Attendees: Ken Dagg; SATO Hiroyuki; James Jung; Richard Wilsher; Mark Hapner; Nathan Faut; Martin Smith; Ruth Puente
Key discussion items
Richard went through this draft during the meeting: KIAF-1450 SP 800-63C Service Assessment Criteria v0.04.0.xlsx
Richard mentioned that criteria that apply to Federation Authority was completed, now it is necessary to go back to IdPs and RPs.
It was agreed to add additional requirements to the Federation Agreement: Testing and the frequency of re-assessment to ensure ongoing conformance requirements. Richard clarified that these additional requirements are not part of the source text. Martin asked if the Board would have problem with that. Ken said that the Board would in essence, look for a recommendation from IAWG and unless there is a very significant business reason not to go with that recommendation, they would go with that recommendation, they are not the technical experts. Richard added that this is the reason why CSPs and RPs are being encouraged to work in the sub-group.
Martin commented that it is assumed that if the assessment criteria changes (if Kantara makes the changes), it should probably trigger re-assessment as well. Ken answered that it should be checked in the next review, during annual conformance review or triennial review, no more than 12 months, as per the SAH and TMLA. Ken clarified that if the changes to the SAC are no material they don't need an All Member Ballot.
Requirement on Row 50. #0330 says "Federation authorities SHALL individually vet each participant in the federation to determine whether they adhere to their expected security, identity, and privacy standards":
...