December 19, 2017 PSAF Call
Attendees
| . | Member Name | . | Member Name | . | Member Name | . | Member Name | |||
|---|---|---|---|---|---|---|---|---|---|---|
| . | John Moehrke Security Co-chair | x | Kathleen Connor Security Co-chair | . | Alexander Mense Security Co-chair | . | Trish Williams Security Co-chair | |||
| x | Christopher Shawn] Security Co-chair | x | Suzanne Gonzales-Webb | . | Mike Davis | x | David Staggs | |||
| . | Mohammed Jafari | x | Beth Pumo | . | Ioana Singureanu | . | Rob Horn | |||
| x | Diana Proud-Madruga | x | Francsico Jauregui | . | Joe Lamy | . | Galen Mulrooney | |||
| . | Paul Knapp | . | Grahame Grieve | . | Johnathan Coleman | . | Aaron Seib | |||
| . | Ken Salyards | . | Jim Kretz | . | Gary Dickinson | x | Dave Silver | |||
| . | Oliver Lawless | x | [1] | . | David Tao | . | Nathan Botts |
Agenda
- (3 min) Roll Call, Agenda Approval
- (5 min) Review and Approval of Minutes Dec. 12th PSAF Minutes
- (55 min) Continuation of ballot reconciliation of HL7 TF4FA May Ballot Reconciliation Spreadsheet - Mike Davis & Chris Shawn.
Meeting Materials
- HL7 TF4FA May Ballot Reconciliation Spreadsheet
- PSAF Wiki
- V3 PSAF Chap 2 TF4FA Vol 1 Conceptual Model
- V3 PSAF Chap 2 TF4FA Vol 2 Behavioral Model
PSAF Minutes
- Chris Shawn cochaired.
- Informal approval of the Dec. 12th PSAF Agenda.
- PSAF Project Plan Update
- Approval of Minutes Suzanne moved, David seconded. Dec. minutes approved 7-0-0
- RE HL7 TF4F May Ballot Reconciliation - See TF4F May Ballot Reconciliation spreadsheet.
- First Block vote to approve dispositions for Items 53 (non-persuasive), 54 (non-persuasive), and 59 (persuasive with mod) - Kathleen moved, and Suzanne seconded 6-0-0. [Mohammad left call.]
- Second block vote to approve dispositions for Items 63 (persuasive), 64 (persuasive), 68 (non-persuasive), 71 (non-persuasive). Kathleen moved, and Suzanne seconded 5-0-0 [Beth left call.]
- Follow-up needed on Item 62 comment from Mark Kramer: "The word negotiation is used frequently in connection with trust services. In what sense is this a negotiation? What exactly needs to be negotiated on the fly? And if something critical is negotiated on the fly, why would anyone trust that?"
Proposed Resolution discussion: "Authors need to better define each term and their relationships, and bring back to WG. WG agrees that a more extensive definition of negotiations and how negotiations are conducted as this may complicate the ease with which run time negotiations of trust contracts is achieved. At a minimum, there needs to be an explanation of the process by which a contract offer is made and how acceptance in return for value for both parties is achieved. Also an explanation of how parties in unequal positons can be said to "negotiate" contracts of adhesion. Such clarification should reference Vol 1 where some of the requirements and aspects of negotiation are discussed in detail. However, Vol. 1 "negotiation" discussion is somewhat tautological. I.e., "The policies are negotiated (harmonized) in real-time by participating domains through a process called Policy Bridging, and agreed to via a trust contract also established at run time. This enables an interoperable domain in which an access request for protected information between domains can be processed in accordance with the agreed-upon trust contract.". [Page 10] "Policy Bridging" is defined in the Glossary as "Any policy negotiated between communicating and cooperating principals. [ASTM 2595]. Also see page 16: " Policy Resolution Trust Services: Harmonize (negotiate) the local polices of the partner authorities into a unified Federation Policy for use within the Federated Authorization Domain."The negotiations/policy bridging are discussed in detail in foundational standards: ASTM E2595, WS Trust, and ISO 22600 as referenced in Vol. 1. In TF4FA, it means finding a compromise among the higher and lower level of requirements across different trust technical and operational rules. See Vol.1 page 17: "Service negotiation establishes a set of attributes that completely describe the authorization policy of the domain supporting interoperability and a unique identifier for the trust framework. In other words, these attributes are the data describing the policy agreement. All services use security tokens to exchange the attributes specific to that service" and page 17 : "Policy resolution services harmonize (negotiate) the local polices of the partner authorities into a unified Federation Policy, which both partners agree to use without exception for all applicable access requests within the Federated Authorization Domain. A key element of the harmonization is resolution of differences between the local policies. The services do this by exchanging the partners’ class policy attributes and negotiating the highest possible level of mutual agreement between them."
- PSAF calls cancelled 12/26 and 1/2 for holidays.
- Meeting Adjourned.
