/
DRAFT IAWG Meeting Minutes 2014-05-22

DRAFT IAWG Meeting Minutes 2014-05-22

May 22, 2014

Kantara Initiative Identity Assurance WG Teleconference

1 Date and Time | 2 Agenda | 3  Attendees | 4 Minutes Approval | 5 Staff Updates | 6 Discussion | 7 AOB | 8 Carry-forward Items | 9 Attachments | 10 Next Meeting

 

DRAFT Meeting Minutes - IAWG approval required

 

Date and Time

Agenda

  1. Administration:

    1. Roll Call

    2. Agenda Confirmation

    3. Minutes approval: IAWG Meeting Minutes 2014-05-15

    4. Action Item Review

    5. Staff reports and updates

    6. LC reports and updates

    7. Call for Tweet-worthy items to feed (@KantaraNews or #kantara)

  2. Discussion

    1.  Updated S3A document from R. Wilsher et al.

    2. FICAM TFPAP Mapping update

    3. Attributes thread discussion if time permits

  3. AOB

    1.  

  4. Adjourn

 Attendees

Link to IAWG Roster

As of 2014 May 6, quorum is 7 of 11

 

Meeting achieved quorum

Voting

  • Rich Furr ( C)

  • Andrew Hughes (S)

  • Scott Shorter

  • Kenneth Myers

  • Bill Braithwaite

  • Cathy Tilton

  • Richard Wilsher

Non-Voting

  •  Bjorn Sjöholm

Staff

  •  

Apologies

  • Paul Calatayud (V-C)

  • Adam Madlin

Notes & Minutes

Administration 

Minutes Approval

IAWG Meeting Minutes 2014-05-15

Motion to approve minutes of 2014-05-15: Shorter
Seconded: Tilton
Discussion: None
Motion Carried

Staff Updates

LC Updates

  •  Discussion of Attributes thread - Rich and Sal D. will talk about how to fire up the AIMWG to work on this

    • Focus on ATOS issues and Assurance issues

    • LC will take this to Trustees for confirmation that effort is needed

    • ACTION: ACH to summarize the thread on Attributes

  • The Trustees have indicated that they are considering project funding requests from working groups - LC is preparing the forms needed to describe project requests. Stay tuned.

Participant updates

Discussion

  • Discussion on Draft S3A document

    • FICAM TFS is based on comparability of TFs to what FICAM has (processes)

    • Concern is that the comparability is more the exception rather than the rule in the document - true? 

      • Bjorn - pretty close - if an alternative approach is implemented, then it should be evaluated to determine if it is comparable to the original intention

      • RGW - the document is looking at comparability to the Kantara Framework criteria

      • Rich - the question is more a question of comparability between what things

      • RGW - caution that FICAM is not the totality of Kantara's role - if a service provider is not concerned about FICAM then they should not necessarily be evaluated against the original FICAM comparability rules

      • Scott - the IAF criteria are comparable to FICAM requirements. They should be met - but should be allowed to meet the criteria using 'comparable' ways.

      • The word 'exception' is causing grief. 

      • Intent is that the risks are evaluated and mitigated appropriately if the criteria are not met exactly as described, but using a different way.

      • Bjorn - this is more a question of 'comparable controls' not 'comparable conformity' 

      • RGW - sees it the other way around 

      • Maybe: the criteria are based on requirements to mitigate risks; the criteria often describe ways to mitigate that risk; if the controls are the same as the criteria then no issue; if the controls do not match but meet the underlying requirements then they are 'comparable controls'

    • Carry over to May 29 to allow for document to be read.

  • FICAM Mapping work

    • Work continues on the 'core' criteria

    • Spreadsheet has been developed by Furr and Alterman

    • Mapping of threat vectors to requirements and FICAM element

    • In a review cycle right now

AOB

 

Carry-forward Items

  • Discussion on S3A updates 

Attachments

 

 

Next Meeting