This was a joint meeting of the Identity Management Forum and the
Security Forum.
Introductions & Agenda Review
Ian Dobson (The Open Group staff Director of the Identity Management Forum) welcomed
attendees to the meeting, and after a round of introductions he
presented the proposed agenda for the
Identity Management Forum part of the meeting, which was
approved.
He then gave a brief overview of the past and present activities of
the Identity Management Forum by reviewing the IdM Forum web site - aided by the only
attendee in our Paris meeting who had managed to capture an IP address. In the process he
noted a few updates to the web page which he will apply.
Security Program
Several members had picked up from the Security Program table in the
exhibitors area a new leaflet describing the Identity Management
Forum, which is one of four areas of activity on
information security which fall under the direction of Ian Dobson:
- Security Forum
- Identity Management Forum
- Jericho Forum
- Critical Infrastructure Enterprise Architectures Work Group
The new leaflets on all these Forums and WG are available from The Open
Group Online Bookstore at www.opengroup.org/bookstore/catalog/t_is.htm.
ISO JTC1 SC27 WG5: Framework for IdM and Guide to Privacy
The Open Group Security Forum has established Category C liaison
status with ISO JTC1 WG5, specifically to contribute and influence the
development of the ISO work on developing a standard for a Framework for
Identity Management. We have also established a direct channel of
communication with INCITS CS1 in North America, which is also
contributing to this ISO JTC1 standards work. The WG5 has recently
extended their scope in this work area to create a 3-part standard
covering Biometrics, the Framework for Identity Management, and Privacy
- BIP.
While the Security Forum has no currently declared member interest in
working on biometrics, we certainly do on Privacy, so our review in this
Paris meeting covered both the Framework for IdM and the Privacy parts.
All these draft documents:
- SC27 BIP: N5515 - Authentication Context for Biometrics
- SC27 BIP: N5517 - A Framework for Identity Management
- SC27 BIP: N5519 - A Privacy Framework
are available from the Identity Management Forum's Plato web site,
entered on 02-Feb-07 (see www.opengroup.org/projects/idm/protected/).
Ian will collate all the comments gathered during this review of the
ISO JTC1 latest drafts on the Framework for IdM and the Privacy
documents, and
submit them to ISO JTC1 through our Category C liaison channel, with
copy to the Security Forum members and to INCITS CS1.
ITU-T SG17 Liaison
In our previous meeting (San Diego, January 2007), members received a
report and summary presentation (see www.opengroup.org/public/member/proceedings/q107/30IM.htm)
on a new initiative in ITU-T SG17, to
develop standards and best practice guides on Identity Management
interoperability/interworking, common data models, discovery, privacy, and
governance. Members received an invitation to participate in this ITU-T
SG17 activity, as a group from the Identity Management Forum, or as
individuals representing their own organizations, or as subject-expert
individuals. The San Diego meeting established that we would not
participate as an IdM Forum, and that members should make their own
arrangements to participate in ITU-T SG17 as they wish. Ian reported
that he had requested a status report from ITU-T SG17 on their progress
to date, but has not yet received a reply. He will share all feedback
with IdM Forum members as and when it becomes available.
Common Core Identifiers
Ian reported that the deliverables from this project are now all
approved for publication. They comprise:
- CCI Business Scenario
- CCI Framework
- CCI Matrix and Recommendations
Ian projected a recent draft of the Matrix and Recommendations
document the explain the nature of this deliverable,
noting that the recommended identifier is XRI, with UUID pair being an
alternative.
The CCI project members, which include collaboration with the Network
Applications Consortium (NAC) and the Distributed Management Task Force
(DMTF), do not wish to continue further development work on this topic,
but are content for The Open Group to exploit it in other standards
arenas. Accordingly, Ian has approval to take it to ISO JTC1 under our
Category C liaison, to invite their interest in using the CCI
deliverables as a basis for a Core Identifiers standard or similar.
European Commission FP7 Bid
The European Commission has issued their call for bids against their
information technology Framework Program 7 (FP7) on Digital Identity
& Security. Having invited interest from IdM Forum members, no declarations
of interest have been offered. The closing date for
declaring interest in submitting an FP7 bid is May 8th 2007. Accordingly,
unless a member does submit an FP7 bid for approval by IdM Forum members
by that date, the IdM Forum has no FP7 bids that it will be supporting.
Privacy through Domains of Identity
In our previous meeting (San Diego, January 2007) we had a
well-supported discussion on this topic - see the San Diego Security
Forum meeting report at www.opengroup.org/public/member/proceedings/q107/30IM.htm for a summary of the issues and discussion. This
item was included in our Paris meeting agenda as a placeholder to
facilitate members continuing the discussion, and
perhaps exploring opportunities for developing a project based on it. In
the event, the member who proposed and presented this topic in San Diego
was unable to join the Security Forum meeting. Accordingly, Ian will follow up
to establish interest from the original proposing member in playing a
lead role in any new project based on this topic, and then invite
declarations of support for contributing to it from the members of the
Identity Management Forum and Security Forum.
