IAWG Meeting Minutes 2016-02-25

Owned by Former user (Deleted)
Last updated: Mar 10, 2016
4 min read

Kantara Initiative Identity Assurance WG Teleconference

 

Date and Time

Agenda

  1. Administration:
    1. Roll Call
    2. Agenda Confirmation
    3. Minutes Approval: 
      1. DRAFT IAWG Meeting Minutes 2016-02-11
      2. DRAFT IAWG Meeting Minutes 2016-01-28
    4. Action Item Review
    5. Organization Updates - Director's Corner
    6. Staff reports and updates
    7. LC reports and updates
    8. Call for Tweet-worthy items to feed (@KantaraNews or #kantara)
  2. Discussion
    1. Status of Kantara IAWG work item on SAC update
    2. Upcoming presentation from Hannah Short of CERN on "Authentication and Authorisation for Research and Security Incident Response Trust Framework for Federated Identities"
    3. Privacy update to IAF - Ken to introduce topic and request IAWG contribution
  3. AOB
    1.  
  4. Adjourn

 Attendees

Link to IAWG Roster

As of 2015-11-05, quorum is 5 of 9

 

Meeting achieved quorum

Voting

  • Scott Shorter (S)
  • Lee Aber
  • Andrew Hughes (VC)
  • Ken Dagg (C)
  • Richard Wilsher
  • Steve Skordinski

Non-Voting

  •  

Staff

  •  

Apologies

  • Ruth Puente

 

Voting Members for Cut/Paste

  • Ken Dagg (C)
  • Andrew Hughes (VC)
  • Scott Shorter (S)
  • Rich Furr
  • Paul Caskey
  • Devin Kusek
  • Adam Madlin
  • Richard Wilsher
  • Lee Aber

Selected Non-Voting members for Cut/Paste

  • Bill Braithwaite
  • Björn Sjöholm
  • Susan Schreiner
  • Jeff Stollman

 

Notes & Minutes

Administration 

Minutes Approval

  1. DRAFT IAWG Meeting Minutes 2016-02-11
  2. DRAFT IAWG Meeting Minutes 2016-01-28

Motion to approve minutes of 2015-02-11: Andrew Hughes 

Seconded: Lee Aber
Discussion: 
Motion Carried | Carried with amendments | Defeated

Motion to approve minutes of 2015-01-28: Andrew Hughes

Seconded: Lee Aber
Discussion: 
Motion Carried | Carried with amendments | Defeated 

Staff Updates

  • Executive Director Colin wallis is in the process of getting into the role. 
LC Updates
  • Kantara is in the process of the incorporation as a 501(c)(6) , same as IEEE-ISTO
  • There was an update about the CCICADA process and how to apply for funding.
  • Funding requests that were made to the board were approved and the funds are available.
Participant updates
  • Scott Shorter mentioned a change of affiliation from Electrosoft to Kimble and Associates. Stephen Skordinski will be the point of contact at Electrosoft.
  • Ken Dagg article for an OECD ITAC January newsletter highlighting Kantara and DIACC

Discussion

SAC Update Work Item

Statement of Requirements to undertake work to modify the Service Assessment Criteria of the Kantara Initiative IAF to be an Objective Oriented Set of Requirements. This will foster the ability to be able to compare other sets of criteria to the Service Assessment Criteria of the IAF by matching what those criteria accomplish rather than comparing specific individual criteria.

Benefits: This ability will enable:
·         Kantara to demonstrate the equivalence of its IAF to other Trust Frameworks.
·         Kantara approved CSPs to more easily demonstrate their conformance to other Trust Frameworks.

Ken asks for comments on the skill set and the requirements for how to evaluate it.

Comments:

RGW - skill set would be familiarity with 800-63. requirement would be to create objective statements that are aligned to or do not conflict with 800-63. If the criteria are mapped and aligned to 800-63, how do you write a statement of objectives that would clash.

Steve - as we develop this, keep it linked to FICAM.  Before it becomes a formal set of criteria, will the FICAM folks accept the new language.

RGW responds that the criteria changes will come after this current work, and GSA FICAM program office says they want to update the criteria so who is to say.  Also, IAF is intended to be international in scope.

Ken reminds RGW that FICAM is a major influence on the service assessment criteria. Should we include a crosswalk or review of the mapping at the first level as part of the statement of requirement?

RGW agrees but does not think that the primary Kantara criteria in order to replicate 800-63. Need to keep criteria more loose so they can apply to other jurisdictions. If we go changing criteria then we should find out what the impact on the mapping will be. Agree with Steve.

Steve reminds that 800-63 is used to inform the TFPAP, and there are additional privacy requirements.  If we keep the document to keep the criteria numbering then the existing mapping should be fine.

Some discussion of the purpose of the work item - the goal being to support risk decisions by relying parties and help service providers support arguments about conformance comparability.

Presentation from Hannah Short

Date: April 7th 
Speaker: Hannah Short, CERN
Subject: Authentication and Authorisation for Research and Security Incident Response Trust Framework for Federated Identity. 
Hannah will focus on the various assurance related activities within the Authentication and Authorisation for Research and Collaboration (AARC), LoA profiles and the Security Incident Response Trust Framework for Federated Identity (SIRTFI), and give a brief overview of the AARC project.  

The AARC project brings together 20 different partners from among National Research and Education Networks (NRENs) organisations, e-Infrastructures service providers and libraries. AARC aims to develop and pilot an integrated cross-discipline authentication and authorisation framework, built on existing AAIs and on production federated infrastructures. More information: https://aarc-project.eu
SIRTFI is a group supported by REFEDS, looking at processes for expressing security incident handling requirements as an assurance profile for federations and other requirements needed to effectively deploy and enhance incident response processes for FIM. More information:  https://refeds.org/wp-content/uploads/2016/01/Sirtfi-1.0.pdf

Privacy Update to IAF

Ken Dagg will present on the need to incorporate privacy considerations into the IAF. He will provide some background and context and lead a discussion of the best way to develop a privacy evaluation methodology for the IAF.

AOB

Attachments

 

 

Next Meeting

  • Date: Thursday, 2016-03-10
  • Time: 12:00 PT | 15:00 ET
  • Time: 12:00 PDT | 15:00 EDT
  • United States Toll +1 (805) 309-2350
  • Alternate Toll +1 (714) 551-9842
    Skype: +99051000000481
    • Conference ID: 613-2898
  • International Dial-In Numbers