Kantara Initiative Identity Assurance WG Teleconference

Minutes approved 2014-10-23


      IAWG Meeting Minutes 2014-10-02

      Action Item Review

      See the Action Items Log wiki page

      • ACTION: Andrew to Doodle a meeting time change to 3pm Eastern Thursdays or some times on Wednesdays
      US Profile Update
      • Andrew provided an overview of the proposal to do a SWOT analysis of the current IAF and how it might result in decisions to adjust/restructure the IAF
      • Joni pointed the group to the 'Vectors of Trust' discussion on the IETF list - a useful approach to consider & gaining momentum
      • Andrew suggested the concept of using a general controls framework such as COBIT as the scaffolding for TFs
      • Rich: should we look to ISO and eIDAS? Scott: ISO may be tilted in particular directions that may not suit our purposes
      • Ken: continue with the US Profile work
      • ACTION: Andrew to complete the proposal to conduct a comparative analysis of approaches
      FICAM TFS program updates
      • Tuesday October 7 2014: regular TFP meeting with FICAM TFS
        • Much discussion about componentization and the current restriction about combining Service Components which have approval from different TFPs
        • Discussion about where the liability should be assigned
        • Joni and Peter Alterman distributed a slide deck for discussion - will send to IAWG
      • Rich: IAWG assigned to look at the program and defining the assessment requirements (esp. connectivity and interoperability) to make it possible for FICAM TFS to remove the restriction
      • The 'Binding Service' and 'Identity Manager' need better definition
        • Roles and responsibilities
      • Andrew: recounted that the original IAWG white paper draft about componentization and "late binding" concepts still is around
        • ACTION: Andrew: needs some updating - Andrew to send to IAWG for comment and progression
        • Government of Canada and FICAM TFS have discussed the componentization approach to attempt alignment
      • Peter Alterman's Global Framework material
        • Draws on Threats as a foundation for controls/criteria structure and coverage - draws back closer to first principles to look for comparability
      • Draw on global community for further discussion: national bodies, other TFPs, Assessors, NIST
        • NIST is preparing to release an RFI on the topic of Assurance Levels and SP800-63 future
      • Question raised about State-level requirements
        • American Bar Association IDM thread on how to engage the States
      • NASCIO/SICAM, NIEF, Canada IDMSC, others - would be useful to engage them or coordinate connections
      • There may be an opportunity in January to connect with international governments


      Next Meeting
