2019-01-09 TFS Sync Meeting Notes


Attendees:

Scott Shorter, IAWG Vice-Chair

Tom Barton, Incommon

Matt King, SAFE BioPharma

Ann West, Incommon

Scott Perry

JJ Harkema, Experian

Richard Wilsher, Zygma

Colin Wallis, KI

Ruth Puente, KI


Follow up of action items

- TFPs to ask the CSPs if 800-63-3 is required on Request For Proposals (RFPs). 

- Gathering interest on User Forum for the clients of the CSPs.

- Building together a value proposition for the justification of 63-3 certification.

- Adding CSPs updates to the agenda.

  • Ann suggested creating a survey for the value proposition on adopting 63-3 (Why are they using it? What would make them use it? etc).
  • Regarding the User forum, Colin commented that Kantara CSPs are concerned about the competitive side of it. Initially, the Kantara´s CSPs will not be keen to reach out their own customers to invite them to join the forum along with other competitor’s customers.
  • Colin added that Kantara made a full round of assessors and CSPs and it got a mixed response. In most cases there was not a specific requirement on the RFPs.  However, the sense is that customers of CSPs who are interested, are doing it as a pre-step in the expectation that there will be a mandate or the procurement people will add it to the RFPs as a requirement.
  • Matt commented that the main driver would be a requirement versus a feature of their solution that they feel it would enhance their service offering.
  • Matt said that it might be valuable to develop common language that we all can use, something like “reasons why it makes sense to use certified credentials”.
  • Tom stressed that the main reason for the adoption would be that the CSPs customers (Federal Agencies) require 800-63-3.


Kantara IAWG Report provided by Scott Shorter 

  • Revision of Introductory document IAF 1000 – Overview to the Program, there was an internal round of review and it was distributed to CSPs to get their input and the IAWG will discuss it further in the next meetings.
  • IDVP Uses Cases DG is preparing the final report. More information: https://kantarainitiative.org/groups/idpvusecases/

 

Incommon Report provided by Tom Barton 

  • Baseline Expectation Program: 95% of all of the entities that operate within the Federation meet the Baseline standard, which represents 90% of the member organizations.

 

Various

  • It was asked about the status of the memos about resolving cases with respect to remote and unsupervised identity proofing.  Richard responded that the first outcome from those recommendations is that Kantara has updated its 800-63 rev. 3 criteria but it is still outstanding to send the recommendations to NIST.
  • Matt confirmed that David Temoshok is the NIST PoC for 800-63-3.

 

Any Other Business

  • Colin commented that OMB apparently provided a second draft of OMB policy to the CIO Council. This would be the second OMB attempt to make its policy much clearer; in particular, it provides more clarity on the roles of GSA and NIST.  Possibly, there would be other kind of contractual framework from the GSA.

 

Action items

  • To discuss the mechanisms of the survey to CSPs in relation to 800-63-3, in order to build together the value proposition.