Kantara Initiative Identity Assurance WG Teleconference

Date and Time

• Date: Thursday, 3 October 2013
• Time: 07:00 PT | 10:00 ET | 14:00 UTC (time chart)
• United States Toll +1 (805) 309-2350
  Alternate Toll +1 (714) 551-9842
  Skype: +99051000000481
  
  • Conference ID: 613-2898
• International Dial-In Numbers

Agenda

1. Administration:
   
   1. Roll Call
   2. Agenda Confirmation
   3. Minutes approval: IAWG Meeting Minutes 2013-09-26
   4. Action Item Review
   5. Staff reports and updates
   6. LC reports and updates
   7. Call for Tweet-worthy items to feed (@KantaraNews or #kantara)
2. Discussion
   
   1. IAWG Charter endorsement
   2. November 10-11 F2F Plenary in Vancouver - IAWG work?
   3. Review latest draft material on 800-63-2 v SAC mapping
   4. IAF Publication Schedule / numbering
3. AOB
   1.  
4. Adjourn

 Attendees

Link to IAWG Roster

As of 1 July 2013, quorum is 5 of 9

Voting

• Myisha Frazier-McElveen (C)
• Rich Furr (V-C)
• Andrew Hughes (S)
• Scott Shorter
• Richard Wilsher
• Cathy Tilton
  

Non-Voting

• Kenneth Myers
• Matt Woodhill

Staff

•  Joni Brennan

Apologies

• Patricia Hammar
• Matt Thompson
• Ken Dagg

Notes & Minutes

Administration 

Minutes Approval

IAWG Meeting Minutes 2013-09-26

Motion to approve minutes of 2013-09-26: Rich Furr
Seconded: Scott Shorter
Discussion: None
Motion Passed 

Action Item Review

See the Action Items Log wiki page

Staff Updates

• Director's Corner Link
• Event Radar 2013 and 2014 Link

LC Updates

Participant updates

Discussion

Agenda was sidetracked to discussion of a specific issue with CO_ISM#090 which consumed the meeting time.

Discussion of 800-63-2 v SAC Mapping drafts

• Question of why 800-63-2 is the only mapping being considered? Should include 800-53 and also requirements of TFPAP.
  
  • If this is not done, then there might be future issues with the SAC - because 800-63 only refers to Identity Proofing topics, it refers to 800-53 directly. This might result in conflicts between IAF and TFPAP.
  • Concern that this would result in a US-Centric IAF

• Example given is the requirement for (CO_ISM#090) External Audit bi-annually. 
  
  • This is not required in 800-63. tScheme requires it. Currently this requirement is scheduled for removal in SAC v4.0 - view is that this will put Kantara's assessment program at risk. It should remain in the SAC.
  • The AAS covers the 3rd Party nature of Kantara Assessments - this was what was approved by TFPAP originally.
  • The argument for removal: the Kantara Assessment itself is by definition an independent audit - so having it as a criteria is redundant and potentially confusing.
• Note made that it is helpful to include criteria like this even if they appear to be redundant - because of the complex inter-dependencies between the SAC and several other documents. It is very complex if the Assessor/Assessed need to jump between many documents - could easily cause important criteria and requirements to be missed.
• Discussion about alignment with 27001 relative to frequency of 3rd party audits - it is unclear what the resolution is. 
  
  • FICAM gives the example of a 3 year independent audit cycle, but 27001 is annual for certification.
• ACTION: Richard Wilsher will submit a ticket for CO_ISM#090 removal. Richard & Rich will prepare discussion points on CO_ISM#090 for a vote on next IAWG call.
• ACTION: Discuss timetable for moving the IAF v4 to Public Review stage at next call

IAWG Draft Charter endorsement

The 2013 IAWG Charter Final Draft is here: 2013 IAWG Charter Refresh - Final Draft September 30 2013

Deferred

November 10-11 Plenary Planning

Deferred

IAF Publication Schedule

Deferred

AOB

Attachments

Next Meeting

• Date: Thursday, 10 October 2013 
• Time: 07:00 PT | 10:00 ET | 15:00 UTC (time chart)
• United States Toll +1 (805) 309-2350
  Alternate Toll +1 (714) 551-9842
  Skype: +99051000000481
  
  • Conference ID: 613-2898
• International Dial-In Numbers