Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

Kantara Initiative Identity Assurance WG Teleconference

 

DRAFT Meeting Minutes - IAWG approval required

 

Date and Time

Agenda

  1. Administration:
    1. Roll Call
    2. Agenda Confirmation
    3. Minutes approval: DRAFT IAWG Meeting Minutes 2015-07-16
    4. Action Item Review
    5. Staff reports and updates
    6. Assurance Review Board (ARB) and Leadership Council (LC) reports and updates
    7. Call for Tweet-worthy items to feed (@KantaraNews or #kantara)
  2. Discussion
    1. Final review of NISTIR 8062
    2. SAC Update
    3. Discussion of possible additional documents to review:

      1. NISTIR 7904, DRAFT Trusted Geolocation in the Cloud Proof of Concept

      2. NISTIR 8053, DRAFT Deidentification of Personally Identifiable Information

      3. NISTIR 7966, DRAFT Security of Automated Access Management Using Secure Shell (SSH)

      4. NCCOE Derived Credentials Building Block

      5. others?
  3. AOB
    1.  
  4. Adjourn

 Attendees

Link to IAWG Roster

As of 2015-01-22, quorum is 6 of 11

Use the Info box below to record the meeting quorum status

Meeting achieved quorum

 

 

Voting

  • Ken Dagg (C)
  • Andrew Hughes (VC)
  • Scott Shorter (S)
  • Richard Wilsher

Non-Voting

  • Colin Wallis 
  • Angela Rey

Staff

  •  Ruth Puente
  • Joni Brennan

Regrets

  • None

Voting Members for Cut/Paste

  • Ken Dagg (C)
  • Andrew Hughes (VC)
  • Scott Shorter (S)
  • Rich Furr
  • Paul Calatayud (VC)
  • Devin Kusek
  • Adam Madlin
  • Kenneth Myers
  • Cathy Tilton
  • Richard Wilsher
  • Lee Aber

Selected Non-Voting members for Cut/Paste

  • Bill Braithwaite
  • Björn Sjöholm
  • Susan Schreiner
  • Jeff Stollman

 

Notes & Minutes

Administration 

Minutes Approval

Motion to approve minutes of 2015-07-16
Seconded: 
Discussion: 
Motion Carried | Carried with amendments | Defeated

Action Item Review

See the Action Items Log wiki page

Staff Updates

Big announcement is that UMA-Dev workgroup has been formed, a number of articles and quotes coming through.

Leadership Council (LC) Updates
  • Joni reports:
  • LC agenda has been restructured, creating a placeholder for discussing the tools of the organization, formalize what's been happening
  • Groups are encouraged to raise tools they've used or would like to use
  • Collaboration standing item, opportunities for collaboration between Kantara groups.  UMA and MVCR, IAWG and Health Identity Assurance, etc.
  • Still working on the issue of sharing IPR between different groups with different rules.
  • UMA has spun off a work group for the reason of supporting different IPR regimes. Now we have a leader of two WGs, is that too many seats on the LC?  Leadership will consider how to handle this with new procedures.
  • Andrew adds: on the tools discussion, one idea that Eve mentioned was how to deal with release schedules now that they have a specification to manage. Considered moving towards a software product release schedule idea - patch releases/errata, update segments instead of the whole thing, rational version number scheme. Agile methodology is when an issue comes up you through it in the hopper then determine which release it will be fixed in.  Discussed possible repositories (git/github).  Discuss the possibility of storing SAC in alternate formats, one possibility is to move it to XML and store it in git, use export filters to generate the word document / PDF or whatever.
  • RGW: Word works but has limitations. As Ken originally noted, we're looking for a more flexible way of maintaining it and exporting it to different formats. Many in the group agree that the word document is difficult to manage.
Participant updates

Call for tweet worthy items.

Discussion

NISTIR 8062

- Ken has reviewed and will write up comments. Ken and Scott discussed last week and came to similar conclusions. Call for any other reviews or thoughts on the quality or what might be missing.

Ken's opinions - a wordy document that needs an extensive edit. The process identified seems to be complete, but time and use will tell how good it is. The guidance about what to do in response to risks is not identified, not clear that the document should go forward without including that information. The terminology used is not aligned with what is currently used in the privacy industry.

RGW: this is an internal report (IR). As it stands, its not usable for deriving standards or practices from.

Colin: on the responses from privacy by design engineers and the privacy reference model group. The key issue is the lack of controls when that's obviously needed. The other overriding thing is the lack of cohesiveness with other documents, particularly 800-63 or the work of the P3WG.

Scott had a comment that the definition of the security objectives is not clear.

Colin notes that the objectives cannot be created from scratch (noted by OASIS P3WG).

Ken notes that a letter should be sufficient, the document is not in condition where the comment matrix would be needed.

SAC Update

Ken has not seen email traffic on the SAC.

RGW is mapping criteria to ISO 29115, finding opportunities for Kantara to fill the gap. Aiming to be done around the end of tomorrow, there will be a number of additional criteria across assurance levels. The document at that point would be worthy of consideration by the IAWG. Worth waiting for this.

Ken says so this means an updated set of criteria may be available sometime next week.  RGW will aim for two weeks turnaround for the SAC.

Requirements sent out about the tool - we discussed that previously. Andrew gave an update on the process Kantara might use if there was such a tool.  Andrew sent out requirements on the 16th - if there are no further comments we should figure out what to do with them. 

Joni responds there are two sides to the answer. First, review the requirements to figure out if there's a tool. Eve brought a discussion and had a recommendation for a tool.  Either requirements could go to the LC as is, or we could send the requirements and a recommended tool.   We could approach the LC for a proposal for funding for a project, or for obtaining tools.

Andrew: what  we're talking about is markup tools, a rich editor for marking up documents and being able to generate it in other formats. With the SAC stored in data, we could output based on filters such as LOA, component, etc.

Andrew suggests we ask Eve what they are using and how.

 

AOB

 

Carry-forward Items

 

Attachments

 

 

Next Meeting

 

  • No labels