Status and next steps

Updated docs.

• April 13th Ben Wilson sent to KI the following docs:
• updated version of the IDEF-IAF FICAM Federal Privacy Profile Mapping - IDESG marked “Confirmed” for the rows titled INTEROP-4: STANDARDIZED DATA EXCHANGES and INTEROP-7: USER REDRESS. 
• IDEF-IAF Mapping Overview. 

Considerations:

• Include Kantara onboarding in the Statement of Work for the next version of the IDEF Registry web site. 
• The form that recognition of Kantara-approved CSPs during the IDEF registration process still needs to be decided.  If it can’t be an interactive experience (due to site-development budget issues),  it could at least be a static presentation in HTML or PDF.  
• Once we get the above going, part of the process would be that Kantara-approved CSPs initiate registration and get a “pass” on the “Fully Compliant” items, then they will attest to the remaining IDEF Baseline criteria.  Finally, they will need to accept the standard terms and conditions and submit a complete package (attestation form). 
• In relation to the HTML/Static representation, KI suggested following the example of our Trust Registry:  https://kantarainitiative.org/trust-registry/ktr-status-list/
• Next meeting: TBC 

Meetings 

April 26th 

action items:

• David and Ben to send a revised version of the MoU and will work on the on-boarding process specified in the annex. Bullet 3 of the "Considerations" above would be language for the annex. 
•  

April 3rd Meeting Notes:  

•  We discussed that once a CSP is approved at Kantara, in essence they will be offered the opportunity to self attest at IDESG.
• They will choose one of 2 URLs. One URL is pre-filled with boxes ticked if they have done Kantara's 1400 SACs approval.
• The other URL is pre-filled with boxes ticked if they have done Kantara's 1400 SACs approval AND the FICAM Privacy Profile.
• IDESG will queue up the URL/web work on its upcoming work order.
• The URLs will be hosted by IDESG. If required by IDESG, they will ask Kantara to validate that a CSP has been approved.

 Action items:

•  Ben will fill in the last remaining empty boxes on the compare tool to complete the mapping.
• Colin will use a Kantara MOU template to strawman up the broad approach.

IDESG and KI call to discuss the IDEF-SAC mapping March 10th.

 Meeting Notes:

• Andrew and David recounted the approaches used by each team to analyse, review and comment on the mapping
• We looked at each item that TFTM had further questions about, notes on each one follow: 
  1) INTEROP-2 - Kantara should indicate in the S3A that if the CSP intends to apply for IDEF Registry listing that they include an answer to INTEROP-2 in their S3A 
  2) INTEROP-3 - this is a trigger on IDESG side - if an applicant to the Registry is using a non-listed standard this should trigger IDESG to put the standard through the normal evaluation process 
  3) PRIVACY-3 - Kantara should review data minimization criteria to see where this is handled - “Partial” might be possible instead of N/A 
  4) PRIVACY-15 - The IDEF requirements is relevant to the transaction. David explained the context that he expects -> Data Minimization. Andrew requested that IDESG review and update their requirement and supplemental guidance for P15. David noted that there is no supplemental guidance for the Privacy requirements. 
• ACH asked David to send info to Kantara about how other CSPs have done this and Kantara can recommend to CSPs.