Kantara Initiative Identity Assurance WG Teleconference
Table of Contents | ||||||||
---|---|---|---|---|---|---|---|---|
|
Info |
---|
Meeting Minutes approved by IAWG 22 August 2013 |
Date and Time
- Date: Thursday, 8 August 2013
- Time: 07:00 PT | 10:00 ET | 14:00 UTC (time chart)
- United States Toll +1 (805) 309-2350
Alternate Toll +1 (714) 551-9842
Skype: +99051000000481- Conference ID: 613-2898
- International Dial-In Numbers
Agenda
- Administration:
- Roll Call
- Agenda Confirmation
- Minutes approval: IAWG Meeting Minutes 2013-08-1
- Action Item Review
- Staff reports and updates
- LC reports and updates
- Call for Tweet-worthy items to feed (@KantaraNews or #kantara)
- Discussion
- Disposition of Comments for SP800-63-2 v IAF v3.0 mapping (continuted)
- IAF Tickets and Issues Review
NOTE: All tickets now posted at Identity Assurance Framework - Working Drafts- Myisha to present ARB feedback
- AOB
- Adjourn
Attendees
Link to IAWG Roster
As of 1 July 2013, quorum is 5 of 9
Info |
---|
Meeting was quorate, with 7 voting participants present. |
Voting
...
Non-Voting
- Jeff Stollman
Staff
Apologies
...
Notes & Minutes
Administration
Minutes Approval
IAWG Meeting Minutes 2013-08-1
Motion to approve minutes of 2013/8/1: Rich Furr
Seconded: Bill Braithwaite
Discussion: None
Motion Passed
Action Item Review
See running table below
Staff Updates
- Director's Corner Link
- August 8-9 meeting planned in Portland/Vancouver, WA - Kantara strategy and internal operations. Please contact Joni for details.
LC Updates
- No meeting this cycle
- New format for quarterly report - easier to distribute
Participant updates
Discussion
Disposition of Comments Continued
- Furr reviewed Wilsher's response to comments, and accepts the responses as written.
IAF Ticket Review
UPDATE: ARB comments on #527461
- ARB has a preference to review applications and vote to accept as valid or reject as incomplete application
- Discussion about ARB turnaround time concerns
- Good for ARB to see the applications
- Update procedure to include ARB vote
- Noted that Tickets originators should both highlight the issue area, and also propose text
- Further discussion on Ticket #328495
- This text looks like it originated from 800-63
- This may be a profile candidate
- Request to be made to Staff to discuss this ticket with the originator.
- Decision made to Delete the noted lines
- Same for #314131
- Minor edits:
- Section 5.3.1 Line 2149: add newline
- Section 5.4.1 Line 2725: add newline
#770408 discussed on 1 August and 8 August 2013 calls.
Code Block | ||||
---|---|---|---|---|
| ||||
IAF-1400-SAC
Line: 1636 - 1640, 2149 - 2198
Reason:
This is permitting only three protocols making IAF protocol dependent.
Currently, it is listing tunneled password, zero knowledge-base password; SAML assertions.
Proposal:
Delete |
Discussion of ticket
- More research required - Need to know the source of the 3 Protocols listed (are they specified in 800-63?)
- The list is specific to the 3 protocols - is this the intent? "Permit ONLY the following ..."
- This looks like a candidate for a US-Specific Profile
- The point appears to be to avoid password eavesdropping or message replay
- Defer further discussion to next meeting
(8 August 2013) Discussion:
- This is 800-63 specific, and is lagging the current technologies available.
- Suggestion to specify requirements for the strength of the credential rather than the specific protocols
- Issues include how to demonstrate 'strength'
- An analysis is needed to update the technologies list to current.
- "Apply only authentication protocols <text that refers to strength needed at this AL> for example: tunneled password; zero knowledge-base password; SAML assertions."
- Defer text writing to next meeting.
Disposition: Return for clarification | Add to IAF enhancements list
Info |
---|
The text from last week's meeting is copied here for reference. Myisha to discuss ARB feedback on Ticket disposition decisions. |
NOTE: All tickets now posted at Identity Assurance Framework - Working Drafts
Identity Assurance Framework - Working Drafts
IAF Ticket #527461 (13 June 2013)
IAF Ticket #328495 (July 13, 2013)
IAF Ticket #314131 (July 13 2013)
IAF Ticket #770408 (13 July 2013)
Discussion of AL2_CM_CTR#028 and AL2_CM_CTR#025 questions
...
language | none |
---|---|
title | IAF Ticket #527461 (13 June 2013) |
...