IDESG Security Committee

Charter Update

Objectives

• The Security Committee is responsible for defining a Security Model for the Identity Ecosystem Framework. This Security Model will be used to evaluate capabilities of the Identity Ecosystem components, such as confidentiality, authentication, non-repudiation, integrity, and availability.

• The Security Committee shall identify security gaps in the Identity Ecosystem Framework and make recommendations to remedy them.

Comment Dispositionversion 12_20_13 submitted to Plenary

version 10_15_12 reviewed by MC

Source of comment Comment Proposed Disposition IESG Security Committee

Approved DispositionPlenary guidance – November 2012

Change Working Group to Committee throughout

Done.

Plenary guidance – November 2012

Update references to other Committees

Done.

Plenary guidance – November 2012

Include explicit reference to other Committee with which the Security Committee is expected to have a liaison relationship.

Done.

Source of comment Comment Proposed Disposition IESG Security Committee

Approved Disposition

Plenary guidance – November

2012

Incorporate adopted Rules of Association

Done. Additional Security

Committee provision was added:

“In the event that consensus cannot be

achieved in a meeting, an electronic 7-day ballot

shall be issued subsequent to the meeting. Only

Voting Members that have attended two out of the

four meetings that precede the issuance of such a

ballot shall be eligible to vote. Such an electronic

ballot shall require at least 50% affirmative votes to

pass.”

Management Council Review

I am glad to see issues other than

confidentiality getting some airtime in this

charter – but the committee must be

vigilant to ensure that those other issues

(resilience, assurance, etc) actually find their

way to final work products

The Security Committee Scope (in lines 19-26 of version

12_20_12) is intended to be an

illustrative, but not exhaustive, list.

No change.

Source of comment Comment Proposed Disposition IESG Security Committee

Approved Disposition

Management Council Review

It is unclear how this committee will work

with SDOs and how the liaison process will

work. This is not necessarily a critique of this charter, but more of a general point for the IDESG committees as a

whole.

This is clarified in the Liaison section on

lines 70-86 of version 12_20_12.

No change

Management Council Review

One thing missing from this charter is an explicit

and ongoing call to evaluate IDESG work products against the

principles this committee plans on

drafting.

Covered in the language of the second Objective of the Security Committee (lines 16-17 of version

12_20_12).

Security Committee

Agendas should be posted one week in

advance. Done.

Security Committee

Charter should include Strength of

authentication and attributes

Covered in Security

Committee scope language lines 20-22.

Security Committee Patent Policy

Patent Policy should be included in

Charter.

Next Steps

• Incorporation of Patent Policy in Charter– Electronic ballot to Security Committee on Charter– 14-day ballot to be issued February 8 2013– …