Kantara Initiative Identity Assurance WG Teleconference

Meeting Minutes - IAWG approval 19 September 2013

Date and Time

Date: Thursday, 12 September 2013
Time: 07:00 PT | 10:00 ET | 14:00 UTC (time chart)
United States Toll +1 (805) 309-2350
Alternate Toll +1 (714) 551-9842
Skype: +99051000000481
- Conference ID: 613-2898
International Dial-In Numbers

Agenda

Administration:
1. Roll Call
2. Agenda Confirmation
3. Minutes approval: IAWG Meeting Minutes 2013-09-5
4. Action Item Review
5. Staff reports and updates
6. LC reports and updates
7. Call for Tweet-worthy items to feed (@KantaraNews or #kantara)
Discussion
1. Charter Refresh (continuation)
2. Status update: Glossary
3. Status update: Resilient Networks
4. Status update: Call for comments on ISO 29003 draft clauses
AOB
Adjourn

Attendees

Link to IAWG Roster

As of 1 July 2013, quorum is 5 of 9

Meeting achieved quorum

Voting

Scott Shorter
Matt Thompson
Rich Furr (V-C)
Cathy Tilton
Myisha Frazier-McElveen (C)
Andrew Hughes (S)

Non-Voting

Peter Alterman

Staff

None

Apologies

Bill Braithwaite
Richard Wilsher

Notes & Minutes

Administration

Minutes Approval

IAWG Meeting Minutes 2013-09-5

Motion to approve minutes of 2013/09/05: Rich Furr
Seconded: Matt Thompson
Discussion: None
Motion Passed

Action Item Review

See running table below

Staff Updates

LC Updates

None this week - holding an off-cycle call 18 September to get Charter update statuses

Participant updates

None this week

Discussion

Charter Refresh

The current working version of the Value statement is:
"Kantara exists to develop and/or operate rules for operators of online services, enabling verification of the trust layer providing high-value, privacy-preserving identity and access."

Discussion 12 September 2013:

Reviewed updated draft

General agreement that 2 Vice Chairs would be preferable - one technology, one policy
"As IAF improves, users of IAF see potential reduction in identity related fraud risk"
Look for synergy between IAWG and HIAWG work on multi-TF harmonization
CSP point of view - forum for influencing the IAF to meet market requirements. Measurable set of criteria to build systems and proceses and policies against.
Assessors: Standardization of assessment processes. Forum for influencing IAF toward more streamlined and standardized.
CSP Customers: IAF allows CSP to assure and customers to be more confident in trust worthiness of services
Assessor Customers: Assessed entities risk of weak implementation of services is reduced.
As a discussion forum: IAWG gives an opportunity to work with assessors and Kantara resources to help understand the Approval processes and requirements
As a discussion forum: IAWG is essential for understanding the overall Approval processes - on ramping new entities getting into Trust Frameworks
Scope: include 'edit/author the IAF itself
Scope: Engaging other parts of Kantara to improve the IAF/expert knowledge
Out of Scope: looks fine
Question: if an Applicant has technology that is not described in 800-63, how does Kantara deal with evaluation of equivalency.
- If going for FICAM approval, need to be assessed against the FICAM Technical profile - that's where the risk assessment of the technology must happen
- For non-FICAM - the analysis by Kantara is appropriate. Perhaps the Federation Interoperability group would be the place for technical evaluation discussions for non-FICAM approvals
- IAWG could contribute to a Report that does an analysis of the technology from a policy perspective - would need other WGs to contribute from a technology evaluation perspective.
Technology agnostic: add "to the extent possible"
ACTION: Andrew to update Charter working drafts

Discussion 5 September 2013:

These bullets are instructions to the draft charter editor - they will be reflected in the working copy at 2013 IAWG Charter Refresh - Fall 2013 - markup working draft

Align the draft charter text with the text in the glossary
The 'communication' bullet is for the purposes of evolving the IAF; include an outreach and communication part
- "Understanding the requirements of the marketplace and informing and influencing the marketplace"
Determine equivalence of other TF schemes to the IAF; validate profiles that accommodate the other TF schemes;
Include 'sector and trade association' in the list
Discussion of 'value added' by the existence of IAWG
- the IAWG adds value by keeping the IAF current and responsive to the marketplace requirements - ensures that the certifications are usable and meaningful for inter-party transaction
Need text describing the fact of multiple TF Schemes - the value add is the IAF - it brings together different TF schemes and multiple certifications
- It is really the current "value statement" but in the IAWG terms and context
- Need to state why we are unique, embedded, hard to copy
- Myisha to tackle this statement
"The methods by which participants trust each other"
Scope
- in terms of roles and responsibilities in Kantara
  - support Kantara to foster adoption
- subject area coverage
- action and presence in the marketplace - do we exert our presence 'out there' - speaking on behalf of
- marketplace interaction - inbound requirements vs outbound
- services offered?
  - maybe: subject matter experts as it relates to the IAF - to other WGs - this might be roles and responsibilities
  - Support to KI business development in understanding IAF
  - analysis of equivalency
  - verification/validation of profiles
- Customers
  - The LC and the Board (includes sub-committees)
  - Board
    - IAWG represents the board to other TFPs (the other TFPs are not our customer)
- Liaison

From the August 29 2013 call:

Chair called for topics needing coverage in the Charter:

Need to include roles and responsibilities division between ARB and IAWG and LC for the IAF processes
- Where does execution of processes for certification of credential providers live?
- Joni planning a "Leadership deck" to help chairs to understand processes and their execution
- Many of these processes are already defined in the Kantara Operating Procedures
Need to reflect the firming up of the distinction between Kantara's Service Operations versus Kantara's Innovation divisions
IAWG should be confirmed as the Subject Matter Expert pool that the ARB can draw on
ARB is the operational arm of the IAF
ARB is not refreshing their charter at this time
Stronger language needed in charter to keep IAF documents up to date
- Difficult to keep document set current due to the nature of the documents. Focus in necessarily on the SAC.
- Need to focus on low barriers to adoption and consumability by entities wishing to seek Approval - should not have to rely on experts to do basic interpretation of documents
Further discussion needed to examine current IAF document set structure, areas needing refresh and perhaps extraction of non-core information.

Status update: Glossary

See action items

Status update: Resilient Networks

No new information at this time

Status update: Comments for ISO 29003 draft

Scott thanks the IAWG for their feedback and comments on the drafts - they are being incorporated as appropriate

AOB

Action Items

Item #	Description	Assigned to	Est. Completion	Status

Item #	Description	Assigned to	Est. Completion	Status
2013-06-06-005	IAWG-NIST F2F in DC area to discuss approach and feedback on 800-63 v IAF analysis approach (2013-Aug-1): Comment that perhaps ICAM should be invited as well.	Staff / IAWG Leads	TBD	Not started
2013-06-13-001	Chair to discuss with Exec. Director the need for a Content Management System analysis and potential tool for IAF/SAC & funding options (2013-Jun-20): Discussion occurred; vision has been always to have a CMS - possibly a database with online self-serve document generation capability (in whichever output format is needed); team will be needed to draw up a wireframe and requirements for a custom developed tool (2013-Jun-27): Call for lead is required. Myisha to send a call to list for volunteer lead. (2013-Aug-29): Call for lead has been put to the Quarterly Status report - will be distributed from there (2013-Sep-12): No progress	Myisha Frasier-McElveen	September 2013	In progress
2013-06-13-002	Glossary updates underway. Next draft should be available in 4 weeks (11July2013): Defer item to future meeting (1Aug2013): No comments on new additions received yet - reminder sent to sub-group. (29Aug2013): Working through comments now. Aiming for distribution prior to next call. (5Sep2013): A few comments remain outstanding. (12Sep2013): Glossary draft has been distributed for IAWG comments and feedback.	Ken Dagg	Updated:12 Sept 2013	In Progress
2013-08-1-002	Forward Ticket items that have been resolved to correct lists for next action. (29Aug2013): Sent request to Staff to clarify process. (12Sep2013): Staff to discuss process for updates internally.	Andrew Hughes	8 August 2013	In Progress
2013-09-12-001	Charter redraft work item (12Sep2013): Andrew to continue to update draft charter text based on comments and feedback from IAWG participants	Andrew Hughes	19 September 2013	In Progress
2013-09-12-002	Status update on Resilient Networks work item (12Sep2013): Waiting for information	Myisha Frasier-McElveen	19 September 2013	In Progress

Recently Closed Action Items

Item #	Description	Assigned to	Est. Completion	Status

Item #

Description

Assigned to

Est. Completion

Status

2013-08-29-001

Sub-group required for charter refresh work. R. Furr to convene. Volunteers: Rich Furr; Linda Goettler; Andrew Hughes; Scott Shorter

(5Sep2013): Decision made to bring back to main meeting.

R. Furr

5 September 2013

OBE

Attachments

Next Meeting

Date: Thursday, 19 September 2013
Time: 07:00 PT | 10:00 ET | 15:00 UTC (time chart)
United States Toll +1 (805) 309-2350
Alternate Toll +1 (714) 551-9842
Skype: +99051000000481
- Conference ID: 613-2898
International Dial-In Numbers

IAWG Meeting Minutes 2013-09-12