2018-04-26 IAWG Minutes
Attendees:
Voting participants: Scott Shorter, Andrew Hughes, Ken Dagg, JJ Harkema, Denny Prvu, Mark Hapner.
Staff: Colin Wallis and Ruth Puente
Non-voting participants: Jim Fenton
Quorum: There was quorum (5 of 8 voting participants)
Minutes approval:
2018-04-19 IAWG Minutes were approved by motion.
Updates:
- JJ Harkema is the Experian representative in the Board of Directors.
- Staff is working on the GDPR project plan.
- Consent Receipt: http://iiw.idcommons.net/User-Controlled_GDPR_Consent_Cookie - led by LC Chair Andrew Hughes drew such interest that a hack day was created at MIT labs on April 26th to take the work further.
- May 14th. European Members Plenary.
- AH represented Kantara at the ISO SC27 WG5 meetings in Wuhan China where Kantara's contributions to several standards in development, were tabled. He added that ISO standards related to identity proofing and assurance, risk management are under renewal. As he is one of the rapporteurs in the study group, he intends to use the KI liaison WG to actively develop a response on these issues. He invited IAWG participants that are KI members to join the effort, so those who are interested should reach out Andrew, Ken or Colin.
NIST 800-63-3 Implementation Guidance.
- SS is adding more content to the Google Sheet. Also, Jose Lopez has added his comments.
Comments on OMB policy draft
- RP commented that the compilation of comments is now available in Google Doc so all those who want to contribute can make edits directly or add new comments. Link to the compilation of comments: https://docs.google.com/document/d/1w94ZJLBSZsE9LwPKpsaGgyS5ZnRAGX2fEMe0-CPbAEM/edit?usp=sharing
- KD said that the Plan for Thursday May 3rd is to review a new draft of the compilation of comments and prepare the draft for the final submission. Ken encouraged IAWG to submit the comments to Ruth or add them directly to the Google Doc. He also said that for the final submission individual attribution will be removed and will go as Kantara comments and suggestions.
- CW asked the participants to provide feedback on the introduction that he drafted.
- Action item: Ken and Colin to work on their comments under the section "Agency Adoption of ICAM Shared Solutions and Services" as they are contradictory. CW said that they seem to have different interpretation of "shared services". KD commented that he will clarify his assumption of "shared services", as he assumed that included private sector, such as CSPs. He added that he will stress that private sector/CSPs need to be considered as shared services.
- Jim Fenton clarified that in the document "shared services" refers to those like login.gov, a shared authentication provider, public sector shared service. But he also pointed out that there are places in the document where it is encouraged the development of multiple identity and authentication shared services in both private and public sector.
- Jim Fenton added that he is also preparing comments and they are focused on:
1) Make sure the document is structured in a way that equally encourages private and public sector identity and authentication services.
2) GSA Responsibilities - item 6 Physical Access Control System (PACS). PACS probably needs to be removed or it needs to say something more than access control because it can´t rely on 800-63-3 for that.
3) Add a responsibility for DHS - DHS to support Continuous Diagnostics and Mitigation (CDM) Program.
Next Meeting: May 3rd