Page Comparison

...

a. New revised Overview document - IAF 1000 (Attached).  
b. DHS CISA Emergency Directive ED 19-01 on the topic of securing DNS infrastructure.

3. Any Other Business
ac. KBV at IAL2 b. Coordinate submission of the memos to NIST

3. Any Other Business

Updates

• Colin commented that Experian has been approved under 63-3 Trust Mark at IAL2 and shared the link to the Press Release https://kantarainitiative.org/kantara-initiative-approves-experians-crosscore-platform-for-conformance-with-nist-800-63-3-ial2/
• Colin commented that there are potential partnerships which would imply running new schemes. 

...

2019-01-17 Minutes and  2019-01-24 Minutes were approved by motion. 

Discussion on the

...

revised Overview document - IAF 1000

• Richard provided substantive comments to the document, so a new draft would be provided soon. 
• Ken went through the various sections, starting with the Abstract. He stressed some definitions of the terms, Relying Party (org that is running the online services),  End User (client of online services) and Credential Service Provider (that the RP would rely on for authentication of the end user). 
• Richard highlighted that we need to describe the Kantara´s IAF and suggested to look the terminology within the KI IAF scope. He suggested including the Glossary in the Overview, and using terms that have been defined. He added that there are some cases where the End user directly contact the KI CSP, and the RP may get involved later once the End user have a credential. Also, he suggested avoiding a definition for End user. 
• Martin asked if the IoT would be included or it would refer to humans only. Richard responded that there are no criteria that allow to recognize non-human entities. Colin commented that someone has reached out Kantara for IoT Assurance, so if there is a business proposition, this would be included within the IAF scope. Scott said that it would be helpful to clarify in the Overview that we are not doing this for the devices benefit yet. 
• It was said that it would be better to use "client" instead of "end user". Ken accepted the suggestion. 

...

• Scott commented that there have been recent reports on more active attacks on the Domain Name System, including the federal government. The Directive tells the agencies that they have 10 days to accomplish specific actions (audit DNS records, implement MFA, change passwords, make sure that only authorized certificates have been issued) to mitigate the problem. 
• Colin encouraged to be sensitive with the market needs. 
• Ken suggested to reach reaching out DHS about this Emergency Directive. Colin responded that Kantara will take advantage of the good relationship with DHS S&T team on the KIPI Program, so the plan would be to request the contacts of CISA.

...