...
Jimmy J: can we put in the "Notes" column of the criteria spreadsheet that we (KI) are going to publish fact of CAC? If we do something unusual, we need to make sure they (the RP) know about it.
Richard W: Maybe mod language to make avail : publish how you determined CAC and config requirements to make sure it is CAC. Fact of use in S3A could be noted. Suggest we need to modify the SPA to require that "where CACs are provided that it is at least noted (stated) in the publicly publishable part of the SPA, so that it is a declared capability." We don't have to provide specifics on what the CAC is or how it works, but only that the mere fact that it exists is stated. Kantara will publish that through the CSL.
Ken D: And that puts the client (RP) on notice and if they don't check further the onus is on them.
Ken: with that addition-- is group OK with this resolution?
...
KD: How about Australia? KC: did have a 1-on-1 with Jonathan Thorpe, head of the DCA agency, but that was not Colin's contact. He is supportive of Kantara's goals for interoperability, and also thinks Kantara can help them because they are generally using NIST standards. He is hoping companies don't have to go through same assessment process multiple times for different countries. He is looking for KI to provide some leadership in these areas. Outreach We also had outreach from Baruku (ph), who wants to talk about their work, but nothing scheduled yet
...
Martin S.: Maybe the thing to do is to make sure we include submit a comment advocating making PAD mandatory when a NIST issues the 63-4 draft comes comes out for review. JJ: I like that idea.
...