Attendees
Voting participants: Ken Dagg; Scott Shorter; Richard Wilsher; Mark Hapner; José López
Non-voting participants: Roger Quint, Stuart Young, Martin Smith.
Staff: Colin Wallis, Ruth Puente
Quorum: 4 of 7. There was quorum.
Agenda
- Administration
a. Roll Call
b. Agenda Confirmation
c. Action Item Review: action item list
d. Minutes Approval: 2019-01-24 DRAFT Meeting Notes and 2019-01-17 DRAFT Meeting Notes
e. Staff reports and updates - Director´s Corner January 2019 and Keep Up with Kantara January 2019
f. LC reports and updates
e. Call for Tweet-worthy items to feed (@KantaraNews or #kantara)
2. Discussion
a. New revised Overview document - IAF 1000 (Attached).
b. DHS CISA Emergency Directive ED 19-01 on the topic of securing DNS infrastructure.
3. Any Other Business
a. KBV at IAL2
b. Coordinate submission of the memos to NIST
Updates
- Colin commented that Experian has been approved under 63-3 Trust Mark at IAL2 and shared the link to the Press Release https://kantarainitiative.org/kantara-initiative-approves-experians-crosscore-platform-for-conformance-with-nist-800-63-3-ial2/
- Colin commented that there are potential partnerships which would imply running new schemes.
Minutes Approval
2019-01-17 Meeting Notes and 2019-01-24 Meeting Notes were approved by motion.
Discussion on the new revised Overview document - IAF 1000
- Richard provided substantive comments to the document, so a new draft would be provided soon.
- Ken went through the various sections, starting with the Abstract. He stressed some definitions of the terms, Relying Party (org that is running the online services), End User (client of online services) and Credential Service Provider (that the RP would rely on for authentication of the end user).
- Richard highlighted that we need to describe the Kantara´s IAF and suggested to look the terminology within the KI IAF scope. He suggested including the Glossary in the Overview, and using terms that have been defined. He added that there are some cases where the End user directly contact the KI CSP, and the RP may get involved later once the End user have a credential. Also, he suggested avoiding a definition for End user.
- Martin asked if the IoT would be included or it would refer to humans only. Richard responded that there are no criteria that allow to recognize non-human entities. Colin commented that someone has reached out Kantara for IoT Assurance, so at same point, if there is a business proposition this would be included within the IAF scope.
- It was said that it would be better to use "client" instead of "end user".
DHS CISA Emergency Directive ED 19-01 on the topic of securing DNS infrastructure.
- Ken suggested to reach out DHS about this Emergency Directive. Colin responded that Kantara will take advantage of the good relationship with DHS S&T team on the KIPI Program, so the plan would be to request the contacts of CISA.