/
Draft for Discussion - IAWG Charter for 2025

Draft for Discussion - IAWG Charter for 2025

Owned by Andrew Hughes
Last updated: Feb 13, 2025
3 min read

From Andrew Hughes email to the list:

IAWG Charter Update text - WG-IDAssurance - mailman.kantarainitiative.org

 

It's time to review/renew our WG Charter. Yehoshua and I have refined the front sections of the charter and have started to adjust it in light of Kantara US seeing accreditation under ISO 17065. No major changes - just trying to set IAWG up for success particularly during the development of next-generation assessment criteria.

 

 

Purpose & Scope:

Proposed

Discussion

Revised

Proposed

Discussion

Revised

The Identity Assurance Work Group (IAWG) supports Kantara in developing and maintaining assessable identity assurance criteria for the Kantara US Identity Assurance Program and other relevant frameworks.

 

 

IAWG ensures that criteria define measurable methods for compliance rather than restating requirements.

 

 

The workgroup provides subject matter expertise to Kantara, advises the Assurance Review Board (ARB), and facilitates discussions on identity proofing, authentication, and assurance.

 

 

IAWG's focus is on defining certification criteria that align with the specific functions organizations perform within identity proofing and authentication.

 

 

The workgroup remains technology- and vendor-agnostic while emphasizing strategic and policy-oriented assurance practices.

 

 

 

Responsibilities:

Proposed

Discussion

Revised

Proposed

Discussion

Revised

Assist Kantara in developing and evolving identity assurance criteria that support certification of specific identity proofing and authentication functions.

 

 

Ensure that criteria are assessable and define how compliance must be demonstrated.

 

 

Provide expert input on identity assurance policies, standards, and interoperability with other assurance schemes.

 

 

Advise Kantara leadership and the ARB on assurance-related topics.

 

 

Engage with other Kantara groups to align identity assurance efforts with broader industry needs.

 

 

 

Notes 2025-02-06:

[edited 2025-02-11]

  • Jimmy - notes that the shift in responsibilities from IAWG to Kantara program - this is not a minor change

  • Richard - we should be setting the charter according to what we are doing today - not according to some future situation

    • Andrew (ACH): Good point

  • Yehoshua - this is in line with the ISO 17065 discussion of last week. Kantara can delegate development of text as it wishes. Kantara has chosen to take on the ownership of the assessment critieria.

  • Richard points out that 17065 states no obligations on some of the changes that Kantara is wanting to implement.

    • ACH points out that regardless of that, Kantara wants to make program changes to meet market needs

  • Richard: these changes seem to be outside of IAWG’s authority/scope

  • Jimmy: these are big changes

  • Richard: ACH trying to change the charter before the Accredited CAB in place - not productive use of time

  • Yehoshua - is there objection to restructuring the criteria?

    • Jimmy - CSPs want the Trust mark because either their client or their opportunity specifically requires it

  • Yehoshua - gives an example of some areas that lack detail in the SACs and how the criteria have mismatches to how service providers organize themselves to deliver real services. The criteria need to evolve regardless of any other factors.

  • Richard - IAWG continues to ‘own’ the SAC (manage, etc)

    • The Charter should set up space for us to work within, doesn’t need to be too specific

  • Jimmy - the current way of working/managing the SAC has been working

    • Jimmy - “how compliance must be demonstrated” is this intended to assign the IAWG the responsibility of identifying “how criteria must be tested or demonstrated”?

  • “The Service Assessment Criteria are the requirements that must be fulfilled by the service under assessment”

  • Mike Magrath - agrees with Richard/Jimmy on what the program is trying to deliver and what services need

  • The language in the proposal seems to say that IAWG might shift towards writing procedures instead of what we do today

  • Eric T - are we seeking to move towards procedural text? (not really)

    • Today’s SAC clarify some of the fuzzy requirements as written in 800-63 today

    • Warns against being over-prescriptive if we tried to list all the ways that conformity can be achieved - very risky

  • Richard - there is value in improving/enhancing how assessments could be done - but must be careful to avoid constraining service providers by bad process. There could be improvements to consistency coming out of 17065 accreditation.

 

 

 

Related content

Proposed Charter draft
Proposed Charter draft
DG - Identity Proofing and Verification Use Cases
More like this
PCIPR20200609
PCIPR20200609
General Information
More like this
PCIPR20200807
PCIPR20200807
General Information
More like this
2023-05-25 Minutes
2023-05-25 Minutes
WG - Identity Assurance New
More like this
Call for participation in the Kantara ID Proofing and Verification Use Cases Discussion Group
Call for participation in the Kantara ID Proofing and Verification Use Cases Discussion Group
DG - Identity Proofing and Verification Use Cases
More like this
DRAFT IAWG Meeting Minutes 2017-04-27
DRAFT IAWG Meeting Minutes 2017-04-27
WG - Identity Assurance OLD space
More like this