Versions Compared

Old Version 2

changes.mady.by.user Former user

Saved on

compared with

New Version 3

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Kantara Initiative Identity Assurance WG Teleconference

...

  1. Administration:
    1. Roll Call
    2. Agenda Confirmation
    3. Minutes approval: (meeting minutes from 2015-02-26 are having technical difficulties and not available)
    4. Action Item Review
    5. Staff reports and updates
    6. Assurance Review Board (ARB) and Leadership Council (LC) reports and updates
    7. Call for Tweet-worthy items to feed (@KantaraNews or #kantara)
  2. Discussion
    1. FIPS 140-2 versus Common Criteria equivalents
    2. NIST SP 800-63 update
  3. AOB
    1.  
  4. Adjourn

 Attendees

Link to IAWG Roster

...

  • Scott Shorter (S)
  • Andrew Hughes (VC)
  • Devin Kusek
  • Lee Aber
  • Cathy Tilton
  • Rich Furr
  • Richard Wilsher
  • Adam Madlin

Non-Voting

  • Björn Sjöholm
  • Pete Palmer
  • Angela Rey

Staff

  •  

Regrets

  • None
Info
titleVoting Members for Cut/Paste
  • Ken Dagg (C)
  • Andrew Hughes (VC)
  • Scott Shorter (S)
  • Rich Furr
  • Paul Calatayud (VC)
  • Devin Kusek
  • Adam Madlin
  • Kenneth Myers
  • Cathy Tilton
  • Richard Wilsher
  • Lee Aber

...

titleSelected Non-Voting members for Cut/Paste

...

 

 

Notes & Minutes

Administration 

...

FIPS 140-2 language concerns

FIPS 140-2 vs CC topic.  On the ARB call this week, discussioons with assessors in Europe noted that Kantara SAC reflects FIPS 140-2 for cryptographic requirements, and national body approved equivalents, which resulted in a perception of a US centric document. Suggested adding relevant common criteria standards for this.  ARB has asked IAWG to consider a rewording of those sections that refer directly to the FIPS to reverse the order - make the core reference the ISO standard, or national equivalents.

Cathy agrees but doesn't think this addresses the problem of crypto on mobile devices, where SP 800-63 requires FIPS 140-2 level 1 certified software modules.  Major OS on devices do have FIPS 140-2 certification, but that is specific to the handset, chipset, version of OS, etc.

Bjorn - is this an issue for software validation versus hardware validation.

Richard - as a consequence of this - there is an effect that Kantara or FICAM approval could be technically invalidated by the inability of a service to conform to the particular criteria.

Bjorn agrees with the intent of the change.

...

Andrew will respond to Paul that RFI followed by a workshop is a good idea.  Didn't hear vocal support of starting the work in advance of starting the scope, after some discussion suggests gathering thoughts to inform what the issues may be. Andrew suggests we work on it at the next available meeting time.

AOB

None

  • Motion to adjourn - Richard Wilsher, seconded Adam Madlin