2019-05-23 Meeting Minutes

Attendees

Voting participants: Ken Dagg; Mark Hapner; Rich Furr; Martin Smith 

Staff: Colin Wallis, Ruth Puente

Quorum: 4 of 7. There was quorum.

Agenda

1. Administration:
1. Roll Call
2. Agenda Confirmation
3. Minutes Approval 2019-05-02 DRAFT Minutes
4. Action Item Review: action item list
5. Staff reports and updates -  Director´s Corner and Keeping up with Kantara May 2019 
6. LC reports and updates
7. Call for Tweet-worthy items to feed (@KantaraNews or #kantara)
2. Discussion

a. DIACC Request for Review & Comment: Verified Login Component & Verified Login Conformance Profile
b. Vice-Chair Elections 
c. Criteria Guidance (Any participant suggestions for adding or enhancing guidance for understanding assessment criteria)
3. Any Other Business

Minutes Approval

2019-05-02 DRAFT Minutes were approved by Motion. Moved:  Mark Hapner Seconded: Ken Dagg. Unanimous approval. 

Updates

• Director´s Corner - May 2019
• Newsletter: May
• Ken commented that the IAF Overview and Glossary - IAF 1050 is under Public Comment and IPR Review for 45 days. After that period closes, there will be an All Member Ballot. 
• Ken said that he has sent a note to the IAWG, informing that there have been changes to the FIPS documents and encourage CSPs to review their systems to ensure that they remain complaint. 
• Colin pointed out that TEFCA v2.0 was open for public comment. 
• LC update - Consent Receipt: During the ISO SC27 meetings in Tel Aviv the summary of the Consent Receipt structure was submitted to be an annex of ISO29184 (Online Privacy Notices and Consent) and it was accepted in principle. 

Vice-Chair Elections 

• Martin Smith has submitted his nomination for the Vice-Chair position. 
• Martin Smith was elected as Vice-Chair by acclamation. Unanimous Approval. 

DIACC Request for Review & Comment: Verified Login Component & Verified Login Conformance Profile

• Link to the DIACC Call for Comments: https://diacc.ca/2019/05/15/verified-login-overview-conformance-discussion-drafts/
• Ken pointed out that in the Overview discussion draft:

-He found very confusing the purpose of the log in component and the conformance criteria.

-In Line 47, he will ask what is the purpose for applying standardized conformance criteria for assessment and certification.

-Line 49, where does the trusted digital identity come from?.  The purpose on line 49 should be  "to ensure the log in process is good".

-Line 50,  "a certified process" has not been defined before.  

-There are several "MAYs" and "SHOULDs" in the criteria, which should be replaced by "SHALLs".

• Martin will send his comments to the IAWG mailing list after the meeting. 
• Rich pointed out that there is no credential issuance related text. He added that EU, ETSI and Kantara IAF have specific requirements on this regard, but there are no such references in the draft. 

OMB Memorandum- 19-17 - Enabling Mission Delivery through Improved Identity, Credential, and Access Management 

• The Office of Management and Budget (OMB) has rescinded M-04-04 and replaced it with this revised OMB policy officially published on: https://www.whitehouse.gov/wp-content/uploads/2019/05/M-19-17.pdf
• The Memo supports 800-63-3 conformance.

AoB

• Mark shared the following link https://www.theverge.com/2019/4/10/18295348/google-android-phone-fido-webauthn-phishing-two-factor-authentication

Action items

• Martin to send his comments about the DIACC draft Verified Login Component & Verified Login Conformance Profile by email.