Versions Compared

Old Version 4

changes.mady.by.user Lynzie Adams

Saved on

compared with

New Version Current

changes.mady.by.user Lynzie Adams

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Attendees:

...

  1. Administration:

    • Roll call, determination of quorum

    • Minutes approval - 2022-07-21 Minutes

    • General Updates

    • Assurance Updates

  2.  Discussion: 

    • SAC Update

    • 63b SoCA proposal

    • Assurance Program - continued discussion from previous weeks

  3. Any Other Business

Meeting Notes 

Administrative Items:

IAWG Chair Andrew Hughes called the meeting to order.  Roll was called. Meeting was quorate. 

...

Maria and Kay will both be at FedID during the first week of September in Atlanta. The extent of Kantara’s presence is still undecided until Kay hears more from JJ Harkema about logistics of the week. Kay and Maria are joining Jeremey Grant and Zack Martin for a round table throughout the week. Andrew requested an email with more details be shared with IAWG as others may likely be attending.

Discussion:

SAC Update

The SAC updates have passed Leadership Council and are now moving to an all-member ballot. Kay received the all-member ballot within the past hour but nobody else on the call had seen the email. Lynzie will work with Kantara IT staff to determine the issue with the membership email list and get it resolved. Andrew asked that everyone keep an eye out for the all-member ballot email as there is a requirement that at least 15% of members vote and it can sometimes be hard to get votes for obscure actions such as new SAC revisions. All Kantara members in IAWG should vote! The eballot can be found here.

Assurance Program

Remaining open issue - What, if anything, do we rename a component service to make it less confusing in the market?

...

Martin stated that it’s up to the market to determine how to put the pieces together to make a full service. Andrew asked if we support the first option, are we actually offering NIST 800-63 compliance? Or is the CSP just offering proofing services that are good? Martin restated that they offer services that comply with parts of 800-63.

Jimmy shared that the value of the component option is that someone who is trying to build a NIST-compliant system but can’t handle a certain section can shop for a component who already handles those criteria - and can provide it with a TM. By requiring a mandatory minimum, you are taking away the ability for an offering that meets NIST standards to be out on the market. Martin agrees as long as the CSP is honest and upfront that they do not offer a complete service.

...

Jimmy asked if there is full 63a and full 63b – or if it still needs to be both. This still needs pondered.

Any Other Business

Jimmy brought upMartin’s email about federation. Andrew has not heard anything other than they are beefing it up – not sure if it’s a full document. Maria did not have any additional insight either. Andrew will reach out to Matt Topper for further insight.

...