...
The Identity Assurance Work Group (IAWG) supports Kantara in developing and maintaining assessable identity assurance criteria for the Kantara US Identity Assurance Program and other relevant frameworks. IAWG ensures that criteria define measurable methods for compliance rather than restating requirements. The workgroup provides subject matter expertise to Kantara, advises the Assurance Review Board (ARB), and facilitates discussions on identity proofing, authentication, and assurance. IAWG's focus is on defining certification criteria that align with the specific functions organizations perform within identity proofing and authentication. The workgroup remains technology- and vendor-agnostic while emphasizing strategic and policy-oriented assurance practices.
*RESPONSIBILITIES:* •
Assist Kantara in developing and evolving identity assurance criteria that support certification of specific identity proofing and authentication functions.
• Ensure that criteria are assessable and define how compliance must be demonstrated.
• Provide expert input on identity assurance policies, standards, and interoperability with other assurance schemes.
• Advise Kantara leadership and the ARB on assurance-related topics.
• Engage with other Kantara groups to align identity assurance efforts with broader industry needs.
Notes 2025-02-06:
Jimmy - notes that the shift in responsibilities from IAWG to Kantara program - this is not a minor change
Richard - we should be setting the charter according to what we are doing today - not according to some future situation
Andrew: Good point
Yehoshua - this is in line with the ISO 17065 discussion of last week. Kantara can delegate development of text as it wishes. Kantara has chosen to take on the ownership of the assessment critieria.
Richard points out that 17065 states no obligations on some of the changes that Kantara is wanting to implement.
ACH points out that regardless of that, Kantara wants to make program changes to meet market needs
Richard / Jimmy - these are big changes and seem to be outside of IAWG authority
Richard: ACH trying to change the charter before the Accredited CAB in place - not productive use of time
Yehoshua - is there objection to restructuring the criteria?
Jimmy - there’s no opinion either way on the structure of the criteria - CSPs want the Trust mark because they need it - don’t change it
Yehoshua - gives an example of some areas that lack detail in the SACs and how the criteria have mismatches to how service providers organize themselves to deliver real services. The criteria need to evolve regardless of any other factors.
Richard - IAWG continues to ‘own’ the SAC (manage, etc)
The Charter should set up space for us to work within, doesn’t need to be too specific
Jimmy - the current way of working/managing the SAC has been working
Jimmy - “how compliance must be demonstrated” is this a change in how we develop criteria and what goes into them?
“The Service Assessment Criteria are the requirements that must be fulfilled by the service under assessment”
Mike Magrath - agrees with Richard/Jimmy on what the program is trying to deliver and what services need
The language in the proposal seems to say that IAWG might shift towards writing procedures instead of what we do today
Eric T - are we seeking to move towards procedural text? (not really)
Today’s SAC clarify some of the fuzzy requirements as written in 800-63 today
Warns against being over-prescriptive if we tried to list all the ways that conformity can be achieved - very risky
Richard - there is value in improving/enhancing how assessments could be done - but must be careful to avoid constraining service providers by bad process. There could be improvements to consistency coming out of 17065 accreditation.