Versions Compared

Old Version 2

changes.mady.by.user Lynzie Adams

Saved on

compared with

New Version Current

changes.mady.by.user Lynzie Adams

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Attendees:

...

  1. Administration:

    • Roll call, determination of quorum

    • Minutes approval - 2022-07-21 Minutes

    • General Updates

    • Assurance Updates

  2.  Discussion: 

    • SAC Update

    • 63b SoCA proposal

    • Assurance Program - continued discussion from previous weeks

  3. Any Other Business

Meeting Notes 

Administrative Items:

IAWG Chair Andrew Hughes called the meeting to order.  Roll was called. Meeting was quorate. 

...

Minutes approval:    Mark Hapner motioned moved to approve the draft minutes from the July 21 IAWG meeting. Martin Smith seconded the motion. The minutes were approved unanimously. Motion carried with no objections.

General Updates: n/a

Assurance Updates

...

Maria and Kay will both be at FedID during the first week of September in Atlanta. The extent of Kantara’s presence is still undecided until Kay hears more from JJ Harkema about logistics of the week. Kay and Maria are joining Jeremey Grant and Zack Martin for a round table throughout the week. Andrew requested an email with more details be shared with IAWG as others may likely be attending.

Discussion:

SAC Update

The SAC updates have passed Leadership Council and are now moving to an all-member ballot. Kay received the all-member ballot within the past hour but nobody else on the call had seen the email. Lynzie will work with Kantara IT staff to determine the issue with the membership email list and get it resolved. Andrew asked that everyone keep an eye out for the all-member ballot email as there is a requirement that at least 15% of members vote and it can sometimes be hard to get votes for obscure actions such as new SAC revisions. All Kantara members in IAWG should vote! The eballot can be found here.

Assurance Program

Remaining open issue - What, if anything, do we rename a component service to make it less confusing in the market?

...

Martin stated that it’s up to the market to determine how to put the pieces together to make a full service. Andrew asked if we support the first option, are we actually offering NIST 800-63 compliance? Or is the CSP just offering proofing services that are good? Martin restated that they offer services that comply with parts of 800-63.

Jimmy shared that the value of the component option is that someone who is trying to build a NIST-compliant system but can’t handle a certain section can shop for a component who already handles those criteria - and can provide it with a TM. By requiring a mandatory minimum, you are taking away the ability for an offering that meets NIST standards to be out on the market. Martin agrees as long as the CSP is honest and upfront that they do not offer a complete service.

...

Jimmy asked if there is full 63a and full 63b – or if it still needs to be both. This still needs pondered.

Any Other Business

Jimmy brought upMartin’s email about federation. Andrew has not heard anything other than they are beefing it up – not sure if it’s a full document. Maria did not have any additional insight either. Andrew will reach out to Matt Topper for further insight.

Kay brought up the CARIN alliance’s reliance on Kantara for definitions and what they are looking for. They are really struggling with definitions. Andrew noted that the pilot is for people looking at IAL2 and nothing to do with credential management so it feeds into this conversation.

IAWG leadership keeps an action item list. All IAWG participants should be aware that the spreadsheet exists and it lists everything we think the IAWG is working on or planning to work on. Please feel free to review it and correct it if needed - it is not our intent to overlook something!