Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

Attendees:

Voting Participants: Ken Dagg, Martin Smith, Mark Hapner, Mark King

Non-voting participants: Jimmy Jung, Chris Lee, Roger Quint

Staff: Kay Chopard

Agenda:

  1. Administration:
    1. Roll Call and quorum determination
    2. Agenda Confirmation
    3. Minute approval (DRAFT minutes of 2021-07-15)
    4. Staff reports and updates
    5. LC reports and updates
    6. Call for Tweet-worthy items to feed (@KantaraNews)
  2. Discussion 
    1. Review the roadmap for moving a consolidated set of criterion changes through the Kantara approval process. 
    2. Discussion of GSA question about Kantara criteria referencing "presentation attack detection" (PAD) , and possible clarification of the relevant Kantara criteria. 
    3. Decide if IAWG should respond to a public consultation on a new (July 19) UK Government Cabinet Office draft paper on "Digital identity and attributes", response due 13 Sept
  3. Any Other Business and Next Meeting Date

Meeting notes: 

Administrative items:

IAWG Chair Ken Dagg called the meeting to order at about 1:06PM (US Eastern), and called the roll. It was noted that the meeting was quorate. 

Minutes approval:  the draft Minutes of the IAWG meeting of July 15 were approved unanimously.   MK, MH  

Staff reports and updates: Kay – Lynzie Adams hired, in training, Aug 23 full-time based on US, will be able to help IAWG. Not expert yet but no one interviewed was,  

LC reports and updates:  Ken – not much; P&I mDL Report , that DG being archived, a WG being chartered to carry on. FIRE WG making grant proposal. If successful, IAWG may get some things to do to create an new set of assessment criteria. 

Ken  reminded WG participants that Kantara staff is ready to help them publicize their newsworthy activities and via the @KantaraNews Twitter handle. Or send to Ken D or Kay C.

Discussion:

c.  Ken – any interest or thoughts? Mark King – really about governments, bit on certification is TBD. Suggest not agreeing but reconsider at a later IAWG to decide. Ken-- maybe Kay could raise the lack of a certification process via informal call.  KAY: I do know one of the POCs. Ken:  have been trying to get involved for several years, but OIX has had inside track and apparently discouraged UK cabinet office to ignore Kantara.  action: Kay to contact and return.   (Allison is Kay's contact?) Reconsidber at end of August. 

b.  Ken:  discuss PAD issue. Might be oppty to enhance relationship with GSA.  Roger Q:  several people coming up with various tools Good opportunity. Move until next meeting in 2 weeks. JJ : have used PAD but it's a different kind of assessment–deeper. Sounds like a lab standards issue.  RQ: agree. Interested to hear what Richard is thinking. Ken-- would be part of the rolled-up approval package.  Kay: meeting with GSA Phil next week but won't raise this unless he does. 

A. Ken:  roadmap.  process requires 45 + 15 + LC approval.  So maybe 2 1/2 months. Nice to get published by October. So, beginning of August. Impossible. November then. So prepped by and of August. "Comparables" plus maybe PAD plus misc by end August of possible.

NIST: saying 63-4 draft in spring, but might be optimistic. Looking at at least 18 months before we revise for 63-4.  SO not too frequent changes. 

Mark K: will reviewers get background rationale for changes.  ?  Ken -not normally but might want to this time. Only times in the package that are subst are "alternative controls: and maybe PAD language. Display spreadsheet for comparable alternative, latest changes in blue text. 

Mark K: how can we do quantative without the NIST control. 

Roger: can we spec the quants? Ken: too general to specify. Assessor has to determine that the quant analysis makes sense.

JJ: seems OK, transparency is about all we can do. and involves numbers. 


Ken: get thru 18 months and hope it's covered in 63-4.

JJ: think NIST tries to be academic and flexible. Don't want to enforce. 

Kay: D had strong reaction to K getting involves, and pushed to making the decision political vs. requiring NIST to approve. 

JJ: only way for CIO to make the decision is based on the CSP's K certification. 

Ken thinks our language permits the agency to take apolitical decision based on the CSPs representations about the risk analysis, as certified by K. 

Mark K:  from outside view: by providing one standard that all agencies could use, creates a market for CSPs. 

Ken: I think we're close but how to market and avoid bad stuff for Kantara's rep. Need another meeting with Richard. 

Meetign in 2 weeks. Aug 12. resolve comparable AND PAD, and richard provide non-subs. 


ROGER for FIRE. 












Other Business:

      Next Meeting: 




  • No labels