Kantara Initiative Health Identity Assurance WG Teleconference
...
Info |
---|
DRAFT minutes, pending HIAWG approval |
Date and Time
Date: Thursday, 6 June 2013
Time: 10:00 PT | 12:00 CT | 13:00 ET
Dial in: TurboBridge Conferencing
- Skype: +99051000000481
- North American Dial-In: +1-805-309-2350
- Room Code: 613-2898
- For more dial-in information, see: http://kantarainitiative.org/confluence/display/GI/Telco+Bridge+Info
Health Identity Assurance Working Group Home Page
...
- Administration:
- Roll Call
- Agenda Confirmation
- Leadership Nominations / Election
- Upcoming Events page: http://kantarainitiative.org/confluence/x/pYDWAw
- Report out from latest LC meeting
- Discussion
- New Mission Statement for the Group
- WG Charter
- Aligning efforts with DirectTrust.org, EHNAC, and IDESG
- Deliverables for on-boarding healthcare worker digital identities
- Presentation on “A Privacy Strategy for the United States Healthcare Industry” (see attached) - Barry Hieb
- AOB
- (proposed for next meeting) Presentation on conducting risk assessments for apps dealing with PHI - Linda Goettler
- Adjourn
Attendees
Currently, quorum is 9 of 16
Voting
Non-Voting
Staff
...
Administration
...
- Discussion
Feedback to the Government of Canada on "Guidelines on Identity Assurance"
- Call for verbal comments or discussion prior to written response
- Due to day-job time commitments, little progress
- Ken offered to extend the deadline for comments to June 13 2013
- Question: how does the Canadian document relate to similar docs from US or UK? Answer: the material was reviewed during document development. NZ & UK gov has provided comments so far.
RP Guidelines
- Myisha notified that a draft call for participation has been sent out to the list
- Please send feedback
Ad Hoc Team Updates
Alignment with SP 800-63
- Richard Wilsher provided a join.me
- Work to date has been distributed to IAWG list
- Has restructured 800-63-2 to make analysis easier
- Kantara talks about Subscriber and Subjects - NIST does not differentiate: they only use Subscriber - check the glossary section
- 5.3 6.3 7.3 8.3 9.3 have been mapped - has skipped overviews and tutorial sections
- Has added sub-numbering to enable more specific discussion
- 5.3 section: the way 800-63-2 treats different LOAs is a bit mixed. RGW has re-sorted them into sections by LOA
- Has broken down distinct requirements even if they originally appeared in single statements
- then mapped each to the existing KI IAF item
- there is a Many:Many relationship
- In the KI SAC - has inserted indexes back into the modified 800-63
- Note that there are SAC criteria that do not have an equivalent
- Comment: for those extra items, they originally came from Good Practice - Kantara's aim is to determine if the organization is sound. NIST assumes that Government Agencies are sound and following GSA guidance
- Comment: Some of the items that are not specifically 800-63 criteria might actually be Privacy criteria
- To create a Privacy profile, just go through the SAC and annotate them
- There are some puzzling items
- e.g. 5.3.1.2.5 question about item c) - it reads as if the bullets apply to all LOAs - it is difficult to disentangle the statements - is this a change request to NIST? RGW needs feedback.
- Red Text to indicate where there might be the opportunity to define a US Profile:
- 800-63-2 becomes very specific - there may be other options that could meet the criteria.
- There might be options that work outside of the US.
- These might be criteria that could be less specific in the SAC and use the US profile to include the more prescriptive material
- There are items that do not currently exist in the SAC - question is do they need to be added?
- Requested comments by 20 June 2013
- RGW will send out a formal request for comment with a formal comments form
- Intent with this work is
- Result will be a Kantara owned publication
- The mapping document will remain publicly viewable
- Will be provided to NIST as suggestions for updates
- The Comments back to RGW should eventually be posted to the wiki to enable future understanding of rationale
- Comment: once the work is done, should schedule a IAWG F2F in DC area to discuss the approach and documents to update NIST and seek feedback
AOB
...
Discussion
Item 1
AOB
Action Items
Item # | Description | Assigned to | Est. Completion |
---|---|---|---|
2013-06-06-001 | Review and provide feedback on Govt. Canada guideline. IAWG will collect and send a consolidated version. | All | 13 June 2013 |
2013-06-06-002 | Review RGW 800-63-2 vs KI IAF mapping documents and provide feedback | All | 20 June 2013 |
2013-06-06-003 | Review and provide feed back to Myisha on Relying Party Guidelines call for participation | All | 13 June 2013 |
2013-06-06-004 | Send in event information to Staff for updating the community calendar and Upcoming Events | All | Info only |
2013-06-06-005 | IAWG-NIST F2F in DC area to discuss approach and feedback on 800-63 v IAF analysis approachStaff / IAWG Leads | TBD | |
Attachments
Guideline on Identity Assurance-Consultation Draft Apr 25 2013.pdf
Standard_on_Identity_and_Credential_Assurance.pdf
Kantara IAF-1400 SAC-63-2 v0-1.docx
Next Meeting
Date: Thursday,
...
20 June 2013
Time:
...
10:00 PT |
...
12:00
...
CT |
...
- Conference ID: 613-2898
...
13:00 ET
Dial in: TurboBridge Conferencing
- Skype: +99051000000481
- North American Dial-In: +1-805-309-2350
- Room Code: 613-2898
- For more dial-in information, see: http://kantarainitiative.org/confluence/display/GI/Telco+Bridge+Info