2021-02-04 Minutes
Attendees:
Voting Participants: Mark Hapner, Mark King, Richard Wilsher, Ken Dagg, Martin Smith
Staff: Colin Wallis, Ruth Puente
Quorum: 3 out of 5. There was quorum.
Agenda:
1.Administration:
a.Roll Call
b.Agenda Confirmation
c.Minutes Approval 2020-01-21 DRAFT Minutes
d. Action Item Review: action item list
e. Staff reports and updates - December Director's Corner
f. LC reports and updates
g. Call for Tweet-worthy items to feed (@KantaraNews)
2. Discussion.
a. Consider necessary changes to subject-focused criteria
3. Any Other Business
Minutes Approval
2021-01-21 Minutes were approved by motion. Moved: Mark King. Seconded: Mark Hapner Unanimous approval.
Updates
- January Newsletter
- Neustar was approved as a Component - Partial Service on January 27th, the PR will be released soon once all the admin and legal docs are in place to issue the Trust Mark.
- Colin commented that there have been some questions and interest on Kantara approval for 63-3 during the Policy Forum organized by Better Identity Coalition, https://archive.org/details/identityandauthentication2021
- In relation to the issues that may be considered in a Legislation, in order to legitimate Trust Frameworks, Ken suggested Liability responsibilities, compliance and penalties for not compliance. Mark K asked which laws apply; extraterritoriality has been the vein of international collaboration, but it's not getting better (e.g. Australia had issues with Google). He asked "who's law applies, the consumer or the provider, or both?". Richard added that a beneficial legislative approach should put in place a regulatory body that is flexible and responsive.
- February 9-10 US Treasury Financial Innovation Roundtable, 25% of the attendees are Kantara members (ID.me, MIT, Easy Dynamics, Mastercard, IDEMIA).
- There is a new Kantara Consent Receipt WG: https://kantarainitiative.org/groups/advanced-notice-consent-receipt-work-group/
Discussion - Consider necessary changes to subject-focused criteria
- IAWG discussed ways forward in the case where criteria explicitly refers to subscribers and/or subjects, and the subject of assessment is a service that has no direct relation with the those parties, e.g. a Component Service.
- In the CO_SAC and OP_SAC, Richard highlighted those criteria which have potential to be either dropped or re-focused for Component Service assessments, so IAWG can decide what to do in terms of guidance to CSPs and how the Assessors should assess it. Richard explained the criteria that were highlighted in this SACs set: KIAF-1410 CO_SAC SAC & SoCA v3.0.2 - IAWG Review 2021-02-03.xlsx & KIAF-1420 OP_SAC SAC & SoCA v2.0.2 - IAWG Review 2021-02-03.xlsx
- It was agreed to copy the CO #0090 text and post it to CO#0080 text as well as to remove "Specific provisions stated in further criteria in this section". Moved: Mark K. Seconded: Ken. Unanimous approval.
- Ruth commented that the most demanded Kantara Class of Approval is the 800-63 rev.3 Technical, derived from NIST 63A/63B/63C technical requirements (CO_SAC is not included).
Agreed Next steps: 1. Richard to review Kantara 800-63-3 SACs, and propose a selection of the contentious criteria, then continue with the Classic SACs; 2. IAWG agree on the criteria selection and write a Memo that says this is the criteria set that needs attention for Component Approval.
Next meeting: 2021-02-18