Versions Compared

Old Version 4

changes.mady.by.user Former user

Saved on

compared with

New Version 5

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Kantara Initiative Health Identity Assurance WG Teleconference

...

Info

DRAFT minutes, pending HIAWG approval

 

Date and Time

Date: Thursday, 6 June 2013 
Time: 10:00 PT | 12:00 CT | 13:00 ET
Dial in: TurboBridge Conferencing

Health Identity Assurance Working Group Home Page

...

  1. Administration:
    1. Roll Call
    2. Agenda Confirmation
    3. Leadership Nominations / Election
    4. Upcoming Events page: http://kantarainitiative.org/confluence/x/pYDWAw
    5. Report out from latest LC meeting
  2. Discussion
    1. New Mission Statement for the Group
    2. WG Charter 
    3. Aligning efforts with DirectTrust.org, EHNAC, and IDESG 
    4. Deliverables for on-boarding healthcare worker digital identities
  3. Presentation on “A Privacy Strategy for the United States Healthcare Industry” (see attached)  - Barry Hieb
  4. AOB
    1. (proposed for next meeting) Presentation on conducting risk assessments for apps dealing with PHI - Linda Goettler
  5. Adjourn

 Attendees

Currently, quorum is 9 of 16

Voting
  •  
Non-Voting
  •  
Staff

...

  •  

Administration 

...

  • Discussion
Feedback to the Government of Canada on "Guidelines on Identity Assurance"
  • Call for verbal comments or discussion prior to written response
  • Due to day-job time commitments, little progress
  • Ken offered to extend the deadline for comments to June 13 2013
  • Question: how does the Canadian document relate to similar docs from US or UK? Answer: the material was reviewed during document development. NZ & UK gov has provided comments so far.
RP Guidelines
  • Myisha notified that a draft call for participation has been sent out to the list 
  • Please send feedback

Ad Hoc Team Updates

Alignment with SP 800-63
  • Richard Wilsher provided a join.me 
  • Work to date has been distributed to IAWG list
  • Has restructured 800-63-2 to make analysis easier
  • Kantara talks about Subscriber and Subjects - NIST does not differentiate: they only use Subscriber - check the glossary section
  • 5.3 6.3 7.3 8.3 9.3 have been mapped - has skipped overviews and tutorial sections
  • Has added sub-numbering to enable more specific discussion
  • 5.3 section: the way 800-63-2 treats different LOAs is a bit mixed. RGW has re-sorted them into sections by LOA
  • Has broken down distinct requirements even if they originally appeared in single statements
    • then mapped each to the existing KI IAF item
    • there is a Many:Many relationship
  • In the KI SAC - has inserted indexes back into the modified 800-63
    • Note that there are SAC criteria that do not have an equivalent 
  • Comment: for those extra items, they originally came from Good Practice - Kantara's aim is to determine if the organization is sound. NIST assumes that Government Agencies are sound and following GSA guidance
  • Comment: Some of the items that are not specifically 800-63 criteria might actually be Privacy criteria
    • To create a Privacy profile, just go through the SAC and annotate them
  • There are some puzzling items
    • e.g. 5.3.1.2.5 question about item c) - it reads as if the bullets apply to all LOAs - it is difficult to disentangle the statements - is this a change request to NIST? RGW needs feedback.
  • Red Text to indicate where there might be the opportunity to define a US Profile:
    • 800-63-2 becomes very specific - there may be other options that could meet the criteria. 
    • There might be options that work outside of the US. 
    • These might be criteria that could be less specific in the SAC and use the US profile to include the more prescriptive material
    • There are items that do not currently exist in the SAC - question is do they need to be added?
  • Requested comments by 20 June 2013
    • RGW will send out a formal request for comment with a formal comments form
  • Intent with this work is
    • Result will be a Kantara owned publication
    • The mapping document will remain publicly viewable
    • Will be provided to NIST as suggestions for updates
  • The Comments back to RGW should eventually be posted to the wiki to enable future understanding of rationale
  • Comment: once the work is done, should schedule a IAWG F2F in DC area to discuss the approach and documents to update NIST and seek feedback
AOB

...

 

Discussion

Item 1

 

AOB
  •  

Action Items

IAWG-NIST F2F in DC area to discuss approach and feedback on 800-63 v IAF analysis approach
Item #DescriptionAssigned toEst. Completion
2013-06-06-001Review and provide feedback on Govt. Canada guideline. IAWG will collect and send a consolidated version.All13 June 2013
2013-06-06-002Review RGW 800-63-2 vs KI IAF mapping documents and provide feedbackAll20 June 2013
2013-06-06-003Review and provide feed back to Myisha on Relying Party Guidelines call for participationAll13 June 2013
2013-06-06-004Send in event information to Staff for updating the community calendar and Upcoming EventsAllInfo only
2013-06-06-005Staff / IAWG LeadsTBD
    

 

Attachments

Guideline on Identity Assurance-Consultation Draft Apr 25 2013.pdf

Standard_on_Identity_and_Credential_Assurance.pdf

EZP-63-2 v0-1.docx

Kantara IAF-1400 SAC-63-2 v0-1.docx 

Next Meeting

Date: Thursday,

...

20 June 2013 
Time:

...

 10:00 PT |

...

12:00

...

CT |

...

  • Conference ID: 613-2898

...

13:00 ET
Dial in: TurboBridge Conferencing