Meeting Notes 2023-10-31

## Attendees - David Brossard - Allan Foster - Mike L - Phil Hunt - Steve Venema - Alex B. - Gail Hodges - Dani Katzman - Lenah Chacha - Mark Haine - Omri Gazitt - Roland Baum - Atul T. - Sean O’Dell - Eve M ## Agenda - update on the github set up - Comments on the call we had with CISA today - Atul & Gail - List of docs/sources of terminology to the call tomorrow - Eve - Updates on discussions with EIC and Identiverse planners? - Allan - Collecting the existing PEP/PDP standards and interfaces. For instance XACML JSON, Rego, Cedar ## Notes - CISA Update - Feedback from Grant Dasher/ CISA yesterday: Key Challenge: Ambiguous MFA terminology - Recommendations: Create standard MFA terminology that provides clear, interoperable, and standardized definitions and policies allowing organizations to make value comparisons and to integrate these solutions into their environment. - Map products to NIST requirements such as those articulated in NIST SP 800- 63 Digital Identity Guidelines. - FIDO/ OIDF Alignment on (ideally existing) terms used in AuthZEN WG from 800-63, W3C) - Consider alignment from AuthZEN WG to 800-63 -4 where appropriate for US implementers - Github update - Atul transitioned his repository to the OIDF repository. - https://github.com/openid/authzen/ - Mike L. invited co-chairs to be admins of the github repository - Github issues will be forwarded to the mailing list (Mike L.) - Licensing set up correctly - Need to add CONTRIBUTING.md to GitHub e.g. https://github.com/openid/OpenID4VP/blob/main/CONTRIBUTING.md - Eve’s update - Looked at sources e.g. IDPro, IETF - Eve included terms from the OAuth realm that do not follow the P*P terminology. - We should include terminology from the graph world - File shared (xlsx on the mailing list) - Slack - Atul created a Slack channel - [Channel link](https://app.slack.com/client/TBB85A45B/C0630873JGK) - Mike: I’ll get current mail list subscribers invited to the Slack channel this week. - Documentation - Atul: in the Shared Signals WG, we’ve also used hackmd.io for collaborative markdown documents - Conference engagement - EIC update: Allan reached out to Joerg Resch. We will need to send a list of panelists by the beginning of the year. - We have a reserved spot - Identiverse: waiting to hear back from Andi - Existing PEP/PDP standards and interfaces - Let’s start from the work Atul & others did in the github AuthZAPI repository - Let’s provide feedback through issues on the github repo - Let’s use the same model as Shared Signals - Ask from Sean O’Dell, Disney - Request to become an additional co-chair - Useful links - https://pure.royalholloway.ac.uk/en/publications/completeness-in-languages-for-attribute-based-access-control - https://www.sciencedirect.com/science/article/abs/pii/S1383762122001539 - Keeping meeting notes - Shared Signals uses hackmd.io → should we use the same? - License limitations? ## Action items - Co-chairs to send their github usernames to Mike - Mike to invite ML members to the Slack channel - All to file issues in github for PEP/PDP work - Eve to take the lead on terminology and reconvene in December - Alex to publish the design patterns document as markdown in the github repository