Versions Compared

Version Old Version 2 New Version 3
Changes made by

Andrew Hughes

Andrew Hughes

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

• Engage with other Kantara groups to align identity assurance efforts with broader industry needs.

Notes 2025-02-06:

[edited 2025-02-11]

  • Jimmy - notes that the shift in responsibilities from IAWG to Kantara program - this is not a minor change

  • Richard - we should be setting the charter according to what we are doing today - not according to some future situation

    • Andrew (ACH): Good point

  • Yehoshua - this is in line with the ISO 17065 discussion of last week. Kantara can delegate development of text as it wishes. Kantara has chosen to take on the ownership of the assessment critieria.

  • Richard points out that 17065 states no obligations on some of the changes that Kantara is wanting to implement.

    • ACH points out that regardless of that, Kantara wants to make program changes to meet market needs

  • Richard / Jimmy - : these are big changes and seem to be outside of IAWG authorityIAWG’s authority/scope

  • Jimmy: these are big changes

  • Richard: ACH trying to change the charter before the Accredited CAB in place - not productive use of time

  • Yehoshua - is there objection to restructuring the criteria?

    • Jimmy - there’s no opinion either way on the structure of the criteria - CSPs want the Trust mark because they need it - don’t change it either their client or their opportunity specifically requires it

  • Yehoshua - gives an example of some areas that lack detail in the SACs and how the criteria have mismatches to how service providers organize themselves to deliver real services. The criteria need to evolve regardless of any other factors.

  • Richard - IAWG continues to ‘own’ the SAC (manage, etc)

    • The Charter should set up space for us to work within, doesn’t need to be too specific

  • Jimmy - the current way of working/managing the SAC has been working

    • Jimmy - “how compliance must be demonstrated” is this a change in how we develop criteria and what goes into themintended to assign the IAWG the responsibility of identifying “how criteria must be tested or demonstrated”?

  • “The Service Assessment Criteria are the requirements that must be fulfilled by the service under assessment”

  • Mike Magrath - agrees with Richard/Jimmy on what the program is trying to deliver and what services need

  • The language in the proposal seems to say that IAWG might shift towards writing procedures instead of what we do today

  • Eric T - are we seeking to move towards procedural text? (not really)

    • Today’s SAC clarify some of the fuzzy requirements as written in 800-63 today

    • Warns against being over-prescriptive if we tried to list all the ways that conformity can be achieved - very risky

  • Richard - there is value in improving/enhancing how assessments could be done - but must be careful to avoid constraining service providers by bad process. There could be improvements to consistency coming out of 17065 accreditation.

...