Page Comparison

Attendees 

Ann West, Incommon

Colin Wallis, KI

Jose Lopez, Zentry

Tom Barton, Incommon

Andrew Hughes, KI LC Chair

Richard Wilsher, Zygma

Peter Alterman, SAFE BioPharma

Scott Shorter, IAWG Vice-Chair

Adam Madlin, IAWG participant

Ruth Puente, KI

IAWG Report provided by Scott Shorter 

• IAWG finished the Kantara service assessment criteria for assessments against the requirements of NIST 800-63A at IAL2 and 800-63B at AAL2. There was a Public Comment and IPR Review Period, and there will be an All Member Ballot for final approval before publication of the two documents.
• Service Assessment Handbook was published at the end of January and the Assessor Handbook will come soon.

SAFE BioPharma Report provided by Peter Alterman

• SAFE BioPharma has merged with NH-ISAC. SAFE BioPharma maintains all the existing contractual relationships.
• They completed their conformity profile for 800-63-3 A and B, the authenticator and identity proofer. They are incorporating federation requirements to their federated service standard documents, which will then be incorporated into 800-63-3 conformity profile as a complete set. Once it is ready, they will share it with the partners.
• In the cross certification mapping, there is a technical discussion between Europeans and North Americans, which SAFE BioPharma is trying to normalize.
• Matt King is the new CEO of SAFE Biopharma, and Peter Alterman position is Director of Policy and Compliance.

Incommon Report provided by Tom Barton

• They are implementing the Baseline expectations Program, which raises baseline on trustworthiness of Incommon Federation by focusing on the quality, accuracy and freshness of metadata. They are changing the legal agreement the participants have with Incommon Federation and working on the first rounds of Automated health metadata checks. Baseline Expectations link:  https://spaces.internet2.edu/display/TI/TI.34.2?preview=/122719158/122719394/BaselineExpectationsFoundationalDocument.pdf

• It was pointed out some of the challenges on R&E Federations discussed during the GEANT and TIIME Meetings in Vienna: 

-Find some way for no legal entities that support science to join Incommon;

-How to solve the issue of entities that cannot select a country in the application to join the federation (a required field) such as the European Space Agency that is international.

-GDPR has created problems for research and for European service providers. GEANT has created a Data Protection Code of Conduct, a code of conduct to handle personal information which was discussed during the workshop in Vienna on 6 February 2018. Research Service Provider could sign on this code of conduct. Code of Conduct link: https://wiki.refeds.org/display/CODE/GEANT+Data+Protection+Code+of+Conduct+workshop+6+February+2018

Open Mic

Topic: 800-63-3 Evaluating strengths of evidence. 

Background: There was a proposal to create a Working Group within the TFS Sync to work on areas of 800-63-3 - such as identity proofing strength definitions - that need greater specificity and/or clarity to ensure common understanding and common compliance.

• It was suggested to build up a body of knowledge and consensus about what types of identity evidence can meet FAIR, STRONG and SUPERIOR requirements, and discuss methodology to validate the evidence and verification of the identity.
• Kantara offered to host a Working Group on this topic, where all interested parties can convene.
• The idea would be to fill the grey areas in a collaborative way and have a common level of trust.
• Common agreement among the stakeholders on the fundamentals.
• It was suggested to make public an assertion by the TFPs that the assessor is approved and competent and has assessed the Service Provider under a known methodology and found that the processes conform to 800-63-3.  If there is a common understanding, the TFPs could trust on the assertion of each other.
• Next steps: Draft a scope of work for the Joint Working Group and send it to theTFS mailing list before the next TFS Sync. Scott Shorter volunteered to send the first draft.  

Various

• It was commented that GSA team reported that they are reviewing the comments submitted by the TFPs and talking to the federal agencies.

Action items:

• Scott Shorter to share a first draft of the Joint Working Group charter before the next TFS Sync.