2022-05-05 Minutes
Attendees:
Voting Participants: Martin Smith, Mark Hapner, Mark King, Jimmy Jung, Maria Vachino
Other IAWG Members: Andrew Hughes, Varun, Eric Thompson, Chris Lee
Guests: Matt King, Sarah Chu Villarmarzo, Jim Kragh
Staff: Lynzie Adams, Kay Chopard
Proposed Agenda
- Administration:
- Roll call, determination of quorum
- Agenda confirmation
- Minutes approval - 2022-04-28 DRAFT Minutes
- Staff reports and updates
- International liaisons updates
- LC reports and updates
- Call for Tweet-worthy items to feed (@KantaraNews)
- Discussion:
- IAWG Chair Election
- 800-63 Discussion
- DIACC final decision
- Any Other Business and Next Meeting Date
Meeting Notes
Administrative Items:
IAWG Vice Chair Martin Smith called the meeting to order. Roll was called. Meeting was quorate. Distributed agenda was confirmed. Andrew Hughes asked the group to be switched to a voting member. Jim Kragh is joining the meeting today to share a little about his working group. It will be discussed during other business.
Minutes approval: Mark Hapner motioned to approve the draft minutes from the April 28 IAWG meeting. Jimmy Jung seconded the motion. The minutes were approved unanimously.
Staff Reports and Updates: none
International Updates:
EIC is next week. Kantara will be well represented.
LC update:
Beginning a new cycle of reviewing the Operating Procedures for improvements.
Call for tweet worthy items.
Discussion:
IAWG Chair Election
Andrew Hughes was the sole nomination for the IAWG chair. Voting members for the election include: Maria Vachino, Mark King, Mark Hapner, Jimmy Jung, and Martin Smith.
Maria motioned to selected Andrew Hughes as the new chair for this working group for the remainder of 2022. Mark King seconded the motion. Jimmy, Martin and Mark Hapner all voted yes. With a unanimous vote, Andrew Hughes is the IAWG chair for the remainder of 2022. He will start his new role at the next meeting.
800-63 Briefing
The briefing and discussion was led by Maria. Some key points included:
- 63-4 release delayed until end of summer. Controversy around ID proofing is mostly the reason - facial verification piece for IAL2 and above. There is also an increased focus in this administration for equity and inclusion issues. It is taking NIST time to work it into the draft. No controversy with AAL or FAL at this point.
- Authentication – risk detection/ fraud detection type of responsibilities. Zero Trust document - 800-63 is a foundational piece of that. There is interest. The problem is the compensating controls used in the financial sector are geared toward a group very different from those needing government services (i.e., no internet, low-quality technology, etc).
- NIST agreed to do a workshop with Kantara. They do that on a regular basis with agencies and is willing to do it with Kantara for Kantara members. Likely during the public review period.
- Suggested solutions to the agencies could be appreciated on some of these issues. Probably not a desire for a listening session - but they always are looking for solutions.
- 63-4 rumored changes: Enhanced IAL1 coming. Addition of a credible source being added to help with a risk-based decision. Expansion of a trusted referee is in the works – or an applicant representative, i.e. a social worker could assist the applicant with the proofing process.
- NIST posted open questions they want addressed – beyond that is the equity and inclusion question. Low and moderate will have separate controls is the hope. It will help a great deal. Github is a good place to keep an eye on open questions.
- Discussions around password-free processes.
- Maria suggests all companies respond to the draft with not only the issues – but include suggested language. As for Kantara’s response, IAWG will likely be the WG to draft the language and then pass through individual organizations.
DIACC
It was determined that IAWG will not be able to draft a response in the time period allotted for the DIACC request.
Any Other Business & Next Meeting:
Jim Kragh introduced himself as the chair of the Federated Identifiers for Resilient Ecosystems (FIRE) work group and the vice-chair of the Healthcare Identity Assurance work group. These two work groups will be merging together to look very specifically at the underserved population. How do we gain trust?
Will reach out to the group once we know more about the KIBoD meeting. Meeting will be held either May 19 or May 26.