BIAS Integration TCMeeting #1

Meeting #1 - TeleconMeeting #1 - Telecon

16 March 200616 March 2006

© OASIS 2005

Agenda Administrative

Call to order Membership, Attendance, & Introductions Appointment of note taker

TC business TC rules TC charter Election of officers

BIAS project description Background INCITS collaboration Joint workshop overview

© OASIS 2005

Agenda (cont’d) Project plans

Review & comment on INCITS document(s) M1/06-0127

Specification outline Schedule

Project schedule Meeting schedule

TC plans New business Action items Adjourn

© OASIS 2005

Membership(corrected slide)

Members Who have signed up timely Who have org approval where applicable Who attend first meeting

Joining later works also Voting vs. Non Voting (attendance) Observer vs. Member

© OASIS 2005

TC Rules TC Formation

Minimum membership: 5 voting members from at least 2 member organizations

Process: Submit charter Within 15 days: post charter, call for participation,

and 1st meeting announcement TC membership

Per person (not organization) Categories: Observer, member, voting member

© OASIS 2005

TC rules (cont’d) First meeting

Min. membership within 15 days of 1st meeting Become voting member @ 1st meeting Min. membership must attend 1st meeting as

voting members TC must elect a chair from nominations made

by voting members at 1st meeting May also elect a secretary

© OASIS 2005

TC rules (cont’d) Voting membership/rights

After 1st meeting, members obtain voting rights at close of 2nd meeting attended

Lose rights if miss >2 consecutive meetings or ballots

Voting Most votes – simple majority (50% VMs) Committee spec – special majority (2/3 VM +

<1/4 no) Electronic balloting

© OASIS 2005

TC rules (cont’d) TC procedures

Roberts rules Standing rules can be adopted by majority

vote Subcommittees

TC may create SCs as needed IPR

TC must follow OASIS IPR policies

© OASIS 2005

TC rules TC meetings

Must be properly called and scheduled in advance using OASIS collaborative tools

Face-to-face or via telecon (or other electronic media)

Minutes must be recorded and published to TC email list and TC webpage

Quorum: >= ½ voting members

© OASIS 2005

TC rules Document progression

Working draft (WD) Any format

Committee draft (CD) Full majority vote

Public review drafts Full majority vote, announced by TC admin,

call for IPR, substantive changes require 2nd PR

Committee specifications Special majority vote (to submit to OASIS

membership for ballot) OASIS standard

Editable source+ PDF

© OASIS 2005

TC rules Specification quality

Use OASIS file naming scheme Include OASIS copyright notice Use OASIS document template Include list of people who participated in the

development Submit to electronic repository All schema and XML instances must be well

formed Spec may be composed of >1 file

© OASIS 2005

TC rules http://www.oasis-open.org/committees/

process.php 9 August 2005

© OASIS 2005

TC Chartera. TC Name

OASIS Biometric Identity Assurance Services (BIAS) Integration Technical Committee

b. Statement of purpose

The Biometric Identity Assurance Services (BIAS) project of Committee M1 [of INCITS (the InterNational Committee for Information Technology Standards, www.incits.org)] is intended to provide the biometrics and security industries with a documented, open framework for deploying and invoking [biometric] identity assurance capabilities that can be readily accessed as services. The [OASIS BIAS integration] TC is intended to define and describe methods and bindings by which that [INCITS] BIAS framework [of services], and elements of it, can be used within XML-based transactional Web services and service-oriented architectures.

It is expected that the two initiatives will inform and improve each other: BIAS should significantly increase the functional opportunities for implementing security and other identity related functions in XML-based systems; and presently-developed SOA methods for exchanging information, transactions and security data may provide useful methods, constraints and patterns for the broader and more robust use of BIAS data.

© OASIS 2005

TC charter (cont’d)c. Scope of work

The TC will specify a set of patterns and bindings for the implementation of [the proposed taxonomy of] BIAS [functional operations as they are developed and defined], using Web services and service-oriented XML methods.

The TC will review, and if appropriate recommend enhancements to, the definitions and taxonomies of [those] BIAS operations, to leverage known information exchange and assurance patterns (such as message reliability

acknowledgments) and functions (such as repository use and calls) arising in service-oriented systems, and potentially to leverage those functions and features that already are embedded in existing SOA methods and standards.

The TC will not implement actual software products or solutions based on the specifications developed along the course of work of this group.

© OASIS 2005

TC charter (cont’d)d. Deliverables

* Preliminary mapping of draft BIAS functions to SOA standards and patterns: approximately 2 months from TC launch (or 1 month from BIAS first working draft, if later)

* (optional) Feedback to draft taxonomy of BIAS operations may be produced as appropriate upon receipt of drafts from INCITS M1: approximately 1month from INCITS issuance of first and subsequent working drafts

* (optional) Revised mapping of draft BIAS functions to SOA standards andpatterns: approximately 1 month from INCITS issuance of first and subsequent working

drafts* (optional) Revised feedback and commentary on taxonomy of BIAS functions:

approximately 1 month from INCITS issuance of final BIAS version for public review taxonomy

* Final mapping of BIAS functions (and any extensions) to SOA standards andpatterns: approximately [2 months] from INCITS issuance of final BIAS version for

public review taxonomy. This [will be the ultimate version intended for promulgation along with the final BIAS taxonomy, and potentially for co-submission to other bodies for further approvals.]

* Technical Reports and White Papers may be drafted as appropriate, e.g., should an implementation issue arise that is of particular interest or requires further study.

© OASIS 2005

TC charter (cont’d)e. IPR Mode

TC will operate under "RF on Limited Terms" mode.

f. Anticipated audience/users

The anticipated audience for this work includes all OASIS Web Service, ebXML and SOA-oriented TCs, all OASIS security-oriented TCs, other standards groups pursuing similar work, biometrics and security function research and interest groups, SOA architects and programmers, vendors and users.

g. Language in which the TC will conduct business

English. The TC may elect to form subcommittees that produce localized documentation of the TC's work in additional languages.

© OASIS 2005

TC charter (cont’d)Informational Materiala. Related WorkClose liaison will be required with the following INCITS TC since the services to be

integrated are being defined therein:INCITS M1 - Biometrics TC

Additionally, within OASIS, all [TCs that produce specifications that may consume security services[ are the primary target of this work. (The BIAS integration work will leverage work and deliverables from these groups as needed [as well].) It is anticipated that liaisons may be needed [with and/or work may be re-used from] multiple SOA-related Technical Committees [including] such as the following:

OASIS SOA Reference Model TCOASIS SOA Adoption Blueprints TCOASIS FWSI TCOASIS Web Services Security TCOASIS WS-SX TCOASIS Security Services (SAML) TCW3C XML Protocol (SOAP) Working GroupW3C [WS Description] (WSDL) Working Group CEN/ISSS Biometrics working teams Liberty Alliance

OASIS XACML TCOASIS ebXML Registry TCOASIS UDDI TCOASIS SOA Adoption Blueprints TCOASIS ebXML Messaging TCOASIS WSRM TCOASIS WS-RX TCOASIS XBCF TC

© OASIS 2005

TC charter (cont’d)b. Anticipated Contributions

INCITS BIAS [model] (for comment and augmentation; taxonomy remains with INCITS). [This is a work in progress. See first preliminary draft posted by Committee M1 for public comment at http://www.incits.org/tc_home/m1htm/docs/m1060127.pdf]

c. First Meeting

Date: [16] March 2006Time: [11:00 am Eastern US]Type: TeleconferenceCall-in data: To be announced to sign-up listSponsor: [Daon]

d. Meeting Schedule

The expected meeting schedule will be monthly conference calls as well as quarterly Face-to-Face meetings, pending approval and adoption by the TC. Sponsors will be drawn from the TC membership.

© OASIS 2005

TC charter (cont’d)e. Proposers

Young Bang, bang_young@bah.com, Booz Allen Hamilton Dustin Best, dbest@saflink.com, SAFLINK Charles Li, charles_li@raytheon.com, Raytheon John Mayer-Splain, john.mayer-splain@mitretek.org, Mitretek Dwayne Mercredi, dmercredi@saflink.com, SAFLINK Matthew Swayze, matt.swayze@daon.com, Daon Guy Swope, guy_swope@raytheon.com, Raytheon Paul Thorpe, thorpe@oss.com, OSS Nokalva Catherine J. Tilton, cathy.tilton@daon.com, Daon Alessandro Triglia, sandro@oss.com, OSS Nokalva Brad Wing, bradford.wing@dhs.gov, DHS Gregory Zektser, Zektser_gregory@bah.com, Booz Allen Hamilton

f. TC Convener

Cathy Tilton, cathy.tilton@daon.com, Daon

g. Proposed Chair(s)

Cathy Tilton, cathy.tilton@daon.com, Daon

© OASIS 2005

Officers Election of officers

Chair Secretary

Appointments Project editor

© OASIS 2005

BIAS project description Background

Collaboration discussions began in October 2005 At INCITS/OASIS executive level

Collaboration document drafted outlining approach and general procedures

INCITS project approved Oct05 & revised Dec05 Approved by executive board Jan06

OASIS submitted liaison request to INCITS – approved Dec05 OASIS BIAS Integration TC charter drafted Dec05 & posted

Feb06 6 OASIS member organizations (12 individuals) signed up as

proposers TC launch meeting 15 Feb Call for participation out

OASIS/INCITS joint workshop held 24 Feb 06

© OASIS 2005

Accelerating sophistication Biometric systems and customers are becoming more

sophisticated Increased interest in and utility of biometrics

Government & commercial, but mostly driven by the former at present

Large, complex systems Enterprise architectures built on the SOA model &

standards Emphasis on data sharing & reuse of resources/services The need for vendor independence, multiple sources

Departure from custom solutions Embracing of open systems, standards

Interoperability requirements

© OASIS 2005

The requirement To remotely invoke biometric operations

across an SOA infrastructure. Decouple the software service from the

interface (and requester) that calls it Provide business level operations, without

constraining the application/business logic. Be as generic as possible – technology,

framework, & application domain independent Provide basic capabilities that can be used to

construct higher level, aggregate operations

© OASIS 2005

Purpose of the standard (s) To provide the industry, including software

developers, integrators and end-users, with a documented, open framework for deploying and invoking biometric-based identity assurance capabilities that can be readily accessed using services-based frameworks such as Web-Services.

© OASIS 2005

Benefits It establishes an industry-standard set of

biometric identity management services. This will allow applications and systems to be built upon an open-system standard rather than implementing custom one-off solutions for each service provider.

Eases the implementation of and access to such services since the basic services are pre-defined and can be re-used.

Facilitates federated, cross-organizational use of biometric services.

© OASIS 2005

BIAS features Focused on biometrics (but not exclusively) Biometric device, type, and vendor independent Leverage existing standards where appropriate

e.g. CBEFF – INCITS 398-2005 Transport mechanism independent

OASIS will provide bindings for Web services in a separate standard

Multi-platform, open Primarily focused on remote invocations (services),

i.e. not dealing with local devices

© OASIS 2005

Project scope Scope

BIAS defines a framework for deploying and invoking biometrics-based identity assurance capabilities that can be readily accessed using services-based frameworks (e.g. web services).

Excluded Single-platform functionality (e.g., client-side

capture) Integration of biometric services within an

authentication protocol

© OASIS 2005

Content 3 main elements

BIAS services (biometric identity operations) BIAS data (elements) BIAS bindings (schema, protocols)

INCITS role Define operations & data elements

OASIS role integration of these services within the web services

framework

© OASIS 2005

Rationale for collaboration Both disciplines (biometrics and web services) are

equally important to the content of the standard. Experts in both areas will be required to contribute their

expertise to ensure that the final specification provides the right:

Structure Functionality Technical details

Existing standards are available in both fields and many of these standards will provide the foundation and underlying capabilities upon which the biometric services depends.

Experts in both sets of these base standards will be needed to see that they are properly incorporated.

© OASIS 2005

Collaboration approach Develop 2 documents

Content partitioned as identified Documents are separate but interrelated

(companion documents) Documents technically aligned OASIS document tightly coupled to INCITS document

Develop in parallel Each will normatively reference the other Each should follow the ISO template in terms of

structure 2 projects initiated

INCITS 1823-D approved Jan 06 New OASIS TC initiated

© OASIS 2005

Process interactionBase document (functions)

Comments

Revised mapping to SOA

Comments

1st WD (functions & taxonomy)

Comments

Comments

Draft mapping to SOAstandards & patterns

. . .

INCITS XXX OASIS YYY

© OASIS 2005

Technical alignment Unique aspects of each technology will impact

design decisions of the other Cross-education needed Information exchange

Documents must be 100% technically aligned Iterative draft/review process needed

BiometricServices

ServicesBindings

© OASIS 2005

Goals Immediate

Publication of the 2 companion standards by INCITS & OASIS

Ultimate Publication of a multipart standard

internationally (ISO)

ISO/IEC XXXXX

Part 1

Part 2

© OASIS 2005

Workshop overview Joint OASIS/INCITS workshop held on 24 February in Denver

23 attendees Presentations posted as M1/06-0199

Also to be posted on the BIAS TC page Additional workshops to be held in the future, as required

Workshops provide an opportunity for Expert interaction Information sharing

No formal voting or final project decisions will be made at the workshops

Experts may take back to their respective organizations ideas, suggestions or recommendations for action within that group.

No IP is to be shared at workshops See INCITS and OASIS policies (IP, antitrust, etc.)

Workshops are open forums Presentations will be posted afterwards

© OASIS 2005

Workshop presentations Welcome & introductions INCITS M1 overview OASIS overview Project background Biometrics overview Web services overview BIAS project overview Relationship with other standards Voice XML forum BIP DHS discussion Issues & considerations

© OASIS 2005

Project plans Review & comment on INCITS base

document Next INCITS meeting: April 5

Call for comments & contributions due 28 April Next WD to be discussed at June meeting (12-

16) To be posted 2-4 weeks in advance of meeting

© OASIS 2005

INCITS base document Document outline

1. Scope2. Conformance3. Normative references4. Terms and definitions5. Symbols and abbreviated terms6. System context7. Biometric services8. Data elements9. Error handling and notification10. Security

This document is posted at http://www.incits.org/tc_home/m1htm/docs/m1060127.pdf

© OASIS 2005

Feedback on INCITS document Most useful feedback

Format for definition of operations & data elements

How could taxonomy be modified to make web implementations/bindings easier/better

Advice on mechanisms Notifications Synch/asynch operations

© OASIS 2005

Specification outline Action item – need to develop draft outline Examples of other similar standards? Follow ISO format to extent possible OASIS document template

© OASIS 2005

Project schedule Necessarily tied to INCITS project schedule Need to:

Respond to INCITS documents Within 1 month of publication (or by due date for

call to contributions) First response by 28 April

Develop mappings Preliminary – 2 months after launch (15 May)

Develop draft outline By next meeting With preliminary mappings?

© OASIS 2005

Meeting schedule Telecons: 1-2 hours?

Approximately monthly – tentatively: Wed, Apr 19 Wed, Jun 7 Wed, Jul 19

Face-to-face: ½ day? Week of May 9-12 (OASIS symposium, San

Francisco) Week of Sep 19-21 (BC2006, Baltimore)?

© OASIS 2005

TC plans Mail list: bias@lists.oasis-open.org Website content

FAQ Schedule Minutes Press Other material

Member recruitment Especially among web services companies

© OASIS 2005

Action items