Versions Compared

Old Version 5

changes.mady.by.user Former user

Saved on

compared with

New Version Current

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migration of unmigrated content due to installation of a new plugin

Kantara Initiative Health Identity Assurance WG Teleconference

...

Info

DRAFT HIAWG Meeting Minutes

Date and Time

Date: Thursday, 2013 December 05 
Time: 10:00 PT | 12:00 CT | 13:00 ET
Dial in: TurboBridge Conferencing

Health Identity Assurance Working Group Home Page

...

  1. Administration:
    1. Roll Call
    2. Agenda Confirmation
    3. Meeting Minutes Approval: HIAWG Meeting Minutes 2013-11-07
    4. Organization updates - Director's Corner
    5. Upcoming Events page: http://kantarainitiative.org/confluence/x/pYDWAw
    6. Report out from latest LC meeting
    7. Action Item Review
  2. Discussion
    1. Continuation of the discussion on the Feasibility Study work 
  3. AOB
  4. Adjourn

 Attendees

Participant Roster

...

  • Bill Braithwaite
  • Adrian Gropper
  • Brian Ahier
  • Rick Moore
  • Nathan Faut

Staff 

  •  
Apologies
  • Laurie Tull

Administration 

...

Motion Carried 

Organization updates

Director's Corner

Upcoming Events page: http://kantarainitiative.org/confluence/x/pYDWAw

...

  • Comment: KI is primarily focused on non-PKI. DT is focused on PKI, non-FBCA Cross Certified plus some FBCA compliant, using X509 certificates partially for Groups and Individuals. How is it envisaged to relate the PKI and non-PKI environments? Are there other points of commonality aside from the IDP/V aspects?
    • Note that the DT Certificate Policy is being enhanced - there's the opportunity to line it up as appropriate
  • Worry that there's no current engagement with any Federal Bridge individuals
    • Once DT starts issuing certificates to individuals, it become essential to become FBCA Cross Certified (being compliant isn't sufficient)
  • Q: Is there any chance that the DirectTrust model (where the HISP can hold the Private key + Organizational/Group Certificates exist) can ever become FBCA Cross Certified? A: Opinion is no at the current time. Does not mean that it could not be.
    • There are methods where Group certificates can be implemented in a trustworthy way. However, the general drive (in DoD and DHS) is to move to more restrictive rather than accommodating ways.
  • Starting with the RA Assessments and program processes is worth doing.
  • Currently DT does not do non-PKI - but it might need to in the future. Or Kantara might need to handle PKI.
  • Q: Does 800-63-2 update give Hospitals new abilities to act as LOA3 PKI based credentials? A: Any entity can go to any FICAM/FBCA to get credentials. But it depends on the actual Certificate Policy. It's not really about 800-63-2.
    • However it's probably not a great idea in any case - setting up as a CA is a big and expensive undertaking.
    • Any entity that has satisfied the HIPAA requirements is well on its way to being certified. HIPAA compliance does not address the Privacy Act and or Federal CyberSecurity requirements.

 

  • To get the Feasibility Study work kicked off fast, discussed getting the 4 or 6 primary roles represented: (expert in Approval/Assessment Programs as related to IDP/V; expert as Assessed entity as related to IDP/V) for each of (EHNAC/DTAAP/DirectTrust; Kantara; Federal Bridge CA)
  • Primary contributor assignments below (of course everyone on the call has experience in many boxes, but to keep things efficient it would be helpful to focus on one in the early content rounds):
    • Jerry Cox: familiar with Federal Bridge CP Identity Proofing processes
    • Rich Furr (as Verizon): can provide the Verizon perspective for Kantara Assessee 
    • Peter Alterman (as Kantara Assurance Review Board member): can take on the Kantara Assessment Program front
    • Ron (as EHNAC assessor): DTAAP assessor role
    • Pete (as Medallies): DTAAP Assessee
    • Pete as Relying Party 
    • SAFE BioPharma is there for the FBCA processes if we need to align there too
  • ACTION: Terry Gold to work up a content framework and engage HIAWG by email prior to next HIAWG call

AOB

 

Attachments

 

Next Meeting

DateThursday, 19 December 2013 
Time: 10:00 PT | 12:00 CT | 13:00 ET
Dial in: TurboBridge Conferencing