Versions Compared

Old Version 1

changes.mady.by.user Former user

Saved on

compared with

New Version 2

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Kantara Initiative Identity Assurance WG Teleconference

...

  1. Administration:
    1. Roll Call
    2. Agenda Confirmation
    3. Minutes Approval: 
      1. DRAFT IAWG Meeting Minutes 2015-09-10
      2. DRAFT IAWG Meeting Minutes 2015-09-03
      3. DRAFT IAWG Meeting Minutes 2015-08-27
      4. DRAFT IAWG Meeting Minutes 2015-08-20
      5. DRAFT IAWG Meeting Minutes 2015-07-30
      6. DRAFT IAWG Meeting Minutes 2015-07-16
    4. Action Item Review
      1. Ken to create IAWG report to LC.
      2.  Ken to contact Joni and Leif regarding the FICAM review.
      3. Andrew will send a note to the list and call for volunteers regarding SAC maintenance and support
      4. Andrew to convene meeting of CSPs to discuss core criteria
    5. Organization Updates - Director's Corner
    6. Staff reports and updates
    7. LC reports and updates
    8. Call for Tweet-worthy items to feed (@KantaraNews or #kantara)
  2. Discussion
    1.  Discussion of KIAF-5463 v1.4, comment resolution and discussion of electronic ballot
  3. AOB
    1.  
  4. Adjourn

 Attendees

Link to IAWG Roster

...

Info

Meeting achieved quorum

 

 

Voting

...

Voting

  • Ken Dagg (C)
  • Scott Shorter (S)
  • Andrew Hughes (VC)
  • Lee Aber
  • Richard Wilsher

Non-Voting

  •   Pete Palmer

Staff

  •   Ruth Puente

Apologies

  • None

 

Info
titleVoting Members for Cut/Paste
  • Ken Dagg (C)
  • Andrew Hughes (VC)
  • Scott Shorter (S)
  • Rich Furr
  • Paul Calatayud (VC)
  • Devin Kusek
  • Adam Madlin
  • Kenneth Myers
  • Cathy Tilton
  • Richard Wilsher
  • Lee Aber
Info
titleSelected Non-Voting members for Cut/Paste
  • Bill Braithwaite
  • Björn Sjöholm
  • Susan Schreiner
  • Jeff Stollman

 

Notes & Minutes

...

Motion to approve minutes of yyyy-mm-dd
Seconded: 
Discussion: 
Motion Carried | Carried with amendments | Defeated

Action Item Review

  • Ken to create IAWG report to LC.  
    (TBD)
  • Ken to contact Joni and Leif regarding the FICAM review.  
    (Ken spoke to Joni, FICAM will be invited to participate in IAWG, no word on this yet.)
    Andrew asks what's been going on with the FICAM business.
    Scott mentioned that FICAM has done reviews of CSPs.  
    Lee Aber confirmed that FICAM has done audits of all the CSPs. It was frustrating to go through the Kantara process and then have to go through the FICAM approval process as well.
  • Andrew will send a note to the list and call for volunteers regarding SAC maintenance and support
    (TBD)
  • Andrew to convene meeting of CSPs to discuss core criteria
    Sent today - we will see how the response is and go from there. 

Staff Updates

...

Participant updates
  •  

Discussion

Richard notes that there has been no feedback to date, nor anything specific he would want to turn over.    Plan will be to do an electronic ballot and conduct the minimum period of time needed.  Could probably do a ballot for five days if needed.

Andrew supports publishing the document if we make clear that it is not guidance to the SAC.

Ken asks Richard to write up a short intro to the leadership team to describe the document.

AOB

Andrew notes that Scott Perry might be able to join - and Scott joined.  Andrew described the background on assessing core criteria.  Scott Perry had responded to Andrew on the email.

Scott Perry notes that the organization does two things - accredits auditors and then trying to promulgate what audit criteria need to be assess. Either accredit assessors to have the flexibility to do what is right, or you don't accredit and be very specific about how and what to audit.  If you do both, it defeats the accreditation of the assessor.  As a CPA, required to do a risk assessment as part of an assessment engagement.  In that risk assessment, there's a judgment, each criteria must be judged how to look at it. That judgment needs to be available to the assessor to do the best job for each situation.  The challenge of coming up with one model to create flexibility. Basic point is to give the assessors the judgment which criteria to spend extra time on based on the organization's requirements.  Scott Perry further notes that the Federal Bridge PKI developed the triennial audit process, but his clients would prefer a full audit annually.

Andrew Hughes - notes that the triennial approach by Kantara was informed by the Federal Bridge PKI.

Richard Wilsher - let's not confuse the accreditation process with the process of determining conformity. They are related and necessary parts of the IAF. Recall that we go down this path because of pressure from CSPs who have not wanted to undergo a full assessment each year, which was the original arrangement. Balancing CSPs and Kantara's different goals.  The core criteria approach has been led by the feds, including David Temoshak, and there may be a political issue with respect to how the ARB pitches Kantara to the CSPs.

Perry notes that the effort to spin up an assessment is such that a complete assessment each year is not a large marginal cost over a portion of the SAC.

NExt step will be for Ken to touch base with the ARB and inform them of the results of this discussion.

Richard asks that we discuss the other IAF document (mapping to 29115) IAF-5415 in two weeks 10/1.  Richard will review.

Attachments

 

 

Next Meeting

...