2018-04-11 Draft Meeting Notes
Attendees:
Matt King, SAFE BioPharma
Peter Alterman, SAFE BioPharma
Scott Shorter, IAWG Vice-Chair
Colin Wallis, KI
Matthew Williams
Jose Lopez, Zentry
Ann West, Incommon
Scott Perry, KI Assessor
Tom Barton, Incommon
Andrew Hughes, LC Chair
Curtis Patty, IAW International
Stuart Levy, TransUnion
Ruth Puente, KI
Incommon Report provided by Tom Barton
- Baseline Expectations for Trust and Federation - The legal relationship of the participants with the Federation has changed.
- They started a metadata health check (quality of the metadata of entities in the federation).
- REFEDS: International Assurance Framework is still incomplete, and try to be less rigorous than NIST and Kantara requirements. The more stable part is the associated profile single factor authentication.
Kantara Identity Assurance Working Group (IAWG) Report provided by Scott Shorter
- Kantara Service Assessment Criteria for 800-63-3 is ready for grant approvals.
- There are some participants contributing and providing feedback on the NIST spreadsheet as the basis for the NIST 800-63-3 Implementation Guidance.
- Kantara is preparing comments on the OMB draft policy concerning Strengthening the Cybersecurity of Federal Agencies through Improved Identity, Credential, and Access Management
(OMB Comment period closes on May 6).
SAFE BioPharma Report provided by Peter Alterman and Matt King
- Peter is retiring and Matt will take over these activities.
Open Mic - NIST spreadsheet with 63A identity evidence
- PA suggested giving a numeric value to each one of the categories and determine the minimum number required for each of the IAL, which would be easier to work with alternatives. He added that the group should calculate acceptability of various combined strategies.
- SL stressed the importance of the combination of the identity evidence and said that the group should agree upon a process on a fair evidence that could be provided to the multiple cases.
- TB asked if we should consider identity documents broader than US based. He requested clarity on the methodology to add a row. PA added that we need to have as many rows as we need to have.
- SL suggested we should differentiate among the evidence types, as the US social security number is weak but the card is stronger; financial account statement is a document and has a different strength than a bank account number.
- TB highlighted that we should build a public and transparent process.
PA said that NIST sheet should be imported into a new spreadsheet that represents a wide variety of inputs from the TFS Stakeholders.