Versions Compared

Old Version 2

changes.mady.by.user Amanda

Saved on

compared with

New Version 3

changes.mady.by.user Amanda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Administration:

    • IAWG Chair Andrew Hughes called the meeting to order.  Roll was called. Meeting was not quorate.

      • Roll call:

        1. Voting - Andrew Hughes, Jimmy Jung, Chris LaBarbera, Mark Hapner (early departure), Richard Wilsher, Denny Prvu (late arrival)

        2. Nonvoting - Chris Olsen, Tim Anderson, Yehoshua Silberstein (late arrival)

        3. Invited Guests - Lisa Balzereit, Peter Davis (late arrival)

        4. Staff - Amanda/Lynzie

    • Minutes approval.  

    • Kantara Updates

      • Everyone should keep an eye open for BoD elections in the coming months (it’s open to all organizational members).

      • Annual General Meeting (AGM) is also coming up in December.

      • Kay will also be at Identity Week America. Look for her fireside chat scheduled for Oct 3 at 2pm with Maria Vachino & David Temoshok where they’ll discuss revision 4.  Be sure to stop by the Kantara table!

    • Assurance Updates

      • There is a new approved service-Proof (rebranded from Notarize. Press release scheduled for today from Proof. 

  2.  Discussion:  

    •  CO_SAC updates as we continue the work toward removing Technical class of approval - Richard's first stab is linked. 

      • Richard added columns for tracking alignment with 63A/B, ISMS pass (a “free pass” from another certification/approval) and “What else?” with some preliminary indications on some criteria on his part to these various columns.  

        1. CO#0010-possible removal, as the CSP has already signed a TMLA prior to assessment.

        2. CO#0020-possible free pass if someone came in with a comparable ISMS based on Richard’s knowledge of 27001 

        3. CO#0030-difficult to ascertain as a financial audit isn’t done as part of assessment, possible removal of red strike-through text, but leave reference to liability.

        4. CO#0090-service definition follows RFC 3647.  Recommends looking at CRPS requirements in 63A and consolidate all into single requirement into the CO_SAC, resulting in a single set of requirements for having a credential policy that applies to the CO_SAC and 63xAL (assuming the CO_SAC is mandated, if not-take the requirements out of the CO_SAC and place into each of OP_SAC 63A/B (not C-as it is different because of the federation agreement).  Notes this is also applicable to OP_SAC.

        5. CO#0100-leave as is for now.  Rethink for 63A/B but will need to be there in some form.

        6. CO#0150-Need to ensure matching requirements for Kantara specific required policies and note implications of 63A/B, but potential free pass.  

        7. Other notes are very control focused and easy to extract, mostly potential ISMS free passes.

...