Kantara Initiative Identity Assurance WG Teleconference
| Table of Contents | ||||||||
|---|---|---|---|---|---|---|---|---|
|
| Info |
|---|
TEMPLATE DRAFT Meeting Minutes - IAWG approval required |
...
- Administration:
- Roll Call
- Agenda Confirmation
- Minutes approval: IAWG Meeting Minutes 2013-08-1
- Action Item Review
- Staff reports and updates
- LC reports and updates
- Call for Tweet-worthy items to feed (@KantaraNews or #kantara)
- Discussion
- Disposition of Comments for SP800-63-2 v IAF v3.0 mapping (continuted)
- IAF Tickets and Issues Review
NOTE: All tickets now posted at Identity Assurance Framework - Working Drafts- Myisha to present ARB feedback
- AOB
- Adjourn
Attendees
Link to IAWG Roster
As of 1 July 2013, quorum is 5 of 9
| Info |
|---|
Meeting was quorate, with 5 7 voting participants present. |
Voting
Non-Voting
Staff
...
...
...
Voting
...
- Myisha Frazier-McElveen
- Rich Furr
- Andrew Hughes
...
- Bill Braithwaite
- Scott Shorter
- Matt Thompson
- Cathy Tilton
...
- Richard Wilsher
Non-Voting
- Jeff Stollman
Staff
Apologies
- Ken Dagg
| Info | ||
|---|---|---|
| ||
|
Notes & Minutes
Administration
Minutes Approval
IAWG Meeting Minutes 2013-08-1
Motion to approve minutes of 2013/8/1: Rich Furr
Seconded: Bill Braithwaite
Discussion: None
Motion Passed | With Amendments | DefeatedPassed
Action Item Review
See running table below
Staff Updates
- Director's Corner Link
- August 8-9 meeting planned in Portland/Vancouver, WA - Kantara strategy and internal operations. Please contact Joni for details.
LC Updates
- No meeting this cycle
- New format for quarterly report - easier to distribute
Participant updates
Discussion
Disposition of Comments Continued
- Furr reviewed Wilsher's response to comments, and accepts the responses as written.
IAF Ticket Review
UPDATE: ARB comments on #527461
- ARB has a preference to review applications and vote to accept as valid or reject as incomplete application
- Discussion about ARB turnaround time concerns
- Good for ARB to see the applications
- Update procedure to include ARB vote
...
- Noted that Tickets originators should both highlight the issue area, and also propose text
- Further discussion on Ticket #328495
- This text looks like it originated from 800-63
- This may be a profile candidate
- Request to be made to Staff to discuss this ticket with the originator.
- Decision made to Delete the noted lines
- Same for #314131
- Minor edits:
- Section 5.3.1 Line 2149: add newline
- Section 5.4.1 Line 2725: add newline
#770408 discussed on 1 August and 8 August 2013 calls.
| Code Block | ||||
|---|---|---|---|---|
| ||||
IAF-1400-SAC
Line: 1636 - 1640, 2149 - 2198
Reason:
This is permitting only three protocols making IAF protocol dependent.
Currently, it is listing tunneled password, zero knowledge-base password; SAML assertions.
Proposal:
Delete |
Discussion of ticket
- More research required - Need to know the source of the 3 Protocols listed (are they specified in 800-63?)
- The list is specific to the 3 protocols - is this the intent? "Permit ONLY the following ..."
- This looks like a candidate for a US-Specific Profile
- The point appears to be to avoid password eavesdropping or message replay
- Defer further discussion to next meeting
(8 August 2013) Discussion:
- This is 800-63 specific, and is lagging the current technologies available.
- Suggestion to specify requirements for the strength of the credential rather than the specific protocols
- Issues include how to demonstrate 'strength'
- An analysis is needed to update the technologies list to current.
- "Apply only authentication protocols <text that refers to strength needed at this AL> for example: tunneled password; zero knowledge-base password; SAML assertions."
- Defer text writing to next meeting.
Disposition: Return for clarification | Add to IAF enhancements list
| Info |
|---|
The text from last week's meeting is copied here for reference. Myisha to discuss ARB feedback on Ticket disposition decisions. |
...