2022-10-27 Minutes

Attendees:

Voting Participants: Martin Smith, James Jung, Richard Wilsher, Mark Hapner, Denny Prvu
Non-voting participants: Lorrayne Auld, Chris Olsen
Staff: Lynzie Adams

Proposed Agenda

1. Administration:

   • Roll call, determination of quorum

   • Minutes approval - https://kantara.atlassian.net/wiki/spaces/IAWG/pages/95059969

   • General Updates

   • Assurance Updates

2.  Discussion: 

   • Assurance Program Recommendations

3. Any Other Business

Meeting Notes 

Administrative Items:

IAWG Vice Chair Martin Smith called the meeting to order.  Roll was called. Meeting was quorate. 

Minutes approval:   

Mark Hapner moved to approve the draft minutes from the September 15 IAWG meeting. Jimmy Jung seconded the motion. Motion carried with no objections. 

General Updates:

Reminder that KIBoD nominations are being accepted. You must be a member to run for a spot on the Board. Similarly, Chair and Vice-Chair roles for IAWG will be open for nomination soon.

Kantara’s Annual General Membership Meeting will be held Wednesday, December 7 at 11am ET. Please watch for a calendar invitation with more information.

Assurance Updates:

Lorrayne said she recently heard mid-November for the Revision 4 draft.

Discussion:

Assurance Program Recommendations

Richard presented the recommendations put together by the small task force (Eric Thompson, Jimmy, Denny, Lynzie, & Richard) summing up the discussions around the assurance program that occurred the past few months in IAWG meetings. The draft is available for review and comment on Google. All IAWG members are encouraged to review and comment.

Martin suggested including a list of intended beneficiaries of these changes - including assessors, the ARB, CSPs offering identity services to RPs, CSPs looking for potential component partners, RPs looking to acquire CSP services, consultants to RPs.

Richard overviewed the reasoning on why IAL+AAL does not need to equate to full - rather one can have a full IAL service or a full AAL service. Martin stated that is the way the market is structured. Richard concurred and suggested updating the paragraph to reflect that not only is it logical, it’s functional.

Jimmy reiterated the point of not in scope versus applicability and how that can impact the determination of full or component. Something not in scope if outside the scope of IAL2 (or the chosen level of assurance) while applicability can describe something they may not have chosen to implement (i.e., trusted referees or supervised remote, etc).

There was discussion around 3) CO_SAC revisions section d). Martin & Jimmy acknowledged that those mappings can be a lot of work and the assessed should be the one to pay for it. Jimmy also notes that if a mapping is occurring, that needs to be known by the ARB from the start. It should be in the initial application so the ARB is not caught off guard.

Martin suggested a timeline to when we want these completed - or at least dependencies. Lynzie thinks the IAWG, ARB and KIBoD all need to be socialized to these before we move forward with a timeline of completing the tasks. Additionally, pull out the questions that still need addressed.

Any Other Business

IAWG leadership keeps an action item list.
All IAWG participants should be aware that the spreadsheet exists and that it lists everything we think the IAWG is working on or planning to work on. Please feel free to review it and correct it if needed - it is not our intent to overlook something!