EUGridPMA meeting. Kyiv. Day 3 - 15 May 2013 -------------------------------------------- Present remotely: Vladimir, Miroslav, Cosmin, Jens. 1. Continue work on the Credential Stores guidelines Starting from the section on Publishing During discussion on the Compromise and disaster recovery section we realise that we probably do not have a requirement for CAs to inform EUGridPMA when they have an incident. This should be added (perhaps to the top-level federation document). Compliance statements should be time-limited. We need to add such a validity period statement also to the AASP document. Would be useful to have an IGTF Glossary document so we can remove all need for definitions in the individual documents. Agreement that a STS profile should be a separate document. It is different from a CS in that an STS has no database/store. We could at some point consider taking common text out of the many documents (e.g. operational details and physical security) into a single document and then just refer to that. First draft of CS guidelines now complete - very good work! 2. IGTF test suite. Cosmin joins remotely. DavidG shows the wiki details from the Rome meeting and explains the aim of this. Developers would like certificates from all IGTF CAs to be able to do full testing. This is not possible, so IGTF is considering implementing a test suite covering the diversity of the IGTF certificates. https://wiki.eugridpma.org/Main/IGTFTestSuite At this point we are looking for more edge-cases and a validation of the test quite requirements. Action/request to all. Please send examples of EE certificates - one for humans, one for servers, one for robots - as well as edge-cases known to cause problems (private keys not required!). If you see items which are wrongly expected to pass - please edit the wiki table. The aim is to produce a test environment with the same number of test CAs as the IGTF distribution and serving the same namespaces. --- coffee break --- Jens joins remotely. He states that he may have access to a summer student to work on the IGTF test suite. 3. Soap Box - Jens No slides. Wants to talk about innovation in IGTF and the Identity Management world. OpenID, Oauth, X.509 and various bridging etc. We also innovate in the policy space. We are scientists and engineers and like to improve things. What are the barriers to innovation? Inertia. (e.g. 10 years of wanting to move to UTF8). Can we be more targeted in our aims. SHA-2 is a good example of this. Can we define a common goal for PKP, for example? Lack of effort, funding and skills is another barrier to innovation. Too much innovation can remove the warm and fuzzy feeling that comes from stability. Other issues: trust, distributed teams (across IGTF), the need to change IGTF rules, why can't we all issue robot certificates? Proposes would be good to have a workshop to look at sharing code development (e.g. OpenCA and various tools). Jens thinks we need more control on deciding where we should innovate. Is IGTF a single project which can define better its goals and aims? If so we need better processes to agree future developments. Should include a slot on the regular IGTF agendas. DaveK: You don't consider Stakeholder buy-in and User requirements. They want improved usability - we are only slowly addressing these. Unfortunately SHA-2 and IPv6 are coming from us not from the user communities. DavidG: much is due to us being mainly a policy group and not a technical development group. Would be good to have public sessions, e.g at OGF. Agree that we will aim to do something along these lines at the January 2014 meeting at RAL. 4. Wrap-up DavidG: A very well organised meeting and a big thank you to NTUU-KPI for hosting, for the meeting room and the local arrangements Next meeting: 9-11 Sep 2013 in Bucharest. Then RAL, UK in mid January 2014 - dates to be fixed. --- meeting closes at 12:10 -------