Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 10 Next »

Attendees:

Voting Participants: Ken Dagg, Martin Smith, Mark Hapner, Mark King

Non-voting participants: Roger Quint, Varun Lal

Staff: 

Agenda:

  1. Administration:
    1. Roll Call and quorum determination
    2. Agenda Confirmation
    3. Minute approval (DRAFT minutes of 2021-07-15)
    4. Staff reports and updates
    5. LC reports and updates
    6. Call for Tweet-worthy items to feed (@KantaraNews)
  2. Discussion 
    1. Finalize proposed criterion language regarding "comparable alternative controls."  
    2. Finalize proposed text (if any) regarding use of "presentation attack detection" (PAD.) 
    3. Confirmation of other non-substantive changes to criteria to be included in the package to be submitted.
  3. Any Other Business and Next Meeting Date

Meeting notes: 

Administrative items:

IAWG Chair Ken Dagg called the meeting to order at about 1:05PM (US Eastern), and called the roll. It was noted that the meeting was quorate. Ken welcomed Varun Lal, noted that he had not participated recently in IAWG calls and invited him to introduce himself. Varun said he is a Senior Consultant at East Dynamics and is particularly interested in the proposal regarding PAD.  

Minutes approval:  Mark King moved approval of the draft Minutes of the IAWG meeting of July 29. Mark Hapner seconded. The minutes as distributed were approved unanimously.

Staff reports and updates: ED Kay Chopard (via email today) said: I did reach out to the UK government contact on the request for comment (not the official title) that the UK has sent out. I saw that they've updated it and I'm not sure if the update addresses your questions about certifications.

The UK government person is on holiday but she did respond to me and promised to get back to me later this month to talk more about what they are doing and planning.

Also just finished a conversation with a government official in Australia. I know that he was working with Colin already about leveraging our assurance program for what they need in Australia rather than requiring companies to do duplicate assurance processes for each company. I have to get up to speed on that as well but he was very supportive so I will also contact Phil Lam to figure out some next steps and what needs to get resolved.

LC reports and updates:  

Ken said the LC had not met since our last call, and there was nothing significant to report. 

Ken  reminded WG participants that Kantara staff is ready to help them publicize their newsworthy activities via the @KantaraNews Twitter handle. Requests can be sent to Ken D or Kay C.

Discussion:


Finalize proposed criterion language regarding "comparable alternative controls."  

Ken noted that in the absence of Richard Wilsher we would not likely be able to finalize the text for comparable alternatives, but asked the WG for any reaction to Jimmy Jung's email sent to the list today. Referencing the draft language for KI criterion 63A#0177, part (f), Jimmy proposed that "we might rather 'inform service's clients/consumers' than just 'make available to the service's clients/consumers' " the results of the CSP's determination of comparability of an alternative control.  After some discussion, Ken suggested the following language: 

(f) "Inform, directly or through a direct link, the service's clients . . ." 

A questions was raised as to how the (CSP) service's (RP) clients would be made aware of the use of an alternative control if the CSP's service incorporated a component service that used an alternative control.  Ken proposed that the main text of the criterion 63A#0177 be revised as follows:

"63A#0177  "If the CSP implements, or incorporates a component service that implements, comparable alternatives . . ."

The WG briefly discussed whether, if a CSP were to replace one component service in its offering with another (Kantara-certified) service, that would require recertification of the CSP's service. Ken stated the view that any change to a certified service would have to be notified to Kantara, and the ARB would determine if the change would require recertification or perhaps some lesser level of review. He thinks that replacement of a component service with one that incorporated a comparable alternative control would be considered a significant change in the CSP's service.

Ken closed the discussion of this item noting that he would bring the revisions discussed today to Richard W's attention so that any issues he might identify with the language could be resolved at the next IAWG meeting. 

Finalize proposed text (if any) regarding use of "presentation attack detection" (PAD.) 

RQ: were going to consult with RW and Kay present.  

KD:  postpone.

Short answer "no" but discussed clarification. 

Varun:  easy dynamics.  familiar with PAD. wondered what KI was thinking. 

RQ:  63-3b  "should" And 90 percent. 

KD:  again let's wait. 

Put to be by week of Sept 1,. to mid nov-start Dec. Need to meet on 19 and maybe 26th.

Confirmation of other non-substantive changes to criteria to be included in the package to be submitted.

kick to 19th

Varun Lal – thanks


Other Business:

Next Meeting: August 19, and then August 26 if necessary to finalize the criteria change package for submission to Kantara review. 

Ken adjourned the meeting at about 1:51PM US Eastern. 




  • No labels