2022-04-28 Minutes

Owned by Lynzie Adams
Last updated: May 19, 2022
4 min read

Attendees:

Voting Participants: Ken Dagg, Martin Smith, Mark Hapner, Richard Wilsher, Mark King, Jimmy Jung, Maria Vachino
Other IAWG Members: Hiroyuki Sato, Angela Rey,
Guest: Matt King
Staff: Lynzie Adams, Kay Chopard

Proposed Agenda

  • Administration:
    • Roll call, determination of quorum
    • Agenda confirmation
    • Minutes approval - 2022-04-21 DRAFT Minutes
    • Staff reports and updates
    • International liaisons updates
    • LC reports and updates
    • Call for Tweet-worthy items to feed (@KantaraNews)
  •  Discussion: 
  • Any Other Business and Next Meeting Date

Meeting Notes 

Administrative Items:

IAWG Vice Chair Martin Smith called the meeting to order.  Roll was called. Meeting was quorate. Distributed agenda was confirmed. 

Minutes approval:  Mark Hapner motioned to approve the draft minutes from the April 21 IAWG meeting. Jimmy Jung seconded the motion. The minutes were approved unanimously.

Staff Reports and Updates:

Monthly newsletter was distributed today. If you did not receive it and want to be added to the mailing list, please reach out to Lynzie. 

The 45-day review period for the CO_SAC was launched and closes June 6th. It was referenced in the newsletter for further publicity. 

We have a new assessor application in the US as the program continues to ramp up. Healthcare is starting to really push for Kantara assessments. Kay recently met with HHS about our assurance program. 

International Updates:

We hope to begin to accept applications next month for the UK pilot program. Waiting on final supplementary information coming this week. The pilot ends in the fall, so by the end of the year, we should know more about ongoing demand. Currently have one assessor for the pilot. There was discussion around DCMS’ desired certifications for the assessors. It is very extensive and will be difficult to find anyone that meets the full slate of requirements. The list of requirements was requested by a number of folks and will be circulated by Kay.

Ken inquired if the IAWG should undertake a review of the Kantara criteria and the UK criteria to see how much of an overlap there is – if Kantara wants to work with companies to provide both assessments in the future. Kay suggested that could work – or alternatively wait for Rev 4 and UK criteria that comes out at the end of the pilot which will reflect more updated criteria and possibly be more timely.  

Australia had huge turnover of staff. Introductory call with new folks scheduled in upcoming weeks.

No LC update.

Call for tweet worthy items. Kay added that Karyn hopes to do a series of member spotlights in the newsletters. If you are doing something that you are proud of and your work with Kantara has supported that – please reach out. It’s an opportunity to highlight your program and get publicity. Karyn will conduct an interview and write it up – you just need to volunteer!

Mark King requested an update on DIACC in the light of Ken’s retirement from the group. Kantara does have an open and active liaison agreement with DIACC. It was suggested that Mark King circulate his comments while we wait for the chair election next week. Once we’ve named a new chair, that person can decide whether or not s/he can take on the drafting of the DIACC comments. There is 15 days between the election and the deadline for comments. The group agreed to take this approach. Ken reported approximately 4-5 hours to create a draft and then 1-2 IAWG meetings to finalize for submission. At most, IAWG will have the May 12 and 19 meetings to finalize for the May 20 deadline if it is decided to proceed.

Discussion:

IAWG Chair Nomination and Election Process

IAWG is accepting nominations for chair through the start of the May 5 meeting. If there is only one nomination, a formal vote will be held during the meeting. If there are multiple nominees, a secret ballot will be sent to voting members to elect the new chair. So far Andrew Hughes has self-nominated for the chair role. Those interested should submit their nomination to the IAWG email list. 

Service Descriptors

Classes of approval and Service Descriptors are a Board decision, but they are looking to the IAWG for a recommendation. Two major discussion points are 1) whether to retain technical approvals and 2) must full service include both IAL and AAL. What do we want to advise the Board to do?

Richard suggested we may want to look at the classes of approval before focusing on the service descriptors. He is in favor of removing the technical class of approval. Jimmy disagrees with this suggestion. He believes many companies come in with other assessments (i.e. SOC, FEDRAMP, 27001, etc.) that fulfill the requirement. From a marketing POV, they are paying for something twice. Richard believes our CO_SAC includes identity assurance criteria that complements our Identity Assurance Framework that would not be included in these other assessments.

Martin asked if thought has been given to accepting other assessments. Richard says yes, but we might want to revise the CO_SAC with that understanding – that CSPs might come to Kantara with some of these other assessments already completed – and account for that in the CO_SAC. There are other criteria in the CO_SAC that all CSPs should be held accountable to. He suggests a full CO_SAC review for this purpose.

After continued discussion, it was agreed to invite CSPs at a later date to discuss this topic. Offer the invitation to ARB members as well. Ken said this strategy has worked in the past – inviting CSPs to a meeting to discuss a relevant topic and they have shown up. A survey was also suggested, rather than a meeting. The group will attempt both – hold the meeting and follow up with a survey for those who could not attend or want to provide additional input.

The group thanked Ken for his service over the years for both Kantara and the IAWG.

Next Meeting:

May 5 to elect an IAWG Chair