2020-07-16 Minutes

Attendees:

Voting participants: Ken Dagg, Tom Jones, Mark Hapner, Martin Smith

Non participants: Sarah Chu, Easy Dynamics (representing JJ Harkema), Mark King

Kantara staff: Colin Wallis and Ruth Puente

Quorum: As of 2019-12-19, quorum is 3 of 5. There was quorum

Agenda

Administration:

Roll Call
Agenda Confirmation
Action Item Review: action item list
Minutes approval 2020-07-09 Draft Minutes
Staff reports and updates - Director's Corner and Keeping up with the Kantarians
LC reports and updates
Call for Tweet-worthy items to feed (@KantaraNews

Discussion

a. Comments on 800-63-3 to ultimately lead to Revision 4.

b. Update on xAL3 Sub-group, which is preparing criteria for 63B at AAL3 and 63C at FAL3.

3. Any Other Business

Minutes Approval

2020-07-09 Minutes were approved by motion. Moved: Mark Hapner Seconded: Martin Smith. Unanimous Approval.

Updates

Australian (ATO) and New Zealand (DIA) governments renewed their Kantara membership.
Kantara Summer Webinars:

1) What does it take to be Approved as NIST 800-63-3 conformant? 2020-07-15; recording and slides available at: https://kantarainitiative.org/download/what-does-it-take-to-be-approved-as-nist-800-63-3-conformant/

2) UMA 21st century health information interoperability + user control will take place on 2020-07-22; recording and slides will be posted here: https://kantarainitiative.org/download/uma-21st-century-health-information-interoperability-user-control/

Update on xAL3 Sub-group

IAL3 was approved by IAWG on 2020-07-09.
Sub-group is working on AAL3 and FAL3 criteria and plan to finish at the end of the month. Next steps: send the drafts for IAWG review and approval.
FAL2 is under Public Comment and IPR Review until July 24th.
It is estimated that the xAL3s would be ready for assessment by end of September.

Gather comments for revisions to SP 800-63-3 to ultimately lead to Revision 4

Ken sent the instructions to IAWG mailing list on how to comment and make suggestions on 800-63-3, including the PDFs with line numbers.
He stressed that the commenters should use the following structure to submit comments:

Volume Identifier (All, Overview, A, B or C)
Section Identifier (Number AND Name)
Sub-Section Identifier (Number AND Name)
Line number
Comment: Be as specific as possible. If relevant, provide references to other jurisdictions to justify your comment.
Suggested Revision: Provide suggested text if possible.
Please use the PDFs with line numbers as reference for your comments.

Ken will compile all comments into a list for discussion by IAWG. The plan is to schedule two IAWG meetings (July 30th and August 6th) to reach consensus prior to NIST’s August 10th submission deadline.

AoB

Mark King commented about a Jerry Fishenden paper 'Federated Identity for Access to UK Public Services: 1997–2020' that may be of IAWG interest: https://ntouk.files.wordpress.com/2020/06/federated-identity-for-access-to-uk-public-services-1997-2020-jerry-fishenden-1.pdf. Moreover, he mentioned that a British Standard, 'BS 8626 Design and operation of online user identification systems – Code of practice' is available for public comment until August 31st, available at the BSI website here: https://standardsdevelopment.bsigroup.com/projects/2018-01712#/section. He stressed that it is only guidance; he is preparing comments in relation to the significant gaps he founded on the standard. He clarified that BSI is equivalent to ANSI in the US. IAWG agreed not to comment on the British Standard #8626.
It was agreed that the next meeting will be on 2020-07-30