IAWG Meeting Notes 2015-10-22

Kantara Initiative Identity Assurance WG Teleconference

 

 

Date and Time

Agenda

  1. Administration:
    1. Roll Call
    2. Agenda Confirmation
    3. Minutes Approval: DRAFT IAWG Meeting Minutes 2015-10-08
    4. Action Item Review
    5. Organization Updates - Director's Corner
    6. Staff reports and updates
    7. LC reports and updates
    8. Call for Tweet-worthy items to feed (@KantaraNews or #kantara)
  2. Discussion
    1.  IDESG publishes Identity Ecosystem Framework v1, seeks liaison with TFPs
    2. The recent FICAM survey process and Kantara's next steps
    3. KIAF-5415
  3. AOB
    1.  
  4. Adjourn

 Attendees

Link to IAWG Roster

As of 2015-01-22, quorum is 6 of 11

Use the Info box below to record the meeting quorum status

Voting

  • Scott Shorter (S)
  • Adam Madlin
  • Andrew Hughes (VC)
  • Paul Caskey

Non-Voting

  • Christine Abruzzi (from Deloitte)
  • Angela Rey

Staff

  • Joni Brennan
  • Ruth Puente

Apologies

  • Ken Dagg

 

Notes & Minutes

Administration 

Minutes Approval

To be done next call.


Action Item Review

  • Scott will cull the voting member roster and notify the removed individuals.

Staff Updates

Joni Brennan update - we have a number of approvals that have come through recently, a number of announcements in the next weeks. Quite busy - speaks to the growth of the program and progress around connect.gov regarding higher levels of assurance.

Challenge - given that the program has become more active and more "real", we're finding areas for clarification and optimization. Kantara has been working with FICAM and their request for infomation - we're hoping to find ways to work with FICAM more effectively and optimize the progress in the future.  A challenge but also signs of progress.

Kantara did send in feedback compiled from IAWG. 

Ruth did not receive word of a formal response incoming.

Joni said they will follow up on that.  Moving on from the program - the board of trustees is very interested in understanding the IAWG's understanding of where the SAC can use improvement. High interest - Joni is working to put together a straw man plan for this to bring to the IAWG.

Joni mentioned Identity ecosystem published ID Ecosystem framework, looking for a place for Kantara framework to be recognized as a component. We need to understand that in more quantifiable details.

The Oxford BioChronometrics presentation was well received. Remote identity proofing challenges from the government side, the FICAM program is interested in informal findings and what's possible.

  •  
LC Updates
  • Joni reports:
  • LC met and examined tool sets. Main obstacle for LC is to understand the desirable framework for managing multiple IPR regimes. Joni needs to reach out to Jamie Clark from OASIS et al to learn how organizations handle this.
  • October - this is an opportunity for workgroups to put in request for budget to have resources accomplish goals.  Attention - Scott and Andrew consider.
Participant updates
  •  

Discussion

ID Ecosystem Framework V1

Andrew introduces, reminds us he's serving as Vice Chair of the Plenary for the IDESG.  Congrats to all for the publication.  The framework is out, it's pretty good. There's a framework for C&A, self attestation scheme underway for organizations to sign up.  Current topic of discussion is how to relate to and support trust framework providers that exist out there.  

Scott asks about the absence of identity proofing in the doc.

Joni asks are there initial thoughts about how KI requirements line up with the IDEF requirements.

Andrew says the TFTM committee is creating a subgroup to discuss what it means to relate to other trust framework providers. Right now there are two main paths - unclear which will be selected. One would be doing cross comparability study, looking at equivalency of IDEF to other frameworks, other major option is to do a scoring of trust frameworks to determine if they cover which requirements of an IDEF.

Joni - understood that the IDESG has that work to do. In our domain - how does the IAF relate to their framework.

Adam would add to Joni's question, would support helping to move forward the answering. Have been and will be working to list Symantec on the self asserted listing service (SALS: http://www.idesg.org/The-ID-Ecosystem/SALS-Registry).

Andrew asks Christine if there's any insight into the SALS process and their participation within the IDESG. Is there a sense if anyone is interested in bringing their certifications to the table.

Christine responds that the pilot programs did comment on the IDEF requirements among others in the process. Next step could be to map the requirements between the frameworks to see about overlaps and gaps.

Joni agrees that such a mapping would bring value.

Andrew notes that an easy action for now would be to remind the Kantara approved CSPs that IAWG would like to hear if they are going through the IDEF process, do they find gaps in the work they have to do anyway.  Adam Madlin agrees with that strategy.

Scott mentioned pseudonymity being in the framework but not currently supported in Kantara.  Should plan to address that on all sides.

Joni drops out again with additional congratulations to the IDESG.

FICAM Survey Process and kantara next steps

Comments to FICAM have been provided, we don't know what follow on steps FICAM is providing.

One observation is that the survey was very informal, not a survey at all.  Something triggered the interest in remote proofing, IRS breach or OPM breach or whatever. The closer we work with the trust framework authority to shape things up the better we're all be. Hopefully they will provide more insight.

KIAF 5415

Cross walk between ISO 29115 and the Kantara SAC. There's an outstanding discussion item for what we do with it.  Do we have to do deeper analysis of the mapping.

AOB

Nothing raised.

Attachments

 

Next Meeting

  • Date: Thursday, 2015-11-05
  • Time: 12:00 PT | 15:00 ET
  • Time: 12:00 PDT | 15:00 EDT
  • United States Toll +1 (805) 309-2350
  • Alternate Toll +1 (714) 551-9842
    Skype: +99051000000481
    • Conference ID: 613-2898
  • International Dial-In Numbers