2020-03-05 Minutes

Attendees: 

Voting Participants: Ken Dagg; Richard Wilsher; Mark Hapner;  Martin Smith

Non-voting members: Ann Racuya-Robbins, World Knowledge Bank 

Staff: Colin Wallis and Ruth Puente

Quorum: As of 2019-12-19, quorum is 3 of 5. There was quorum

Agenda 

1. Administration:

• Roll Call
• Agenda Confirmation
• Action Item Review: action item list
• Minutes approval: 2020-02-20 Draft Minutes 2020-02-06 Draft Minutes 2020-01-09 Draft Minutes
• Staff reports and updates -  Keeping up with Kantara February 2020and February Director's Corner 
• LC reports and updates
• Call for Tweet-worthy items to feed (@KantaraNews)

2. Discussion

• Develop comments on PCTF Organization component - Please see initial comments attached. 
• Address ARB concerns on OP-SAC with regard to phishing attacks, by adding a phrase to AL3_CM_CTR#020 (See 2020-02-20 Draft Minutes)

3. Any Other Business 

Minutes Approval 

2020-01-09 Draft Minutes were approved by motion. Martin moved and Ken seconded 

2020-02-06 Draft Minutes were approved by motion. Mark moved and Richard seconded

2020-02-20 Draft Minutes were approved by motion. Richard moved and Mark seconded 

Updates

• 63C sub-group had its first meeting on March 4th, 2020.
• Comments are being prepared for UK Government Digital Services on their GPG44 (Using authenticators to protect an online service).

Outstanding issue on OP-SAC 

• Ruth commented that the IAWG has previously agreed to address ARB concerns on OP-SAC with regard to phishing attacks, by adding a phrase to AL3_CM_CTR#020 (See 2020-02-20 Draft Minutes)
• The action is still open, Richard is working on new wording. 

Comments on PCTF Organization Component 

• Ken has walked the group through each of the initial comments he added here DIACC-Comment-Submission-Spreadsheet-Verified-Organization-ENG KD (1).xlsx
• Ken was disappointed with the amount of editorial mistakes on the text. 

• It was commented that it's critical that when we are doing business, the organization we are making a transaction with be a verified organization. The main goal is to have process in place to ensure that federation networks are accountable and reliable and that exists and can be collected. 

• Ken said that on the Privacy related ones, they must identify a valid reason for collecting information and get the proper consent. Richard asked if it's exclusively for the purposes of identity proofing. Ken confirmed yes. Richard stated that 63-3 provision on that says that we only should collect only information to uniquely establish the identity. 
• Martin asked what aspect DUNS does not cover. Richard added that it's not a guaranteed source. Martin clarified it's a British entity. Ken will investigate about DUNS Registry. 
• The participants agreed with the comments and asked Ken to submit them to  DIACC. 
• Ken asked if some of these PTCF criteria can be included in the Kantara IAF. Richard, answered affirmative but he suggested to wait for DIACC to refine the text and then explore its adoption.
• Ken pointed out that PCTF could be another KI class of approval. Richard added that we could extend the range of criteria in the CO-SAC, which will affect Classic and 800-63 rev.3, but it won't solve the Canadian requirements. Therefore, Richard supports Ken's suggestion that the better path would be to create a new class of approval with the Canadian full set of criteria.