Page Comparison

...

...

Attendees

Voting participants: Ken Dagg; Mark Hapner; Rich Furr; Martin Smith Non-voting participants: 

Staff: Colin Wallis, Ruth Puente

Quorum: 4 of 7. There was quorum.

Agenda

1. Administration:
1. Roll Call
2. Agenda Confirmation
3. Minutes Approval 2019-05-02 DRAFT Minutes
4. Action Item Review: action item list
5. Staff reports and updates -  Director´s Corner and Keeping up with Kantara May 2019 
6. LC reports and updates
7. Call for Tweet-worthy items to feed (@KantaraNews or #kantara)
2. Discussion

a. DIACC Request for Review & Comment: Verified Login Component & Verified Login Conformance Profile
b. Vice-Chair Elections 
c. Criteria Guidance (Any participant suggestions for adding or enhancing guidance for understanding assessment criteria)
3. Any Other Business

Minutes Approval

2019-05-02 DRAFT Minutes were approved by Motion. Moved:  Mark Hapner Seconded: Ken Dagg. Unanimous approval. 

Updates

• Director´s Corner - May 2019
• Newsletter: May Colin
• Ken commented that Kantara is in process of hiring a DC based Kantara Ambassadorthe IAF Overview and Glossary - IAF 1050 is under Public Comment and IPR Review for 45 days. After that period closes, there will be an All Member Ballot. 
• Ken said that he has sent a note to the IAWG, informing that there have been changes to the FIPS documents and encourage CSPs to review their systems to ensure that they remain complaint. 
• Colin announced pointed out that TEFCA v2.0 was open for public comment. HIAWG would need IAWG help and expertise on 800-63-3. 
• He added that NIST will release an errata soon on 800-63-3.
• LC Update 

-IAWG: Scott Shorter resigned as Vice-Chair due to his new job at IBM, therefore there will be Elections for the Vice-Chair position shortly. 

• LC update - Consent Receipt:

...

• During the ISO SC27 meetings in Tel Aviv

...

• the summary of the Consent Receipt structure was submitted to be an annex of ISO29184 (Online Privacy Notices and Consent)

...

• and it was accepted in principle

...

-UMA: UMA's development is gaining great attention within the community. IETF 105 is scheduled for Canada in August - another attempt to get UMA accepted for Standards track. 

Approval of IAF Overview and Glossary - KIAF 1050

• KIAF 1050 was approved by Motion. Moved: Richard Wilsher  Seconded: JJ Harkema. Unanimous approval. 
• Richard said that a note should be added indicating that the glossary is scoped only for the content of this document, not a full glossary, it will be updated when other terms are incorporated. The idea is that the Ken and Richard keep updating and refining the terms of the old Glossary. 
• Next steps: LC confirmation; Public Comment and IPR Review; All Member Ballot. 
• Once the document gets the final approvals, it will be version 1.0. 

Socialize the notion of FIPS 201 

• It was said that IAWG, CSPs and Assessors should be aware of FIPS 201: https://www.idmanagement.gov/want-to/sell/fips201/
• Ken will send a note to the IAWG, informing that there have been changes to these documents and encourage CSPs to review their systems to ensure that they remain complaint. 

Upcoming Vice-Chair Elections 

• Ken commented that there will be a Nominations period shortly.

Criteria Guidance (Any participant suggestions for adding or enhancing guidance for understanding assessment criteria)

• Richard commented there are outstanding recommendations to submit to NIST on 800-63-3. He would send the reports for IAWG review. 

Action items

• Ken to add a clarification note to the KIAF 1050 in relation to the scope, send it to LC and prepare it for the Public Comment and IPR Review. 
• Ken to send a note to the IAWG, informing that there have been changes to the FIPS documents and encourage CSPs to review their systems to ensure that they remain complaint. 
• Richard to send to the IAWG the reports for NIST. 

Vice-Chair Elections 

• Martin Smith has submitted his nomination for the Vice-Chair position. 
• Martin Smith was elected as Vice-Chair by acclamation. Unanimous Approval. 

DIACC Request for Review & Comment: Verified Login Component & Verified Login Conformance Profile

• Link to the DIACC Call for Comments: https://diacc.ca/2019/05/15/verified-login-overview-conformance-discussion-drafts/
• Ken pointed out that in the Overview discussion draft:

-He found very confusing the purpose of the log in component and the conformance criteria.

-In Line 47, he will ask what is the purpose for applying standardized conformance criteria for assessment and certification.

-Line 49, where does the trusted digital identity come from?.  The purpose on line 49 should be  "to ensure the log in process is good".

-Line 50,  "a certified process" has not been defined before.  

-There are several "MAYs" and "SHOULDs" in the criteria, which should be replaced by "SHALLs".

• Martin will send his comments to the IAWG mailing list after the meeting. 
• Rich pointed out that there is no credential issuance related text. He added that EU, ETSI and Kantara IAF have specific requirements on this regard, but there are no such references in the draft. 

OMB Memorandum- 19-17 - Enabling Mission Delivery through Improved Identity, Credential, and Access Management 

• The Office of Management and Budget (OMB) has rescinded M-04-04 and replaced it with this revised OMB policy officially published on: https://www.whitehouse.gov/wp-content/uploads/2019/05/M-19-17.pdf
• The Memo supports 800-63-3 conformance.

AoB

• Mark shared the following link https://www.theverge.com/2019/4/10/18295348/google-android-phone-fido-webauthn-phishing-two-factor-authentication

Action items

• Martin to send his comments about the DIACC draft Verified Login Component & Verified Login Conformance Profile by email.