*FOO Conference Call*
February 12, 2003

*Participants*
Ken Klingenstein -- University of Colorado/Internet2(chair)
Steven Carmody -- Brown University
Bob Chmura -- General Motors
Brendan Dixon -- Microsoft
Renee Frost -- University of Michigan/Internet2
Keith Hazelton -- University of Wisconsin
Ingrid Melve -- UNINETT
Bob Morgan -- University of Washington
Eliot Solomon -- Securities Industry Middleware Council, Inc.
David Wasley -- University of California Office of the President
Nate Klingenstein -- Internet2 (scribe)

*Discussion*
The call opened with a brief discussion on the roll of government in the anchoring of federation and identity, triggered by a recent paper by Lessig and Mundie. Familiar themes in identification such as privacy, revocation, and trust chains are not currently well-managed in the chief tools for governmental identifiers: state-issued identity cards and passports. This was agreed as fertile ground for future exploration.

Another interesting proposition arising near the end of the call is that of where and how data is stored. If a user were given a virtual folder of credentials issued by known entities, but the folder were otherwise unaffiliated with any origins or targets, this would look from a technical implementation very much like an origin, while it would have none of the trust relationship in place. This is a generalization which may prove very powerful and useful to users someday, but which has been mostly unexplored. The group noted it as a very rich vein for future exploration.

EU Article 29 Working Party Ruling
The European Union recently made an interpretation on Rule 29 that has significant impact on the structure of Microsoft Passport and potentially many other federations, though the Liberty Alliance believes their specs are compliant. Ingrid noted that especially given that the EU privacy laws apply to all citizens of the EU regardless of where other participants reside, this issue will likely come into play for most federations. Eliot observed that it was of relatively little concern to a federation structured like SIMC is investigating, since their federation only provides the infrastructure to connect the firms. Much of the federation is instead done at the target, which both aggregates content and makes specific relationships with origins to access the information.
In many ways, the ruling is a very strong privacy stance, and is oriented towards allowing user control of attribute release. There is discussion of unique identifiers, and restrictions on the use of pseudonyms and their federation. Ingrid observed several vague spots in the ruling; there is no discussion of its application in other environments, such as a workspace or single organization.
Additionally, ownership of data about employees and students remains unclear. Ken requested more information on how Passport was being expanded to address these issues, and [AI] Brendan offered to find an appropriate name for Ken to contact.

Federating Information and Targets
Eliot reported on the interesting evolution of ideas at a recent SIMC meeting (see minutes and presentations at http://www.simc-inc.org/) by saying that progress is "like a soap opera: lots of things happen, but none of it really counts." Originally, a trader would have many monitors representing many informational streams on the desk, before the innovation of a video switch which allows for many streams to be alternated to a single monitor. This technique is recapitulated in the way the securities industry currently federates the information providers with a single point of access rather than the federation of origins as in a Liberty Alliance evolution.
One noted restriction of this approach is that users will often have to be assumed as a homogenous mix of the target audience, which is sometimes insufficient for specialized content providers who release different information to different people.
He remarked how interesting it was that "the problem wasn't just a federation problem, but an information management problem." Sometimes just providing access to a variety of services with a single login is insufficient, regardless of how transparent the process may be. "As the barriers break down between here and there, the other barriers will become more obstructive and apparent." This highlights the importance of keeping in mind what the goals are of providing federation rather than simply putting it in place.

Risk Management
Observing that there were two fundamental types of risk, Eliot saw different protections needed for different transactions. He classified risk as being either informational, in which the danger is the loss of revenue to the creator of the information and value of the information itself the broader it's available, and transactional risk, where there's an actual exchange of information, possessions, or other materials. Transactional risk is more tangible and needs to be settled in a number of days if there is a violation.
David felt that federations may sometimes not cover risk very well because of the need for one party to accept and trust assertions issued by another with limited information, whereby it is difficult to find which party is culpable. He noted that there are many things besides identity which are required to consummate a transaction which may be either implicit or left out of the transfer of information between federation members. Federations span a wide space from contractual multilateral business relationships to a set of organizations who agree to share information with a common syntax and semantics.
An important aspect of the trust of a federation is a reasonable degree of comfort in the assertions passed around by other federation members. Depending on the type and scope of the risk involved, the amount of assurance needed for any given transaction may vary. This relates to a problem in PKI where multiple levels of assurance are often necessary and must be somehow leveled with one another, which has proven fairly intractable.

*Action Items*
1. Brendan offered to find a contact for Ken within the Passport team to determine the scope of the impact and modifications related to the EU Article 29 Working Party's ruling.