Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »

Attendees:

Voting Participants: Ken Dagg, Martin Smith, Mark Hapner, Mark King, Richard Wilsher

Non-voting participants: Roger Quint

Staff: Kay Chopard, Lynzie Adams


Proposed Agenda

Administration:

  1. Roll call, determination of quorum
  2. Agenda confirmation
  3. Minutes approval - 2021-08-26 DRAFT Minutes
  4. Staff reports and updates
  5. LC reports and updates
  6. Call for Tweet-worthy items to feed (@KantaraNews)

Discussion:

  1. Approve criterion language for CO_SAC.
  2. UK open consultationresponse.  

 Any Other Business and Next Meeting Date


Meeting notes 

Administrative Items:

The meeting was called to order at about 1:05PM (US Eastern). Roll was called.

Minutes approval:  Mark King moved approval of the draft Minutes of the IAWG meeting of Aug 26 . Mark Hapner seconded. The minutes as distributed were approved unanimously.

Staff reports and Updates:

Kay intends to move Kantara away from Virtual. She's shopping for new company who can provide more services and at a better cost. Virtual currently handles the  finances, membership, and other areas. They did handle our wiki and website, but that's been turned over to our IT (Armin). Additionally, she is looking to not renew our contract with GTM and transition to Zoom, as people have requested. The GTM contract ends at the end of September so the decision will be happening soon. The concern for federal agencies has been investigated and the consensus being that classified meetings cannot be held via Zoom. Kay asked for any concern from this group. After addressing functionality concerns and capabilities, the group was content with switching to Zoom. 

Ruth has agreed to be on a contract for a few hours a month to continue to provide support to make the transition as smooth as possible.

Kay addressed the resistance surrounding the UK government with some contacts in recent meetings. They acknowledged these were truths and explained with new people things will be different. The goal was to ensure they understood our resistance and they did acknowledge it. 

Kay has been asked to create a proposal to do a third party (1:19) assessment and potentially expanding the assurance program. Kay needs to talk with the assessors and do more research on if they want to start another line of business. Have a board meeting at the end of this month so want to have the informal proposal together by then.There is a call next week about interoperability between GSA (Phil) and New Zealand and Australia. Looking to find a way where CSPs don’t need to do similar processes in different countries. 

Mark King questions – will the French one be required to be done in French. Don’t believe so. And other question…. (look up) about parliamentary.

Richard question – something that would validate interfaces? Or more of a paper-based review? *look up answer* Some clarification would be well. 

1:22 – find what Kay is talking about to write minutes. TEFCA and healthcare blurb. Possibly the Apple blurb.

Ken thanked Kay for the information and intelligence provided to the working group, as it helps with planning.

Ken – SAFE agreements. *Listen to Ken 1:29 to hear his summary*

Discussion:

Kay had a call with Phil Lam this morning. Federal agencies are talking to him about the difficulty they're having with pass rates due to facial recognition (AL2). Kay mentioned IAWG is drafting of material to offer guidance/information to federal agencies about alternative controls. Phil agreed with David Temoshok that this is not a good move and does not think Kantara should take this position. He commented that it could negatively impact the relationship Kantara has with both NIST and GSA. Phil suggested if agencies reach out that they should be directed to NIST or even to him. Kay wanted to ensure IAWG was aware before moving forward in the current process. 

Richard confirmed that our current revision is to formalize what is stated in 5.4 of 800-63. We are not inventing things, just making a stronger case.

Kay suggested it might be worth having further conversations before publishing for public comment. 

Richard suggested drafting a very clear case of which pieces of text in 800-63 our criteria embodies and if anything was invented – justify it. Show that there is rigor applied throughout the entire process. 

Through further discussion, it was suggested to have further conversations with Phil and delay our timeline for publication, aiming for publication after the holidays. There was concern that putting the draft into the public domain could be perceived negatively by GSA and NIST. Martin suggested asking about the comparable alternatives language projected in 63-4 during these conversations. Roger concurred. The group agreed that having GSA on board was critical. 

Martin suggested a conversation with Eric Thompson from the Department of Labor regarding the timeliness of this effort related to the idea of inclusiveness. Current standards make it difficult to be inclusive. 

Richard stated he is currently talking to 3 CSPs who are interested in comparative alternatives because they have federal agencies asking about it and they are having difficulties meeting the NIST criteria. He reaffirmed much of the prior conversation including a meeting with Eric Thompson to bring him up to speed. Kay will set up a meeting with Eric. 

Discussion was had around the timeline of 63-4 colliding with this publication, but Ken believes we are looking at early 2023 before that is released. Nobody voiced concern in delaying until January for publication. The consensus is to delay releasing the package for public comment until further conversations are had with GSA and potentially NIST. Richard will write a clear expectation of the changes and get to Kay for her next meeting with Phil. Roger stressed that the concern is the maturity of the standard. 

Kay will continue to keep Ken and the IAWG up-to-date with progress from the discussions and how the group wants to proceed.

UK Response:

Ken put together a response and will circulate after the meeting. He had preliminary feedback from Martin and Mark King. Please review and send comments. The group will discuss at next week's meeting as it is due Monday, September 13.

Other Business:

The New Zealand call for comments has a September 30 deadline. Ken will send it around after this meeting for discussion at the next meeting. 

Next meeting: September 9 at 1pm.

Meeting adjourned at 1:58pm EST. 


  • No labels