/
IAWG Meeting Minutes 2013-09-26

IAWG Meeting Minutes 2013-09-26

Oct 03, 2013

Kantara Initiative Identity Assurance WG Teleconference

1 Date and Time | 2 Agenda | 3  Attendees | 4 Minutes Approval | 5 Action Item Review | 6 Staff Updates | 7 Discussion | 8 AOB | 9 Attachments | 10 Next Meeting

 

Meeting Minutes approved October 3, 2013

 

Date and Time

Agenda

  1. Administration:

    1. Roll Call

    2. Agenda Confirmation

    3. Minutes approval: IAWG Meeting Minutes 2013-09-19

    4. Action Item Review

    5. Staff reports and updates

    6. LC reports and updates

    7. Call for Tweet-worthy items to feed (@KantaraNews or #kantara)

  2. Discussion

    1. Resilient Networks team introduction

      1. Resilient pilot and IAWG-IAF interactions

      2. Timelines & expectations of IAWG

    2. Glossary update

    3. IAWG Roadmap review

      1. In particular, do we have enough information at present to identify a timeline for IAF v4.0? (major change revision) Or should there be an IAF v3.1 (updated criteria, same underlying structure)

  3. AOB

    1.  

  4. Adjourn

 Attendees

Link to IAWG Roster

As of 1 July 2013, quorum is 5 of 9

 

Meeting achieved quorum

 

Voting

  • Myisha Frazier-McElveen (C)

  • Rich Furr (V-C)

  • Andrew Hughes (S)

  • Scott Shorter

  • Matt Thompson

Non-Voting

  • Ken Dagg

  • Colin Soutar

  • Matt Woodhill (Resilient Networks)

  • Kenneth Myers (PKH Enterprises)

  • Patricia Hammar (PKH Enterprises)

Staff

  •  Joni Brennan

Apologies

  • Cathy Tilton

Notes & Minutes

Administration 

Minutes Approval

IAWG Meeting Minutes 2013-09-19

Motion to approve minutes of 2013/9/19: Rich Furr
Seconded: Scott Shorter
Discussion: None
Motion Passed 

Action Item Review

See the Action Items Log wiki page

Staff Updates

  • Director's Corner Link

  • Event Radar 2013 and 2014 Link

    • Upcoming events October 14 workshop before Smart Card Alliance

    • KI participating in SCA as well October 15-16 (DC)

    • User Centric ID Live October 15-16 - presenting (DC)

    • IDESG Plenary at NIST October 16-18 - attending

    • IIW meeting October 22-24 Mountain View - Joni attending

LC Updates

  • Feedback on acceptance process between WG and LC (vote in WG first then vote in LC)

  • LC Minutes have been posted - please check there for proceedings

Participant updates

  • none new

Discussion

Resilient Networks team introduction

  • Patricia Hammar (PKH Enterprises)

    • Preparing an analysis of the Resilient Networks Trust Framework versus the IAF - gaps, coverage, how to accommodate differences if present

    • Ken Myers is building a matrix showing the IAF parts, the Kantara docs for cross-reference - this would be the first part for the subgroup to look at

  • Matt Woodward

    • Resilient Systems was in the first round of NSTIC Pilot grants

    • Building the technology, partnerships and legal agreements and broader trust framework they will operate under

    • Have Healthcare and Higher Ed Use cases

    • RSN has a WG looking at Policy and Privacy issues, data flows, accountabilities, and ID assurance issues

    • Whatever is developed needs assessment and needs independent certification - this is the key element in the relationship with Kantara

    • The solution is the Resilient "Trust Network" - PKH is working on the policy review and alignment

  • Discussion:

    • Early findings - RSN has built structures to minimize the amount of information is sent with queries (yes/no instead of the attributes). Q: is this outside of the scope of the IAF? or is this just a different approach?

    • Q: What LOA is RSN working at? A: Their framework and infrastructure will allow them to work at any level. 

    • Q: What kinds of tokens are planned for RSN: Passwords? OTP? other? A: Initially plan to tokenize data to minimize raw data transfers (need to match up to 800-63 Table 7)

    • Q: RSN looking for interoperability with existing CSP/IDP? A: There is the capability built in, but starting internal to the Trust Network only

    • Q: is the idea of the work that RSN become certified under the Kantara IAF? A: No not necessarily. It is to gain an understanding if any particular application of Trust Network is suitable for certification - that goes into the NSTIC analysis.

  • Practicalities of the sub-group:

    • JB: should be similar to existing sub-groups

      • Phase 1: Gap analysis work - subgroup will be called to review first draft

      • Phase 2: Identify what's reusable or what needs to be created

    • PKH: first group - want to have kickoff meeting in next couple weeks

      • analytic review by sub-team of first draft will be a couple weeks duration

  • ACTION: Andrew to send out call for volunteers for subgroup. Patricia to provide content for the email

  • ACTION: High level presentation / overview to IAWG on Resilient Trust Networks approach and plans

  • ACTION: Add the RSN subgroup to the Roadmap: Q4 for Phase 1

Glossary Updates

  • The glossary is out on the list for review - comments are required to ensure quality and alignment with IAF documents.

IAWG Roadmap review

  • What's the goal for publishing the next version of IAF?

    • Ideally publish a minor revision incorporating Glossary, SAC work, Modular IAF

    • Need to figure out a reasonable/realistic timeframe - can these drives come together in a reasonable timeframe? or should they cause updates to IAF serially?

  • Joni requested a visual representation (Gantt chart-ish view) of the work in the IAWG to better see overlaps and critical timing

  • Joni asked how the Executive Director can help reach out to organizations to join the effort

AOB

  • None raised

Attachments

 

 

Next Meeting