idesg security committee charter update. objectives the security committee is responsible for...
TRANSCRIPT
IDESG Security Committee
Charter Update
Objectives
• The Security Committee is responsible for defining a Security Model for the Identity Ecosystem Framework. This Security Model will be used to evaluate capabilities of the Identity Ecosystem components, such as confidentiality, authentication, non-repudiation, integrity, and availability.
• The Security Committee shall identify security gaps in the Identity Ecosystem Framework and make recommendations to remedy them.
Comment Dispositionversion 12_20_13 submitted to Plenary
version 10_15_12 reviewed by MC
Source of comment Comment Proposed Disposition IESG Security Committee
Approved DispositionPlenary guidance – November 2012
Change Working Group to Committee throughout
Done.
Plenary guidance – November 2012
Update references to other Committees
Done.
Plenary guidance – November 2012
Include explicit reference to other Committee with which the Security Committee is expected to have a liaison relationship.
Done.
Source of comment Comment Proposed Disposition IESG Security Committee
Approved Disposition
Plenary guidance – November
2012
Incorporate adopted Rules of Association
Done. Additional Security
Committee provision was added:
“In the event that consensus cannot be
achieved in a meeting, an electronic 7-day ballot
shall be issued subsequent to the meeting. Only
Voting Members that have attended two out of the
four meetings that precede the issuance of such a
ballot shall be eligible to vote. Such an electronic
ballot shall require at least 50% affirmative votes to
pass.”
Management Council Review
I am glad to see issues other than
confidentiality getting some airtime in this
charter – but the committee must be
vigilant to ensure that those other issues
(resilience, assurance, etc) actually find their
way to final work products
The Security Committee Scope (in lines 19-26 of version
12_20_12) is intended to be an
illustrative, but not exhaustive, list.
No change.
Source of comment Comment Proposed Disposition IESG Security Committee
Approved Disposition
Management Council Review
It is unclear how this committee will work
with SDOs and how the liaison process will
work. This is not necessarily a critique of this charter, but more of a general point for the IDESG committees as a
whole.
This is clarified in the Liaison section on
lines 70-86 of version 12_20_12.
No change
Management Council Review
One thing missing from this charter is an explicit
and ongoing call to evaluate IDESG work products against the
principles this committee plans on
drafting.
Covered in the language of the second Objective of the Security Committee (lines 16-17 of version
12_20_12).
Security Committee
Agendas should be posted one week in
advance. Done.
Security Committee
Charter should include Strength of
authentication and attributes
Covered in Security
Committee scope language lines 20-22.
Security Committee Patent Policy
Patent Policy should be included in
Charter.
Next Steps
• Incorporation of Patent Policy in Charter– Electronic ballot to Security Committee on Charter– 14-day ballot to be issued February 8 2013– …