Attendees
Ann West, Incommon
Colin Wallis, KI
...
Adam Madlin, IAWG participant
Ruth Puente, KI
IAWG Report provided by Scott Shorter
- IAWG finished the Kantara service assessment criteria for assessments against the requirements of NIST 800-63A at IAL2 and 800-63B at AAL2. There was a Public Comment and IPR Review Period, and there will be an All Member Ballot for final approval before publication of the two documents.
- Service Assessment Handbook was published at the end of January and the Assessor Handbook will come soon.
SAFE BioPharma Report provided by Peter Alterman
- SAFE BioPharma has merged with NH-ISAC. SAFE BioPharma maintains all the existing contractual relationships.
- They completed their conformity profile for 800-63-3 A and B, the authenticator and identity proofer. They are incorporating federation requirements to their federated service standard documents, which will then be incorporated into 800-63-3 conformity profile as a complete set. Once it is ready, they will share it with the partners.
- In the cross certification mapping, there is a technical discussion between Europeans and North Americans, which SAFE BioPharma is trying to normalize.
- Matt King is the new CEO of SAFE Biopharma, and Peter Alterman position is Director of Policy and Compliance.
...
-GDPR has created problems for research and for European service providers. GEANT has created a Data Protection Code of Conduct, a code of conduct to handle personal information which was discussed during the workshop in Vienna on 6 February 2018. Research Service Provider could sign on this code of conduct. Code of Conduct link: https://wiki.refeds.org/display/CODE/GEANT+Data+Protection+Code+of+Conduct+workshop+6+February+2018
Open Mic
Topic: 800-63-3 Evaluating strengths of evidence.
...
- It was suggested to build up a body of knowledge and consensus about what types of identity evidence can meet FAIR, STRONG and SUPERIOR requirements, and discuss methodology to validate the evidence and verification of the identity.
- Kantara offered to host a Working Group on this topic, where all interested parties can convene.
- The idea would be to fill the grey areas in a collaborative way and have a common level of trust.
- Common agreement among the stakeholders on the fundamentals.
- It was suggested to make public an assertion by the TFPs that the assessor is approved and competent and has assessed the Service Provider under a known methodology and found that the processes conform to 800-63-3. If there is a common understanding, the TFPs could trust on the assertion of each other.
- Next steps: Draft a scope of work for the Joint Working Group and send it to theTFS mailing list before the next TFS Sync. Scott Shorter volunteered to send the first draft.
Various
- It was commented that GSA team reported that they are reviewing the comments submitted by the TFPs and talking to the federal agencies.
Action items:
- Scott Shorter to share a first draft of the Joint Working Group charter before the next TFS Sync.