Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 11 Next »

Agenda

  1. Administration:
    1. Roll Call
    2. Agenda Confirmation
    3. Action Item Review: action item list
    4. Organization Updates - Director's Corner
    5. Staff reports and updates
    6. LC reports and updates
    7. Call for Tweet-worthy items to feed (@KantaraNews or #kantara)
  2. Discussion
    Review and approve 63A/B SACs 
    Discuss approach on new GSA requirements and approve Project Plan 
    Initial comments on GSA Concept of Operations and Certification Process drafts.
  3. AOB

Attendees

As of 2017-03-16, quorum is 4 of 8 (see list box below for voting members)

Meeting (did) achieve quorum

Voting

  • Mark Hapner, Resilient
  • Denny Prvu, Secretary
  • Scott Shorter, IAWG Vice Chair
  • Ken Dagg. IAWG Chair
  • Andrew Hughes, LC Chair
  • Richard Wilsher, Zygma 

Non-Voting

  • Aakash Yadav, OKTA
  • José Lopez, Zentry
  • Christine Abruzzi US Arlington

Staff

  •  Colin Wallis, KI ED
  • Ruth Puente, KI Executive 

Apologies

  • None

Notes & Minutes

Staff Updates

Director's Corner October Report 

Some highlights:

  • GDPR Summit beginning of October. http://www.gdprsummit.london/ 
  • Working on Privacy Summit and Standars. Mark Lizar is leading the effort and evaluating the feasibility to held an event in January 2019., which would be the first KI event.
  •  Pre-conference workshop to curtain-raise Kuppinger Cole's Consumer Identity World Tour 2017  in Paris, 27th November, where Consumer identity and Access management, UMA and Consent Receipt were presented. 

Discussion

AY asked when 63C SAC would be developed. SSH responded that the work was focused on 63A and 63B (Level 2) as immediate deliverable, in long term we plan to develop criteria for C as well.

AH added that further developments would be demand driven. The current product was developed with the intention that CSPs can be re-certified in alignment with 800-63-3, basically IAL2 and AL2. In the furture, KI will be developing criteria for 63-3 AL 1 and 2, IAWL 1 and 3, 63-C.

SS presented 63A/B SACs that SG 800-63-3 has developed:

KIAF-1430 63A_SAC v0.6.0.xlsx

KIAF-1430 63B_SAC v0.6.0.xlsx

KD thanked Scott for leading the team that developed the SAC and all the volunteers that helped to develop the SACs. Also, he thanked ID.me sponsorship of this work. CW stressed the relevance of ID.me sponsorship and thanked KUMA for the volunteer effort, as well as to all volunteers. 

KD provided SACs next steps and schedule: 

  • Public Comment Period and IPR Review: Opens:  4 December 2017.  Closes: 22 January 2018 
  • Potential changes implementation according to comments received  22 January - 31 January  2018
  • LC to Certify sending the SACs to All Member Ballot: 1-8 February 2018 
  • All Member Ballot  Opens 9 February  – Closes (?) 24 March 2018 (maximum). Min 14 days – Max 45 days. Requires a "Supermajority of those voting, with at least 15% of all members voting" (i.e. at least 75% of those casting a vote must vote to approve). 
  • Implementation Deadline set by NIST: 22 June 2018 


AH requested to list the active contributors of this work in the front page or second page.

SS commented about the philosophy that was applied. 

  • A shall was an easy guidance to follow. NIST requirement about SHOULD highly desired various alternatives, it is not mandatory, discussing is this sth what was intended, you should but there sis not consequences. Should be interpreted as a shall or weak so no enforceable at all?.
  • Original requirement on the left, KI criteria we added a subject as most of the text were passive.
  • The group tunned the requirements to ensure CSP is doing its part.

 

AH asked if SACs reflect the errata of 800-63-3 documents? He does not see version and date of document, so he suggested to make sure the documents are correctly labeled and identify the date we pulled the source document.

SS commented that an additional value add some exposition about theories of why different types of identity evidence meet different strings, provide specific examples, explanations and analysis. KI would put a stamp on or GSA would like to provide a implementation Guidance that NIST did with FIPs 114.

Now that we have new requirements let´s make sure real work examples are following into the same slots when everybody evaluates.

 

AH as KI closer to an actual certification process, having guidance documents and Real implementation examples would be part of the document kit.

AH we can collate the material over the time.

Take a proposal to ARB, take out of each assessment what level of evidence was used, more transparency when possible.

CW confirmed Policy decision to ARB

Potential Changes to the policy

 

SSH Panels 2 and 3 Identity evidence validation string table for the different levels. Verification of identity evidence at the different levels.

 

 

AH spreadsheets forms into a traceability matrix, we can demonstrate coverage to 800-63-3 requirements. Other are mapping to the requirements of 800-63-3. KI criteria has some traceable properties

 

63B done for AL2. Only one panel, no sub-tables. Types of authenticators are reflected in groups below, there come blocks of applicable criteria are mandatory.

 

Row 91 Number 63B#0280- Scott to add references.

 

AH suggested that we should remove the highlights in yellow.

 

Motion on 63A SAC moving to next step in the process.

AH after the cosmetic changes be circulated 63A SAC be circulated to public comment and PR Review.

Motion 63B same motion above.

Mark H seconded both motions.

 

 

GSA has circulated process and procedures documents for TFS Program ConOps and Certification Process drafts. They request hthat 22 December to have comments back to them on these 2 documents.

Second part of KI work will be to identify changes to its internal process

 

KD presented the Project Plan to tackle comments to GSA and changes to KI Trust Framework Operations Program

KD proposed to create a sub-group and made a call for participants

 

Confirmed Volunteers:

Colin W.

Andrew H.

Scott S.

Mark H.

Richard W.

 

First meeting Tuesday 14:00EST

 

AH stressed that importance of this process, as these docs. under review at GSA are the requirements for KI to be able to offer approvals and assessments.

 

There are some significant requirement increases, these are the docs by which KI operates.

 

KD ARB emphasizes get their input to this process. Encouraging to offer their comments.

 

RP to re-send the comments of RW

RW  

 


 

RW reviewed the COSA 4.5 tcriteria could be withdrawn as they are covereded 63A oB SAV

 

Scott suggested Cross cjeck discussion Next Tuesday

 

CW encouraged the participants to take this survey as it is related to current IAWG discussion: https://www.surveymonkey.com/r/5YZ3Y9X




Motion to approve SACs:
Seconded: 
Motion Carried 


AOB

Attachments



Next Meeting

  • Date: Thursday, 2017-12-7 
  • Time: 12:00 PT | 15:00 ET



Write a comment…

Powered by a free Atlassian Confluence Community License granted to Kantara Intiative . Evaluate Confluence today.


Atlassian

  • No labels