Versions Compared

Old Version 1

changes.mady.by.user Lynzie Adams

Saved on

compared with

New Version 2

changes.mady.by.user Lynzie Adams

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Attendees:

...

Call for tweet worthy items.

Discussion:

IAWG Chair Election 

Andrew Hughes was the sole nomination for the IAWG chair. Voting members for the election include: Maria Vachino, Mark King, Mark Hapner, Jimmy Jung, and Martin Smith.

Maria motioned to selected Andrew Hughes as the new chair for this working group for the remainder of 2022. Mark King seconded the motion. Jimmy, Martin and Mark Hapner all voted yes. With a unanimous vote, Andrew Hughes is the IAWG chair for the remainder of 2022. He will start his new role at the next meeting. 

Service Descriptors

Next Meeting:

800-63 Briefing

The briefing and discussion was led by Maria. Some key points included:

  • 63-4 release delayed until end of summer. Controversy around ID proofing is mostly the reason - facial verification piece for IAL2 and above. There is also an increased focus in this administration for equity and inclusion issues.  It is taking NIST time to work it into the draft. No controversy with AAL or FAL at this point. 
  • Authentication – risk detection/ fraud detection type of responsibilities. Zero Trust document - 800-63 is a foundational piece of that. There is interest. The problem is the compensating controls used in the financial sector are geared toward a group very different from those needing government services (i.e., no internet, low-quality technology, etc).
  • NIST agreed to do a workshop with Kantara. They do that on a regular basis with agencies and is willing to do it with Kantara for Kantara members. Likely during the public review period.
  • Suggested solutions to the agencies could be appreciated on some of these issues. Probably not a desire for a listening session - but they always are looking for solutions.
  • 63-4 rumored changes: Enhanced IAL1 coming. Addition of a credible source being added to help with a risk-based decision. Expansion of a trusted referee is in the works – or an applicant representative, i.e. a social worker could assist the applicant with the proofing process.
  • NIST posted open questions they want addressed – beyond that is the equity and inclusion question. Low and moderate will have separate controls is the hope. It will help a great deal. Github is a good place to keep an eye on open questions.
  • Discussions around password-free processes.
  • Maria suggests all companies respond to the draft with not only the issues – but include suggested language. As for Kantara’s response, IAWG will likely be the WG to draft the language and then pass through individual organizations.

DIACC

It was determined that IAWG will not be able to draft a response in the time period allotted for the DIACC request.

Any Other Business & Next Meeting:

Jim Kragh introduced himself as the chair of the Federated Identifiers for Resilient Ecosystems (FIRE) work group and the vice-chair of the Healthcare Identity Assurance work group. These two work groups will be merging together to look very specifically at the underserved population. How do we gain trust? 

Will reach out to the group once we know more about the KIBoD meeting. Meeting will be held either May 19 or May 26.