Attendees:
Voting Participants: Ken Dagg; Richard Wilsher; Mark Hapner; Martin Smith
Non-voting members: Ann Racuya-Robbins, World Knowledge Bank
Staff: Colin Wallis and Ruth Puente
Quorum: As of 2019-12-19, quorum is 3 of 5. There was quorum
Agenda
- Administration:
- Roll Call
- Agenda Confirmation
- Action Item Review: action item list
- Minutes approval:
- 2020-02-20 Draft Minutes
- 2020-02-06 Draft Minutes
- 2020-01-09 Draft Minutes
- Staff reports and updates - Keeping up with Kantara February 2020and February Director's Corner
- LC reports and updates
- Call for Tweet-worthy items to feed (@KantaraNews)
2. Discussion
- Develop comments on PCTF Organization component - Please see initial comments attached.
- Address ARB concerns on OP-SAC with regard to phishing attacks, by adding a phrase to AL3_CM_CTR#020 (See 2020-02-20 Draft Minutes)
3. Any Other Business
Minutes Approval
2020-01-09 Draft Minutes were approved by motion. Martin moved and Ken seconded
2020-02-06 Draft Minutes were approved by motion. Mark moved and Richard seconded
2020-02-20 Draft Minutes were approved by motion. Richard moved and Mark seconded
Updates
- 63C sub-group had its first meeting on March 4th, 2020.
- Comments are being prepared for UK Government Digital Services on their GPG44 (Using authenticators to protect an online service).
Outstanding issue on OP-SAC
- Ruth commented that the IAWG has previously agreed to address ARB concerns on OP-SAC with regard to phishing attacks, by adding a phrase to AL3_CM_CTR#020 (See 2020-02-20 Draft Minutes)
- The action is still open, Richard is working on new wording.
Comments on PCTF Organization Component
- Ken has walked the group through each of the initial comments he added here DIACC-Comment-Submission-Spreadsheet-Verified-Organization-ENG KD (1).xlsx
- Ken was disappointed with the amount of editorial mistakes on the text.
It was commented that it's critical that when we are doing business, the organization we are making a transaction with be a verified organization. The main goal is to have process in place to ensure that federation networks are accountable and reliable and that exists and can be collected.
- Ken said that on the Privacy related ones, they must identify a valid reason for collecting information and get the proper consent. Richard asked if it's exclusively for the purposes of identity proofing. Ken confirmed yes. Richard stated that 63-3 provision on that says that we only should collect only information to uniquely establish the identity.
- Martin asked what aspect DUNS does not cover (DUNS Registry – British entity authority). Richard added that it's not a guaranteed source.
- The participants agreed with the comments and asked Ken to submit them to DIACC.
- Ken Is this anything we can include in the IAF.? Richard, yes but Refine and then move to adopt.