2022-02-03 Minutes

Owned by Lynzie Adams
Last updated: Feb 11, 2022
3 min read

Attendees:

Voting Participants: Ken Dagg, Martin Smith, Mark Hapner, Jimmy Jung, Richard Wilsher, Mark King

Non-voting participants: Colin Wallis, Joanne Knight, Eric Thompson

Staff: Lynzie Adams, Kay Chopard

Proposed Agenda

  • Administration:
    • Roll call, determination of quorum
    • Agenda confirmation
    • Minutes approval - 2022-01-27 Draft Minutes
    • Staff reports and updates
    • International liaisons updates
    • LC reports and updates
    • Call for Tweet-worthy items to feed (@KantaraNews)
  •  Discussion: 
    • New Zealand release 
    • Updates to the language to handle Component Services - do we/don't we wait
    • Schedule for Rev 4 - end of March for 60 day public consultation
      • Current Rev 4 intelligence - how does it affect us going forward?
  • Any Other Business and Next Meeting Date
    • Next meeting - February 10

Meeting Notes 

Administrative Items:

IAWG Chair Ken Dagg called the meeting to order.  Roll was called. Meeting was quorate. Distributed agenda was confirmed. 

Minutes approval:  Mark Hapner motioned to approve the draft minutes from the January 27 IAWG meeting. Martin Smith seconded the motion. The minutes, as distributed, were approved unanimously.

Staff Reports and Updates:

The Assurance Program continues to thrive. ZenKey and Socure have been fully approved this month with another currently under eBallot for Board ratification. Kay provided an update on the CARIN Alliance pilot and how that will drive business into the Assurance Program. We can't say how many CSPs as the pilot just started but it will take some time for the CSPs to prepare for the assessment due to the heightened rigor. 

International Liaisons Updates: 

UK reached out to ask if Kantara would apply to be a certification body. Kay attended an informational session recently and is engaged in discussions around the proposal.

Mark King shared a newly announced UK initiative which insists all British and Irish citizens applying for a job must have a privately organized online check with an approved provider. This is to begin in a few months time but there are currently no approved providers. More should come of this in the future. 

LC Reports and Updates: N/A 

Discussion:

New Zealand Release

Joanne Knight, editor of the Federation Assurance Standard in New Zealand, joined the meeting to give an overview of the newly released standards. Thanks to Colin Wallis for arranging the presentation. The IAWG is interested in having Joanne back in the future. 

Component Services Language 

The group needs to decide whether to update the language on this current release, or wait until the next release. As an assessor, Richard feels the fewer changes the better. Make one update - do it well and publicize it well. Jimmy agreed. There have been recent incidents of CSPs using old versions of the framework. This can be remedied by making fewer, but more substantive, updates. 

Lynzie brought up the newest ARB issues for 63a#0500 and #0510. This was brought to the IAWG in the past but was not addressed then. There was discussion and it was agreed that the red text before the 63b criteria is incorrect and needs edited. It contradicts #0510. Jimmy voiced that this issue comes up with every CSP engaged in supervised remote. The fix seems simple - it does not apply to in-person and applies only to supervised/unsupervised remote. 

It was agreed that criteria feedback trickling in from the ARB is not the best, but that it does give context and a better understanding of how to fix the language. The approach going forward is to review the criteria during the upcoming meeting. Do all the work prior to releasing for public review. We will pick back up with these criteria next week. 

NIST Rev. 4 Suggestions

It is circulating that NIST is on track to release Rev. 4 for public comment in March. Given the timeliness, it appears the window to influence NIST prior to public release has disappeared. Martin suggested that even with the window closed, this group still needs to have conversations to gather thoughts for the public comment period. 

NIST responses to some Rev. 4 questions from a NIST/CARIN Alliance meeting were shared and discussed with the group. After further discussion, it was agreed that Eric Thompson may be a good link between the Board initiative and IAWG work on Rev. 4. 

Other Business:

The next IAWG meeting will be Thursday, February 10 at 1pm EST. There will be no meeting on February 17 due to the KIBoD meeting. We will continue with today's agenda items.