...
- Date: 3. Dec 2012
- Time: 11:00 PDT | 14:00 EDT | 20:00 CET | 0708:00 NZ(+1)
Roll Call
Present
...
Colin: update of the charter and , submission for to LC . and approval -Complete (Waiting on editing rights to charter page)
-- Keith to contact oliver oliver@kantarainitiative.org
Colin: manage response to eHerkenning Netherlands B2B SAML solution for consultation. Now closed, we did not get much feedback since October (Rainer's)
3. Report from Face to Face meeting, Washington DC
Initial report from Colin: Terrific workshop, probably the best of that style Colin Kantara has ever attendedstaged. "Stunning".
Ken: Good event, excellent discussion - interesting to see how many people were a complete 'suite' of identity federation stakeholders there.
20-25 participants
Approved identity providers: experionexperian, symantec
Some 'prospective' IdPs: lexis/nexis, dayondaon, maybe equifax
"2.5" assessors in the room.
GSA
Some assessors: KPMG, Electrosoft (and Deloitte, although Myisha representing the IAWG as Chair)
Governments: US GSA, Ken and Tim from Fed Canada
, Colin from NZ
CA presentAlso present: CA (Phil), ISOC (Karen), Ingo from DT, Dr Alterman for the IRB
Interesting mix of people
Non-government relying parties were missing
Focus All agreed to try for focus group discussions with the RPs would be goodon the next workshop. The identity proofers, who already have all the customers, are the ideal parties to invite their customers to come and join the discussion.
The first day was dedicated to trying to find equivalency between the almost identitical 863-1 and ISO 29115 X1254. Gap analysis and discussion.
863 is a set of US gov specs, instead of a set of requirements that need to be met.
Missing comparability to requirements.
863-* needs to look at the requirements of these documents, not the specifications which are outlined in this document.
Lexis/Nexis working on timelines for standards on how to identify. Guides customers how to identify, how to get increased assurance.
Anna is welcoming a closer engagement with Kantara, which is positive.
Canada is publishing a comparison document (through OASIS SSTC)
Ficam is working on a similar comparison document on how assess and approve the components rather than running the identity assurance framework as a single piece.
There was almost unanimous agreement on the need for a discussion form for the possibility of standardizing the interface between IDP and credential provider. So that when an IDP and credential provider want to cooperate, they don't have to come up with their own solutions every time. Ideally the interfaces can the assessed independently.
Reduce ardous integration projects. This may not necessarily be a technical API, but some kind of standardization is an absolute requirement.
The identity proofers don't want to give away any secrets on how proofing is performed.
Identity proofers (Experion) may not able to participate in a standardization call in order to protect trade secrets.
The last day began with a presentation from Canada on pseudonymous design. Comparison of approaches between Canada, NZ and USA and how they separate different pieces of the transaction, so that no one party has all of the identification keys.
Canadian gov (Andrew Hughes(sp?), Colin Suite(sp?), David Wosley) developed over the summer what they are calling the "decoupled binding approach"
...