...
Administration:
Roll call, determination of quorum
Minutes approval -
May 18 DRAFT Minutes (non-quorate meeting)
Kantara updates
Assurance updates
Discussion:
Updates: DRAFT - NIST IAM Roadmap: Principles, Objectives, & Activities - Extended to June 16 & CARIN Credential Policy.
KIAF 1050 - Glossary and Overview - updates done by IAWG in 2021 were never approved. We've reviewed but haven't had a quorum to vote; plan for the future of the document.
IAF Criteria Updates - areas for discussion and action on current service assessment criteria
Any Other Business
Meeting Notes
Discussion:
IAWG Chair Andrew Hughes called the meeting to order. Roll was called. Meeting was quorate.
...
The policy is now shared on the wiki - you can find it here.
Lynzie updated the group on her call with CARIN the previous week. There continues to be several unanswered questions on what the expectation is for Kantara. Ryan (CARIN) and Kyle (DirectTrust) offered to meet with a group of us if desired. Kyle did update the group that DirectTrust will have the ‘entire package’ out the door in January. The positive to that is that even with our IAWG/LC approvals, open comment period, and all-member ballot, we have until late September before we need to have something finalized of this group.
...
Jimmy scrolled through the table of contents to identify the sections that are PKI based and what is what we do - Sections 3 & 4, some of Section 5. If CARIN is asking Kantara to provide something to complies with this entire policy - that’s a lot of work - and it’s PKI policy which is beyond us. We don’t assess any of Section 6. KIAF 1050 - Glossary and Overview
Mark King asked if minors were considered. It was on the CARIN agenda last week, but the group didn’t get that far, so it’s unknown what their plan is.
After the lengthy discussion - Andrew noted he does not want to make a Trust Mark for the credential policy as it is now. It’s a PKI certificate policy and most of it is out of scope for us. Richard mentioned offering a class of approval that accommodates variations we wouldn’t want others jumping in to - that are healthcare/CARIN specific.
Due to time, we could not move further on the agenda.
Any Other Business