Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 10 Next »

Attendees:

Voting Participants: Ken Dagg, Martin Smith, Mark Hapner, Mark King, Richard Wilsher

Non-voting participants: Roger Quint

Staff: Kay Chopard, Lynzie Adams


Proposed Agenda

Administration:

  1. Roll call, determination of quorum
  2. Agenda confirmation
  3. Minutes approval - 2021-08-26 DRAFT Minutes
  4. Staff reports and updates
  5. LC reports and updates
  6. Call for Tweet-worthy items to feed (@KantaraNews)

Discussion:

  1. Approve criterion language for CO_SAC.
  2. UK open consultation response.  

 Any Other Business and Next Meeting Date


Meeting notes 

Administrative Items:

The meeting was called to order at about 1:05PM (US Eastern). Roll was called. The meeting was quorate.

Minutes approval:  Mark King moved approval of the draft Minutes of the IAWG meeting of Aug 26. Mark Hapner seconded. The minutes as distributed were approved unanimously.

Staff reports and Updates:

Kay intends to move Kantara away from Virtual, a contractor that currently supports Kantara finances, membership, and other areas. She's looking for new company who can provide more services and at a better cost. Also, she is looking to not renew our contract with GTM and transition to Zoom, as people have requested. The GTM contract ends at the end of September, so the decision will be happening soon. A question regarding federal agencies use of Zoom has been investigated and the understanding is that classified meetings cannot be held via Zoom. Kay asked for concern within this group. After addressing functionality concerns and capabilities, the group was content with switching to Zoom. 

Ruth Puentes has agreed to be contracted for a few hours a month to continue to provide support in making the transition to the new Assurance Program Manager (Lynzie Adams) as smooth as possible.

In recent talks with some UK government contacts Kay addressed the perception in Kantara that the UK identity program was not interested in Kantara input. They acknowledged there is some validity to that perception, but explained that with new people things should be different. Kay's goal was to ensure they understood our perception and they did acknowledge it. She has a meeting with another official next week and will continue the conversation. 

Kay has been approached by a French organization (OSIA) to submit a proposal regarding third-party assessment of service-providers' implementations of open source standards. She's spoken to some people within Kantara about potentially expanding the assurance program but needs to talk with the assessors regarding their interest level in another line of work. The informal proposal needs to be prepared for the OSIA board meeting at the end of this month.  

There is a call scheduled for next week between GSA and New Zealand and Australia about  interoperability. They're looking for ways to let CSPs avoid going through multiple similar certification processes in different countries.

Mark King raised two questions - He asked if Kay was referring to the AAPPG as an additional UK contact  - if so, he said it seems like the right place to be for contacts with knowledge of views on identity matters in Parliament. He also asked if the potential OSIA work would have to be translated into French. Kay said she doesn't believe so but we are having some language issues in other areas so it is a good question to have confirmed. 

Richard raised a few other questions. Is OSIA trying to get assessments that would conduct testing to validate interfaces, or more of a paper-based review? Kay would need to confirm but she believes it's more paper-based. 

Kay then noted that there has been a lot of work around healthcare recently. We are partnered with the CARIN alliance. A very recent development is that Direct Trust has taken over Safe Identity as of this week. We had an MOU with Safe Identity but as a part of Direct Trust, Safe Identity will apparently not be bound by that agreement. Kay has meetings scheduled to see how we move forward. TEFCA, which is responsible for implementing key identity-related HHS/ONC initiatives, has specific objectives on identity proofing and requires healthcare providers and their vendors to be approved at several levels of assurance. Phil Lam is going to make some introductions so we can alert these groups that Kantara is available for this service. 

Ken thanked Kay for the information and intelligence provided to the working group, as it helps with planning and priorities.

Discussion:

Kay had a call with Phil Lam this morning. Federal agencies are talking to him about the difficulty they're having with pass rates due to facial recognition (AL2). Kay mentioned IAWG is drafting of material to offer guidance/information to federal agencies about alternative controls. Phil agreed with David Temoshok that this is not a good move and does not think Kantara should take this position. He commented that it could negatively impact the relationship Kantara has with both NIST and GSA. Phil suggested if agencies reach out that they should be directed to NIST or even to him. Kay wanted to ensure IAWG was aware before moving forward in the current process. 

Richard confirmed that our current revision is to formalize what is stated in 5.4 of 800-63. We are not inventing things, just making a stronger case.

Kay suggested it might be worth having further conversations before publishing for public comment. 

Richard suggested drafting a very clear case of which pieces of text in 800-63 our criteria embodies and if anything was invented – justify it. Show that there is rigor applied throughout the entire process. 

Through further discussion, it was suggested to have further conversations with Phil and delay our timeline for publication, aiming for publication after the holidays. There was concern that putting the draft into the public domain could be perceived negatively by GSA and NIST. Martin suggested asking about the comparable alternatives language projected in 63-4 during these conversations. Roger concurred. The group agreed that having GSA on board was critical. 

Martin suggested a conversation with Eric Thompson from the Department of Labor regarding the timeliness of this effort related to the idea of inclusiveness. Current standards make it difficult to be inclusive. 

Richard stated he is currently talking to 3 CSPs who are interested in comparative alternatives because they have federal agencies asking about it and they are having difficulties meeting the NIST criteria. He reaffirmed much of the prior conversation including a meeting with Eric Thompson to bring him up to speed. Kay will set up a meeting with Eric. 

Discussion was had around the timeline of 63-4 colliding with this publication, but Ken believes we are looking at early 2023 before that is released. Nobody voiced concern in delaying until January for publication. The consensus is to delay releasing the package for public comment until further conversations are had with GSA and potentially NIST. Richard will write a clear expectation of the changes and get to Kay for her next meeting with Phil. Roger stressed that the concern is the maturity of the standard. 

Kay will continue to keep Ken and the IAWG up-to-date with progress from the discussions and how the group wants to proceed.

UK Response:

Ken put together a response and will circulate after the meeting. He had preliminary feedback from Martin and Mark King. Please review and send comments. The group will discuss at next week's meeting as it is due Monday, September 13.

Other Business:

The New Zealand call for comments has a September 30 deadline. Ken will send it around after this meeting for discussion at the next meeting. 

Next meeting: September 9 at 1pm.

Meeting adjourned at 1:58pm EST. 


  • No labels