Versions Compared

Old Version 1

changes.mady.by.user Lynzie Adams

Saved on

compared with

New Version Current

changes.mady.by.user Lynzie Adams

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Attendees:

Voting Participants: Martin Smith, James Andrew Hughes, Michael Magrath, Jimmy Jung, Richard Wilsher, Mark Hapner, Denny Prvu, Andrew Hughest, Michael Magrath, Mark King, Maria Vachino
Non-voting participants: Chris Olsen, Angela Rey, Mark Hapner
Staff: Lynzie Adams, Kay Chopard

...

  1. Administration:

    • Roll call, determination of quorum

    • Minutes approval - 2022-1011-27 03 Minutes

    • General Updates

    • Assurance Updates

  2.  Discussion: 

    • Assurance Program RecommendationsCharter Review

  3. Any Other Business

Meeting Notes 

Administrative Items:

IAWG Chair Andrew Hughes called the meeting to order.  Roll was called. Meeting was quorate. 

Minutes approval:   

Mark Hapner Jimmy Jung moved to approve the draft minutes from the October 27 November 3 IAWG meeting. Martin Smith Mark Hapner seconded the motion. Motion carried with no objections. 

General Updates:

Reminder that KIBoD nominations are being accepted. You must be a member to run for a spot on the Board. Similarly, Chair and Vice-Chair roles for IAWG will be open for nomination soon. Those positions will represent IAWG on Leadership Council.

Kantara’s Annual General Membership Meeting will be held Wednesday, December 7 at 11am ET. Please watch for a calendar invitation with more information. Andrew is not available. Martin will represent the group at the meeting.

Assurance Updates:

The Joint Industry meeting with NIST has been postponed to December 9 at Venable Offices in DC pending release of the revision 4. The meeting is in person only at this point and does require proof of vaccination. The contact person is Sandy Day (SRDay@Venable.com). The NIST/IAWG meeting will come after that. Additionally, we’ll want to keep the meeting following the Venable meeting open as a debrief and discussion for those unable to attend. Currently that would be the December 15 meeting.

Misc:

Richard asked about the status of 17065. Kay confirmed it is happening in the UK and will ultimately come to the US but it is not likely to be before 2024. It will be socialized with this work group along with the ARB and assessors. Richard voiced some concerns for this transition.

Mark King asked where 17065 lands us with IAF. Andrew believes it puts us in the IAF umbrella once the UKAS process is completed.

Discussion:

Assurance Program Recommendations

Lynzie recapped the previous meeting for those that were not in attendance but there was some email discussions that needed to be brought back up to the whole group. The timeline suggested last week has not be added yet but the list of stakeholders was.

The definitions were discussed further. Andrew asked if we should supply language for CSPs to use to describe their trust mark/ approval. It hasn’t been contemplated but could be. Lynzie thinks that language can come through in the public service description edits to the S3A and the deliverables from the CSP and Kantara communication.

Andrew called for any final modifications to the report. None were made. This is the final text.
Richard will input background on the difference between the Assurance Program vs. the IAF as part of the background section of the report.  

Andrew moved to accept this report as the IAWG recommendation for updates to the Kantara IAF and relevant controlling documents. Michael Magrath seconded. The motion was Approved.

Any Other Business

We will meet next week, November 10, to discuss the charter updates and any planning for 2023Kay reminded the group of the Annual General Meeting on Wednesday, December 7 at 11am ET. Martin will be representing IAWG with our accomplishments for 2022 and looking forward to 2023. She also reminded the group that any Kantara organization member is eligible to run for the Board of Directors. Individual members are not currently eligible. The bylaws currently allow for up to 17 Board members. An all-member ballot will be sent out after the AGM meeting to conclude the election process.

Andrew encouraged IAWG members to submit any questions to Kay to be addressed during the AGM either before the meeting or during the Q&A time reserved at the end.

Kay will be in the UK next week speaking at a variety of conferences and meetings surrounding our UK program.

Calls for chair and vice-chair of this group was sent out by Lynzie earlier this week. Please look for that email and respond if nominating for one of the positions. Currently, Andrew Hughes has self-nominated to remain in the chair role. Elections will be held on December 15.

Assurance Updates:

The Assurance Program is ramping up as we close out 2022. We currently have 1 RTO assessment, 2 FSO assessments and 2 initial applications in the queue along with some other renewals.

The recommendations from this group have not been sent to the ARB yet but Lynzie hopes to do that in the next week. The plan is still to have them reviewed by ARB/KIBoD prior to the AGM so that it can be discussed in IAWG’s portion of the AGM.

Andrew asked if we ever receive feedback from the CSPs about the assurance program and areas to improve. To this point, we’ve only ever received feedback around the cost but not the process. A survey was discussed and drafted previously but was never implemented. Richard doesn’t feel as though CSPs would take a survey as they are just happy to complete the process.

Discussion:

Charter Review

Andrew led the discussion on his visions of the charter. He shared a graphic organizer that highlighted the following areas: Target Audiences, Domains of Expertise, Publications, Areas of Work, Industry Outreach, and Future Study Areas.

...

This is a working document that is not all inclusive of what is currently in the charter. It is not meant to replace our charter, but be a visual of our workload. Currently, the size of the bubbles is not indicative of anything.

He elaborated on his vision. Domains of Expertise - what do we want the world to know/ what should we be known for? Future Study Areas - the big bucket of things that we might do. The Future areas and Current areas make up the entire IAWG workload, resulting in various publications over time.

Richard has concerns with it - 63-4 is addressed multiple times, the glossary, and the exclusion of the SACs. Andrew explained the connections. This mapping makes it difficult for someone less familiar with the IAWG to make those connections. Richard feels a simple of list of what we do and subpoints on how we do it would suffice. Michael likes the idea but sees how someone could get lost.

Michael suggested adding FIDO certifications to the future areas of study and how that might be leveraged in our framework. Michael sees those as a threat to Kantara. Andrew added it to the above map.

Denny suggested that the current version leaves a new participant questioning how to get engaged, where to start. And that we could address that in this overhaul.

Andrew suggested a modified/updated version of this mapping could be presented at the AGM to raise awareness of the work the group work does. Richard does not think this is helpful in conveying what we do. Jimmy sees it as a ‘sales’ tool as representation of what we do. Richard thinks it's dangerous to share this level of specificity.

Richard also suggested dropping “identity” from the name of the workgroup to represent the expertise in assurance rather than only identity. Andrew sees this point and acknowledges IAWG is a legacy term. Jimmy agrees with Richard and thinks we need to represent our primary reason a bit more clearly in this diagram. Andrew doesn’t feel there is enough time in 2022 to make that a focus, but we can definitely tackle our organizational structure in 2023.

After a brief discussion, it was decided that the current version of the charter would be uploaded to the Google Drive for people to suggest edits. The Google Doc can be found here. The charter and suggestions will be revisited on December 15. In the meantime, everyone is encouraged to review and add notes.

Any Other Business

A decision on next week’s meeting will be made and shared with the group prior to November 17.

IAWG leadership keeps an action item list.
All IAWG participants should be aware that the spreadsheet exists and that it lists everything we think the IAWG is working on or planning to work on. Please feel free to review it and correct it if needed - it is not our intent to overlook something!

...