IAWG Meeting 27 September 2012

...

1. Administration:
   
   1. Roll Call
   2. Agenda Confirmation
   3. Motion for minutes: IAWG Meeting Minutes 2012-09-13
   4. Update on nominations for Chair
2. EU participation
3. KAR feedback from ARB (see v.5 of the document)
4. Disposition of Comments - https://secure.join.me/398-538-735
   
   1. Kantara IAF-1100 Glossary (Kantara IAF-1100-Glossary v2.1
5. Roadmap
6. Outreach
7. AOB
8. Adjourn

...

Apologies:

Minutes

• Approval for IAWG Meeting Minutes 2012-09-13
  • Bill moves to approve; seconded by Colin; no discussion; minutes approved

...

• Kantara IAF-1100 Glossary (Kantara IAF-1100-Glossary v2.1)
• (Richard) Comments on glossary are out of scope for 45 day review since it was submitted outside the review period, so suggests we go ahead and publish the revised 5 documents and deal with the glossary comments in the next revision; note we also have other comments coming in indicating we're going to have to do a another revision soon in any case
  
  • (Ken) agrees as long as any changes made so far that would impact the glossary are included/revised in the glossary
  • (Myisha) disagrees that the glossary was out of scope since it is on the public announcement page
  • (Myisha) do the documents be approved as one large set, or can they be approved in discrete components?  (Joni) yes, that is reasonable and acceptable
  • (Andrew) would it be fair/necessary to put a warning on the glossary and the other documents that it is out of sync; (Colin) that makes sense; (Joni) part of this set of changes is that we've talked this through with FICAM and as a result we have two versions of the IAF and the process, and finishing this revision will actually amalgamate that in to one version and will help us with the creation of a document repository of normative documents; (Richard) it should absolutely be in the repository not the documents else you have to revise every document when the glossary is revised, we could include something also in the glossary itself since it will be actively under revision;
    
    • (Ken) it is only 5 documents that would need to be touched, is that really a problem? Could that be a staff revision without  full approval cycle of the IAWG? (Joni) that would be acceptable
    • (Richard) what should the cautionary note say? "Users of this document should be aware that the Glossary is under revision and certain terms may be inconsistent.  Clarification of terms should be sent to the IAWG."? (Andrew) if the document set says refer to the index for comments and latest versions, that may be enough; (Richard) a distinct statement that there is a fair chance they are not aligned with definitions in the glossary or on the website, either way it needs to be a clear statement and if one just had a more general "look for normative documents here" wouldn't be clear enough
    • (Ken) in looking at the 5 docs, other than the Introduction, all have a glossary section where a sentence could be added; (Colin) in the DoC a comment was provided regarding the authoritativeness of the separate glossary, and if we add that to the point that the authoritative glossary is that separate doc is under update
    • (Richard) perhaps we shouldn't have those separate mini-glossaries, unless the terms are only used in the individual document; (Ken) like to have all the terms in a single glossary whether or not they appear in just one document or not
    • (Myisha) consensus: remove per-document glossary from the documents and move them to master glossary, and add a per-document note that the master glossary is under revision, any uncertainty regarding a definition should be referred to the IAWG, and that removal of that comment should be considered a Secretariat editorial change
      
      • Richard Wilsher makes a motion to formalize above consensus; Ken Dagg seconds; no objections or discussion - motion passes
      • AI: Richard will send exact text to the list and put them in the documents, pass then to Heather for publication

IAWG RoadMap

• Document maintenance - this round is just about done
• KAR - done (as per earlier in the call)
• PAC - waiting for input from P3WG
• Relying Parties - push this down on the priority list; doesn't have a work sponsor and the work really needs to start with the relying parties themselves;
  
  • (Myisha) this is more a work item that credential providers would like to have confidence in the Relying Parties, so while the work effort would require bouncing stuff off the RPs, we need more interaction with the credential providers
  • (Ken) partial agree; RPs need to be involved in order to make sure any requirements placed on them are implementable, but its the CSP/IdP should be setting those requirements; the Service Assessment Criteria should have been developed by Relying Parties because they are the one that have to rely on those assertions
  • (Andrew) background question - do we know of any RPs at LOA3? are there any barriers to RPs coming on board? (Joni) it is in the IdP interest that the RPs are using trusted practices as well, and the biggest RP we work with is the US Fed Gov't, but they don't themselves really certify; what other sets of RPs would consume an LOA-type program?  Health care space would be huge
  • (Andrew) what kind of requirements could we apply to an RP? (Ken) see InCommon as an example of requirements on both RPs and SPs
  • (Andrew) would we / could we ever disconnect an RP if they had repeated egregious issues?  (Myisha) Would these be guidelines or certification criteria? we called them best practices guidelines; (Andrew) and the CSP could put these guidelines in their own agreements with RPs
  • Continue this conversation on next call, how can we move this forward in incremental steps while we wait to find a champion to move it forward

...