IAWG Meeting Minutes 2013-09-12

Kantara Initiative Identity Assurance WG Teleconference

 

Meeting Minutes - IAWG approval 19 September 2013

 

Date and Time

Agenda

  1. Administration:
    1. Roll Call
    2. Agenda Confirmation
    3. Minutes approval: IAWG Meeting Minutes 2013-09-5
    4. Action Item Review
    5. Staff reports and updates
    6. LC reports and updates
    7. Call for Tweet-worthy items to feed (@KantaraNews or #kantara)
  2. Discussion
    1. Charter Refresh (continuation)
    2. Status update: Glossary
    3. Status update: Resilient Networks
    4. Status update: Call for comments on ISO 29003 draft clauses
  3. AOB
    1.  
  4. Adjourn

 Attendees

Link to IAWG Roster

As of 1 July 2013, quorum is 5 of 9

Meeting achieved quorum

Voting

  • Scott Shorter
  • Matt Thompson
  • Rich Furr (V-C)
  • Cathy Tilton
  • Myisha Frazier-McElveen (C)
  • Andrew Hughes (S)

Non-Voting

  • Peter Alterman

Staff

  •  None

Apologies

  • Bill Braithwaite
  • Richard Wilsher

Notes & Minutes

Administration 

Minutes Approval

IAWG Meeting Minutes 2013-09-5

Motion to approve minutes of 2013/09/05: Rich Furr
Seconded: Matt Thompson
Discussion: None
Motion Passed 

Action Item Review

See running table below

Staff Updates

LC Updates
  •  None this week - holding an off-cycle call 18 September to get Charter update statuses
Participant updates
  • None this week

Discussion

Charter Refresh

The current working version of the Value statement is:
"Kantara exists to develop and/or operate rules for operators of online services, enabling verification of  the trust layer providing high-value, privacy-preserving identity and access."

Discussion 12 September 2013:

Reviewed updated draft

  • General agreement that 2 Vice Chairs would be preferable - one technology, one policy
  • "As IAF improves, users of IAF see potential reduction in identity related fraud risk"
  • Look for synergy between IAWG and HIAWG work on multi-TF harmonization
  • CSP point of view - forum for influencing the IAF to meet market requirements. Measurable set of criteria to build systems and proceses and policies against.
  • Assessors: Standardization of assessment processes. Forum for influencing IAF toward more streamlined and standardized.
  • CSP Customers: IAF allows CSP to assure and customers to be more confident in trust worthiness of services
  • Assessor Customers: Assessed entities risk of weak implementation of services is reduced.
  • As a discussion forum: IAWG gives an opportunity to work with assessors and Kantara resources to help understand the Approval processes and requirements
  • As a discussion forum: IAWG is essential for understanding the overall Approval processes - on ramping new entities getting into Trust Frameworks
  • Scope: include 'edit/author the IAF itself
  • Scope: Engaging other parts of Kantara to improve the IAF/expert knowledge
  • Out of Scope: looks fine
  • Question: if an Applicant has technology that is not described in 800-63, how does Kantara deal with evaluation of equivalency. 
    • If going for FICAM approval, need to be assessed against the FICAM Technical profile - that's where the risk assessment of the technology must happen
    • For non-FICAM - the analysis by Kantara is appropriate. Perhaps the Federation Interoperability group would be the place for technical evaluation discussions for non-FICAM approvals
    • IAWG could contribute to a Report that does an analysis of the technology from a policy perspective - would need other WGs to contribute from a technology evaluation perspective.
  • Technology agnostic: add "to the extent possible"
  • ACTION: Andrew to update Charter working drafts
Discussion 5 September 2013:

These bullets are instructions to the draft charter editor - they will be reflected in the working copy at 2013 IAWG Charter Refresh - Fall 2013 - markup working draft

  • Align the draft charter text with the text in the glossary
  • The 'communication' bullet is for the purposes of evolving the IAF; include an outreach and communication part
    • "Understanding the requirements of the marketplace and informing and influencing the marketplace"
  • Determine equivalence of other TF schemes to the IAF; validate profiles that accommodate the other TF schemes; 
  • Include 'sector and trade association' in the list
  • Discussion of 'value added' by the existence of IAWG
    • the IAWG adds value by keeping the IAF current and responsive to the marketplace requirements - ensures that the certifications are usable and meaningful for inter-party transaction
  • Need text describing the fact of multiple TF Schemes - the value add is the IAF - it brings together different TF schemes and multiple certifications
    • It is really the current "value statement" but in the IAWG terms and context
    • Need to state why we are unique, embedded, hard to copy 
    • Myisha to tackle this statement
  • "The methods by which participants trust each other"
  • Scope
    • in terms of roles and responsibilities in Kantara
      • support Kantara to foster adoption
    • subject area coverage
    • action and presence in the marketplace - do we exert our presence 'out there' - speaking on behalf of
    • marketplace interaction - inbound requirements vs outbound
    • services offered?
      • maybe: subject matter experts as it relates to the IAF - to other WGs - this might be roles and responsibilities
      • Support to KI business development in understanding IAF
      • analysis of equivalency
      • verification/validation of profiles
    • Customers 
      • The LC and the Board (includes sub-committees)
      • Board
        • IAWG represents the board to other TFPs (the other TFPs are not our customer)
    • Liaison
From the August 29 2013 call:

Chair called for topics needing coverage in the Charter:

  • Need to include roles and responsibilities division between ARB and IAWG and LC for the IAF processes
    • Where does execution of processes for certification of credential providers live?
    • Joni planning a "Leadership deck" to help chairs to understand processes and their execution
    • Many of these processes are already defined in the Kantara Operating Procedures
  • Need to reflect the firming up of the distinction between Kantara's Service Operations versus Kantara's Innovation divisions
  • IAWG should be confirmed as the Subject Matter Expert pool that the ARB can draw on 
  • ARB is the operational arm of the IAF
  • ARB is not refreshing their charter at this time
  • Stronger language needed in charter to keep IAF documents up to date
    • Difficult to keep document set current due to the nature of the documents. Focus in necessarily on the SAC.
    • Need to focus on low barriers to adoption and consumability by entities wishing to seek Approval - should not have to rely on experts to do basic interpretation of documents
  • Further discussion needed to examine current IAF document set structure, areas needing refresh and perhaps extraction of non-core information.
Status update: Glossary
  • See action items
Status update: Resilient Networks
  • No new information at this time
Status update: Comments for ISO 29003 draft
  • Scott thanks the IAWG for their feedback and comments on the drafts - they are being incorporated as appropriate

AOB

 

 

 

Action Items

Item #DescriptionAssigned toEst. CompletionStatus
2013-06-06-005

IAWG-NIST F2F in DC area to discuss approach and feedback on 800-63 v IAF analysis approach

(2013-Aug-1): Comment that perhaps ICAM should be invited as well.

Staff / IAWG LeadsTBDNot started
2013-06-13-001

Chair to discuss with Exec. Director the need for a Content Management System analysis and potential tool for IAF/SAC & funding options

  • (2013-Jun-20): Discussion occurred; vision has been always to have a CMS - possibly a database with online self-serve document generation capability (in whichever output format is needed); team will be needed to draw up a wireframe and requirements for a custom developed tool
  • (2013-Jun-27): Call for lead is required. Myisha to send a call to list for volunteer lead.
  • (2013-Aug-29): Call for lead has been put to the Quarterly Status report - will be distributed from there
  • (2013-Sep-12): No progress
Myisha Frasier-McElveenSeptember 2013In progress
2013-06-13-002

Glossary updates underway. Next draft should be available in 4 weeks

  • (11July2013): Defer item to future meeting
  • (1Aug2013): No comments on new additions received yet - reminder sent to sub-group.
  • (29Aug2013): Working through comments now. Aiming for distribution prior to next call.
  • (5Sep2013): A few comments remain outstanding.
  • (12Sep2013): Glossary draft has been distributed for IAWG comments and feedback.
Ken Dagg

Updated:12 Sept 2013

In Progress
2013-08-1-002

Forward Ticket items that have been resolved to correct lists for next action.

  • (29Aug2013): Sent request to Staff to clarify process.
  • (12Sep2013): Staff to discuss process for updates internally.
Andrew Hughes8 August 2013In Progress
2013-09-12-001

Charter redraft work item

  • (12Sep2013): Andrew to continue to update draft charter text based on comments and feedback from IAWG participants
Andrew Hughes19 September 2013In Progress
2013-09-12-002

Status update on Resilient Networks work item

  • (12Sep2013): Waiting for information
Myisha Frasier-McElveen19 September 2013In Progress

 

Recently Closed Action Items

Item #DescriptionAssigned toEst. CompletionStatus
2013-08-29-001

Sub-group required for charter refresh work. R. Furr to convene. Volunteers: Rich Furr; Linda Goettler; Andrew Hughes; Scott Shorter

(5Sep2013): Decision made to bring back to main meeting.

R. Furr5 September 2013OBE
     

 

 

Attachments

 

 

Next Meeting