Versions Compared

Old Version 10

changes.mady.by.user Former user

Saved on

compared with

New Version 11

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Agenda

  1. Administration:
    1. Roll Call
    2. Agenda Confirmation
    3. Minutes Approval: <<<Link to minutes goes here>>>
    4. Action Item Review: action item list
    5. Organization Updates - Director's Corner
    6. Staff reports and updates
    7. LC reports and updates
    8. Call for Tweet-worthy items to feed (@KantaraNews or #kantara)
  2. Discussion
    Review and approve 63A/B SACs 
    Discuss approach on new GSA requirements and approve Project Plan 
    Initial comments on GSA Concept of Operations and Certification Process drafts.
  3. AOB

 Attendees

As of 2017-03-16, quorum is 4 of 8 (see list box below for voting members)

...

  • Public Comment Period and IPR Review: Opens:  4 December 2017.  Closes: 22 January 2018 
  • Potential changes implementation according to comments received  22 January - 31 January  2018
  • LC to Certify sending the SACs to All Member Ballot: 1-8 February 2018 
  • All Member Ballot  Opens 9 February  – Closes (?) 24 March 2018 (maximum). Min 14 days – Max 45 days. Requires a "Supermajority of those voting, with at least 15% of all members voting" (i.e. at least 75% of those casting a vote must vote to approve). 
  • Implementation Deadline set by NIST: 22 June 2018 


AH requested to list the active contributors of this work in the front page or second page.

SS commented about the philosophy that was applied. 

  • A shall was an easy guidance to follow. NIST requirement about SHOULD highly desired various alternatives, it is not mandatory, discussing is this sth what was intended, you should but there sis not consequences. Should be interpreted as a shall or weak so no enforceable at all?.
  • Original requirement on the left, KI criteria we added a subject as most of the text were passive.
  • The group tunned the requirements to ensure CSP is doing its part.

 

AH asked if SACs reflect the errata of 800-63-3 documents? He does not see version and date of document, so he suggested to make sure the documents are correctly labeled and identify the date we pulled the source document.

SS commented that an additional value add some exposition about theories of why different types of identity evidence meet different strings, provide specific examples, explanations and analysis. KI would put a stamp on or GSA would like to provide a implementation Guidance that NIST did with FIPs 114.

Now that we have new requirements let´s make sure real work examples are following into the same slots when everybody evaluates.

 

AH as KI closer to an actual certification process, having guidance documents and Real implementation examples would be part of the document kit.

AH we can collate the material over the time.

Take a proposal to ARB, take out of each assessment what level of evidence was used, more transparency when possible.

CW confirmed Policy decision to ARB

Potential Changes to the policy

 

SSH Panels 2 and 3 Identity evidence validation string table for the different levels. Verification of identity evidence at the different levels.

 

 

AH spreadsheets forms into a traceability matrix, we can demonstrate coverage to 800-63-3 requirements. Other are mapping to the requirements of 800-63-3. KI criteria has some traceable properties

 

63B done for AL2. Only one panel, no sub-tables. Types of authenticators are reflected in groups below, there come blocks of applicable criteria are mandatory.

 

Row 91 Number 63B#0280- Scott to add references.

 

AH suggested that we should remove the highlights in yellow.

 

Motion on 63A SAC moving to next step in the process.

AH after the cosmetic changes be circulated 63A SAC be circulated to public comment and PR Review.

Motion 63B same motion above.

Mark H seconded both motions.

 

 

GSA has circulated process and procedures documents for TFS Program ConOps and Certification Process drafts. They request hthat 22 December to have comments back to them on these 2 documents.

Second part of KI work will be to identify changes to its internal process

 

KD presented the Project Plan to tackle comments to GSA and changes to KI Trust Framework Operations Program

KD proposed to create a sub-group and made a call for participants

 

Confirmed Volunteers:

Colin W.

Andrew H.

Scott S.

Mark H.

Richard W.

 

First meeting Tuesday 14:00EST

 

AH stressed that importance of this process, as these docs. under review at GSA are the requirements for KI to be able to offer approvals and assessments.

 

There are some significant requirement increases, these are the docs by which KI operates.

 

KD ARB emphasizes get their input to this process. Encouraging to offer their comments.

 

RP to re-send the comments of RW

RW  

 


 

RW reviewed the COSA 4.5 tcriteria could be withdrawn as they are covereded 63A oB SAV

 

Scott suggested Cross cjeck discussion Next Tuesday

 

CW encouraged the participants to take this survey as it is related to current IAWG discussion: https://www.surveymonkey.com/r/5YZ3Y9X




Motion to approve SACs:
Seconded: 
Motion Carried 

...

  • Date: Thursday, 2017-12-7 
  • Time: 12:00 PT | 15:00 ET

...





Write a comment…

Powered by a free Atlassian Confluence Community License granted to Kantara Intiative . Evaluate Confluence today.

...