Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »

Attendees 

Ann West, Incommon

Colin Wallis, KI

Jose Lopez, Zentry

Tom Barton, Incommon

Andrew Hughes, KI LC Chair

Richard Wilsher, Zygma

Peter Alterman, SAFE BioPharma

Scott Shorter, IAWG Vice-Chair

Adam Madlin, IAWG participant

IAWG Report provided by Scott Shorter 

  • IAWG finished the Kantara service assessment criteria for assessments against the requirements of NIST 800-63A at IAL2 and 800-63B at AAL2. There was a Public Comment and IPR Review Period, and there will be an All Member Ballot for final approval before publication of the two documents.
  • Service Assessment Handbook was published at the end of January and the Assessor Handbook will come soon.

SAFE BioPharma Report provided by Peter Alterman

  • SAFE BioPharma has merged with NH-ISAC. SAFE BioPharma maintains all the existing contractual relationships.
  • They completed their conformity profile for 800-63-3 A and B, the authenticator and identity proofer. They are incorporating federation requirements to their federated service standard documents, which will then be incorporated into 800-63-3 conformity profile as a complete set. Once it is ready, they will share it with the partners.
  • In the cross certification mapping, there is a technical discussion between Europeans and North Americans, which SAFE BioPharma is trying to normalize.
  • Matt King is the new CEO of SAFE Biopharma, and Peter Alterman position is Director of Policy and Compliance.

 

Incommon Report provided by Tom Barton

  • It was pointed out some of the challenges on R&E Federations discussed during the GEANT and TIIME Meetings in Vienna: 

-Find some way for no legal entities that support science to join Incommon;

-How to solve the issue of entities that cannot select a country in the application to join the federation (a required field) such as the European Space Agency that is international.

-GDPR has created problems for research and for European service providers. GEANT has created a Data Protection Code of Conduct, a code of conduct to handle personal information which was discussed during the workshop in Vienna on 6 February 2018. Research Service Provider could sign on this code of conduct. Code of Conduct link: https://wiki.refeds.org/display/CODE/GEANT+Data+Protection+Code+of+Conduct+workshop+6+February+2018

Open Mic

Topic: 800-63-3 Evaluating strengths of evidence. 

Background: There was a proposal to create a Working Group within the TFS Sync to work on areas of 800-63-3 - such as identity proofing strength definitions - that need greater specificity and/or clarity to ensure common understanding and common compliance.

  • It was suggested to build up a body of knowledge and consensus about what types of identity evidence can meet FAIR, STRONG and SUPERIOR requirements, and discuss methodology to validate the evidence and verification of the identity.
  • Kantara offered to host a Working Group on this topic, where all interested parties can convene.
  • The idea would be to fill the grey areas in a collaborative way and have a common level of trust.
  • Common agreement among the stakeholders on the fundamentals.
  • It was suggested to make public an assertion by the TFPs that the assessor is approved and competent and has assessed the Service Provider under a known methodology and found that the processes conform to 800-63-3.  If there is a common understanding, the TFPs could trust on the assertion of each other.
  • Next steps: Draft a scope of work for the Joint Working Group and send it to theTFS mailing list before the next TFS Sync. Scott volunteered to send the first draft.  

Various

  • It was commented that GSA team reported that they are reviewing the comments submitted by the TFPs and talking to the federal agencies.

Action items:

  • Scott to share a Draft of the Joint Working Group charter before the next TFS Sync.  
  • No labels