IAWG Meeting Minutes 2013-10-03

Owned by Former user (Deleted)
Last updated: Oct 10, 2013
2 min read

Kantara Initiative Identity Assurance WG Teleconference

 

Meeting Minutes - IAWG approval 2013-Oct-10

Date and Time

Agenda

  1. Administration:
    1. Roll Call
    2. Agenda Confirmation
    3. Minutes approval: IAWG Meeting Minutes 2013-09-26
    4. Action Item Review
    5. Staff reports and updates
    6. LC reports and updates
    7. Call for Tweet-worthy items to feed (@KantaraNews or #kantara)
  2. Discussion
    1. IAWG Charter endorsement
    2. November 10-11 F2F Plenary in Vancouver - IAWG work?
    3. Review latest draft material on 800-63-2 v SAC mapping
    4. IAF Publication Schedule / numbering
  3. AOB
    1.  
  4. Adjourn

 Attendees

Link to IAWG Roster

As of 1 July 2013, quorum is 5 of 9

Meeting achieved quorum

Voting

  • Myisha Frazier-McElveen (C)
  • Rich Furr (V-C)
  • Andrew Hughes (S)
  • Scott Shorter
  • Richard Wilsher
  • Cathy Tilton

Non-Voting

  • Kenneth Myers
  • Matt Woodhill

Staff

  •  Joni Brennan

Apologies

  • Patricia Hammar
  • Matt Thompson
  • Ken Dagg

Notes & Minutes

Administration 

Minutes Approval

IAWG Meeting Minutes 2013-09-26

Motion to approve minutes of 2013-09-26: Rich Furr
Seconded: Scott Shorter
Discussion: None
Motion Passed 

Action Item Review

See the Action Items Log wiki page

Staff Updates

LC Updates
  •  
Participant updates

Discussion

Agenda was sidetracked to discussion of a specific issue with CO_ISM#090 which consumed the meeting time.

Discussion of 800-63-2 v SAC Mapping drafts
  • Question of why 800-63-2 is the only mapping being considered? Should include 800-53 and also requirements of TFPAP.
    • If this is not done, then there might be future issues with the SAC - because 800-63 only refers to Identity Proofing topics, it refers to 800-53 directly. This might result in conflicts between IAF and TFPAP.
    • Concern that this would result in a US-Centric IAF

 

  • Example given is the requirement for (CO_ISM#090) External Audit bi-annually. 
    • This is not required in 800-63. tScheme requires it. Currently this requirement is scheduled for removal in SAC v4.0 - view is that this will put Kantara's assessment program at risk. It should remain in the SAC.
    • The AAS covers the 3rd Party nature of Kantara Assessments - this was what was approved by TFPAP originally.
    • The argument for removal: the Kantara Assessment itself is by definition an independent audit - so having it as a criteria is redundant and potentially confusing.
  • Note made that it is helpful to include criteria like this even if they appear to be redundant - because of the complex inter-dependencies between the SAC and several other documents. It is very complex if the Assessor/Assessed need to jump between many documents - could easily cause important criteria and requirements to be missed.
  • Discussion about alignment with 27001 relative to frequency of 3rd party audits - it is unclear what the resolution is. 
    • FICAM gives the example of a 3 year independent audit cycle, but 27001 is annual for certification.
  • ACTION: Richard Wilsher will submit a ticket for CO_ISM#090 removal. Richard & Rich will prepare discussion points on CO_ISM#090 for a vote on next IAWG call.
  • ACTION: Discuss timetable for moving the IAF v4 to Public Review stage at next call
IAWG Draft Charter endorsement

The 2013 IAWG Charter Final Draft is here: 2013 IAWG Charter Refresh - Final Draft September 30 2013

Deferred

November 10-11 Plenary Planning

Deferred

IAF Publication Schedule

Deferred

AOB

 

Attachments

 

 

Next Meeting