Kantara Initiative Identity Assurance WG Teleconference

...

Date and Time

• Date: Thursday, 2014 04 17
• Time: 09:00 PDT | 12:00 EDT | 16:00 UTC (Time chart - US Daylight Saving Time )
• United States Toll +1 (805) 309-2350
  Alternate Toll +1 (714) 551-9842
  Skype: +99051000000481
  
  • Conference ID: 613-2898
• International Dial-In Numbers

...

1. Administration:
   
   1. Roll Call
   2. Agenda Confirmation
   3. Minutes approval: DRAFT IAWG Meeting Minutes 2014-04-03, DRAFT IAWG Meeting Minutes 2014-04-10
   4. Action Item Review
   5. Staff reports and updates
   6. LC reports and updates
   7. Call for Tweet-worthy items to feed (@KantaraNews or #kantara)
2. Discussion
   
   1.  FICAM TFS Monthly call (occurs April 17 just prior to IAWG)
   2. Kantara-FICAM mapping update
3. AOB
   1.  
4. Adjourn

 Attendees

Link to IAWG Roster

...

• Rich Furr ( C)
• Andrew Hughes (S)
• Bill Braithwaite
• Scott Shorter
• Matt Thompson
• Cathy Tilton
• Ken Myers

Non-Voting

• Ken Dagg
• Jeff Stollman

Staff

•  Joni Brennan

Regrest

• • Paul Calatayud (V-C)

Notes & Minutes

Administration 

...

• Many IAWG regulars were on the FICAM TFS call
• 'Comparability' versus 'compliance' was a hot topic
• FICAM TFS says that TFP's TF rules must show Comparability to the FICAM Trust Criteria. Then the CSP must Conform to the TFP TF rules
• Comparability versus conformance matters more in some areas than others
• The Federal Agencies are asking for certified services that are not the FICAM approved services
  • A challenge is that the reasons the Agencies are not accepting FICAM offerings are not fully understood or known
  • Is there a view that FICAM Approved services do not deliver services that meet the Agency needs? (needs to be checked)
• FICAM Trust Framework Solutions needs to work with Industry to inform Agencies on the programs and how they meet the requirements
• Should look at how other governments (Canada, New Zealand) have addressed this, and help FICAM 
  • Kantara could work towards a Comparability Framework drawing on global experiences would be very helpful
  • Need to define the process to determine comparability
  • Could state the objective for comparability so that the Assessors would have guidance
  • Comparability must start at the objective point - this must precede and support the Criteria
    • many schemes state criteria without obvious objectives statements
    • Look at Canada's work on objectives
    • Look at UK GPG 43 - sets up the objectives for service delivery
• Canada did a guide on how RPs should approach risk assessment to determine what they need. Then the CSP offers the AL service and can express how it meets.
• Comment: 4 AL seems to work best when Comparability is not in play - only when there are strict criteria do all parties know what they are getting. When there's uncertainty on what's included, it is hard to stay within an AL and variability ensues.
• Shorter will send:  Implementation Guidance for FIPS 140-2 which sets out the cases that have been examined. 
  • Link is here: http://csrc.nist.gov/groups/STM/cmvp/documents/fips140-2/FIPS1402IG.pdf

Reference links to Canada work:

...