Officer Branch | Direction du dirigeant principal de l'information
Treasury Board of Canada Secretariat | Secrétariat du Conseil du Trésor du Canada
Ottawa, Canada K1A 0R5
Kenneth.Dagg@tbs-sct.gc.ca
Telephone | Téléphone 613-957-7041 / Facsimile | Télécopieur 613-954-6642 / Teletypewriter | Téléimprimeur 613-957-9090
Government of Canada | Gouvernement du Canada
-----Original Message-----
From: dg-am-bounces@kantarainitiative.org [mailto:dg-am-bounces@kantarainitiative.org] On Behalf Of Colin Wallis
Sent: February 27, 2012 6:38 PM
To: dg-am@kantarainitiative.org
Subject: Re: [DG-AM] AM Report Clean up (RE: REMINDER & AGENDA - DG-AM call, 28-Feb-2012)
Many thanks for the feedback Ken
Better late than never! :-)
Heather's editing and the group may have a view, but some comments from me <<inline>> below
Cheers
Colin
-----Original Message-----
From: dg-am-bounces@kantarainitiative.org [mailto:dg-am-bounces@kantarainitiative.org] On Behalf Of Dagg, Kenneth
Sent: Tuesday, 28 February 2012 10:03 a.m.
To: Colin Wallis; dg-am@kantarainitiative.org
Subject: Re: [DG-AM] AM Report Clean up (RE: REMINDER & AGENDA - DG-AM call, 28-Feb-2012)
Colin,
Some initial comments on the draft report. I realize I haven't been a part of the discussion up to now but hope to be participating on a regular basis going forward.
Missing Topic
In my mind the Level of Assurance of an attribute should be a topic. That is, beyond the criteria contained in the SAC, what factors determine the level of assurance for an attribute. Does an attribute from a provider have a higher level of assurance if it was validated a year ago rather than 5 years ago. The question is: what factors are there (including range of values) and how many of them have to be satisfied for each level of assurance.
<>
Context Topic
To me Context is a valid concept but I believe that it is only an issue for Identity Assertion Providers and is not an issue for Identity Attribute Providers or for Identity Attribute Assertion Providers. In my mind, an Attribute Provider supplies content (e.g., age is 29) while an Attribute Assertion Provider supplies assertions about content (e.g., age is valid).
My rationale is: an Identity Attribute (Assertion) Provider, as an Authoritative Party, maintains Identity Attributes to a Level of Assurance that they provide (content or assertion) upon a request from a service provider. In other words, they are either an authoritative party of an attribute or not. I'm not sure if the context in which the IAP has gathered the attribute matters to them.
Where context matters, I believe, is when Identity Assertions (as opposed to Identity Attribute Assertions) are made. In this case, the context in which they have validated an identity matters greatly in terms of the assertion it can make concerning the identity of a subject.
To me, the attribute assertion world is easier than the identity assertion world as, I believe, Identity Attribute Providers (whether they provide actual content or just assertions about content) is just an extension of credential service providers. The extension is not simple as there are several policy/legal issues (e.g., consent) that have to be addressed.
Where I believe context also matters is in the Service Provider space. However, the context in which a service provider uses Identity Attributes is set by the attributes they are allowed (legally/by policy) to gather in order to 1) uniquely identify the individual, 2) determine eligibility for the service, and 3) deliver service.
<>.
Query Language Topic
I agree with the statement, "With no standard/normative query language, there is no way to ask a broad set of identity providers anything about the entities they are authoritative for. When a service provider needs to ask dozens of identity providers across the globe "Is this person of legal age to use my service?"
To me, to satisfy this, requires the service provider to either make a "discovery" like query or, the provider, as a federation member, having metadata to describe the attributes it maintains. The query to obtain the attributes then becomes a standard protocol.
I would further suggest, given this rational, that the Query Language be merged into the Protocol section as it seems to belong there instead of being a section on its own.
<>.
Kenneth Dagg
Senior Project Co-ordinator | Coordonnateur de projet supérieur
Security and Identity Management | Sécurité et gestion des identités
Chief Information Officer Branch | Direction du dirigeant principal de l'information
Treasury Board of Canada Secretariat | Secrétariat du Conseil du Trésor du Canada
Ottawa, Canada K1A 0R5
Kenneth.Dagg@tbs-sct.gc.ca
Telephone | Téléphone 613-957-7041 / Facsimile | Télécopieur 613-954-6642 / Teletypewriter | Téléimprimeur 613-957-9090
Government of Canada | Gouvernement du Canada
-----Original Message-----
From: dg-am-bounces@kantarainitiative.org [mailto:dg-am-bounces@kantarainitiative.org] On Behalf Of Colin Wallis
Sent: February 26, 2012 7:53 PM
To: dg-am@kantarainitiative.org
Subject: [DG-AM] AM Report Clean up (RE: REMINDER & AGENDA - DG-AM call, 28-Feb-2012)
Folks
I read the latest draft over the weekend and have given it some surgery - knife, air supply (additions) and moving stuff around, getting more consistency :-).
I have left some questions and checking work to do, but I think it's better overall.
Do you agree?
http://kantarainitiative.org/confluence/display/AMDG/Report+-+DRAFT
Cheers
Colin
-----Original Message-----
From: dg-am-bounces@kantarainitiative.org [mailto:dg-am-bounces@kantarainitiative.org] On Behalf Of Heather Flanagan
Sent: Sunday, 26 February 2012 11:17 a.m.
To: dg-am@kantarainitiative.org
Cc: don.thibeau@openidentityexchange.org
Subject: [DG-AM] REMINDER & AGENDA - DG-AM call, 28-Feb-2012
Hi all -
Just a reminder: we have our Attribute Management Discussion Group call this Tuesday. Agenda is online in detail, with summary below.
http://kantarainitiative.org/confluence/display/AMDG/AMDG+Meeting+Agenda+201...
* *Date:* Tuesday, February 28, 2012 (?)
* *Time:* 11h PT / 14h ET / 19h UTC
* Dial in: * Skype: \+99051000000481 * US Dial-In: \+1-805-309-2350 \| Room Code: 613-2898
AGENDA:
1. Administrative
a. Roll Call
b. New member introduction - no new members
c. Agenda confirmation
d. Action item review
2. Discussion
a. Report
b. OIX-AX (guest, Don Thibeau)
c. Meeting March 13?
_______________________________________________
DG-AM mailing list
DG-AM@kantarainitiative.org
http://kantarainitiative.org/mailman/listinfo/dg-am
====
CAUTION: This email message and any attachments contain information that may be confidential and may be LEGALLY PRIVILEGED. If you are not the intended recipient, any use, disclosure or copying of this message or attachments is strictly prohibited. If you have received this email message in error please notify us immediately and erase all copies of the message and attachments. Thank you.
====
_______________________________________________
DG-AM mailing list
DG-AM@kantarainitiative.org
http://kantarainitiative.org/mailman/listinfo/dg-am
_______________________________________________
DG-AM mailing list
DG-AM@kantarainitiative.org
http://kantarainitiative.org/mailman/listinfo/dg-am
====
CAUTION: This email message and any attachments contain information that may be confidential and may be LEGALLY PRIVILEGED. If you are not the intended recipient, any use, disclosure or copying of this message or attachments is strictly prohibited. If you have received this email message in error please notify us immediately and erase all copies of the message and attachments. Thank you.
====
_______________________________________________
DG-AM mailing list
DG-AM@kantarainitiative.org
http://kantarainitiative.org/mailman/listinfo/dg-am