Kantara Initiative Identity Assurance WG Teleconference
...
- Administration:
- Roll Call
- Agenda Confirmation
- Minutes approval: IAWG Meeting Minutes 2014-07-03
- Staff reports and updates
- Discussion of 'US Government Profile', FICAM TFPAP deadlines in August and structure/form of the SAC
- AOB
- Adjourn
Attendees
Link to IAWG Roster
...
- Rich Furr ( C)
- Andrew Hughes (S)
- Devin Kusek
- Richard Wilsher
- Scott Shorter
- Cathy Tilton
- Adam Madlin
Non-Voting
Staff
Regrets
- Paul Calatayud (V-C)
Notes & Minutes
Administration
...
- Option: structure the SAC as a 'language and primitives for creating profiles'
- then create a profile from these primitives
- Observation: the 'US Government Profile' draft is not in the right format, and does not relate to the SACs
- Therefore it isn't a profile of the SAC and does not meet the needs of Kantara assessments
- ARB is talking about looking at the SAC and their relationship to 800-63
- The FICAM TFS Assessment Team assess the TFPs against the FICAM requirements - so that might be a more direct path to meeting the FICAM Approval requirements
- However, the Kantara SAC are in the Approved FICAM scope. And the SAC are used to assess CSPs. Since the SAC are mapped to 800-63 it means that these CSPs can be FICAM Approved as well
- Challenge is that the SAC are probably too tightly bound to 800-63 and limits their applicability to situations that are not based on 800-63. e.g. UK, Canada
- The path forward would need a profile to express the UK GPG in SAC terms
- A Kantara Assessment, by definition, must be against the Kantara SAC
- IAWG should take this discussion to the ARB to seek guidance on intent and plans for the IAF and SAC
- Can we go forward with approval of the IAF 3410 profiling document? Or do we have to settle the other discussion first?
- Q: what would the problem be in the US if Kantara used the FICAM criteria directly?
- A: As defined today, it would not follow the rules of the Kantara AAS
- ACTION: Andrew to do the work needed is to determine if the FICAM requirement is the same, greater or less than the SACACTIONSAC
- ACTION: Scott to try another approach to 'de-LOA' the criteria and use the profile to express the FICAM Profile
- Try out a first draft of IAF 3410 on a sample of criteria and see how the process works
- Bring back the sample profile to the IAWG for discussion
- ACTION: Furr to request information from Government of Canada about what criteria are not compatible with their approach
- ACTION: Wilsher to rev the 3410 by accepting all changes so we have a clean copy to work from.
...