2020-07-16 Minutes

Attendees: 

Voting participants: Ken Dagg, Tom Jones, Mark Hapner, Martin Smith

Non participants: Sarah Chu, Easy Dynamics (representing JJ Harkema), Mark King

Kantara staff: Colin Wallis and Ruth Puente

Quorum: As of 2019-12-19, quorum is 3 of 5. There was quorum

Agenda

Administration:

1. Roll Call
2. Agenda Confirmation
3. Action Item Review: action item list
4. Minutes approval 2020-07-09 Draft Minutes
5. Staff reports and updates -  Director's Corner and Keeping up with the Kantarians 
6. LC reports and updates
7. Call for Tweet-worthy items to feed (@KantaraNews

Discussion

a. Comments on 800-63-3 to ultimately lead to Revision 4. 

b. Update on xAL3 Sub-group, which is preparing criteria for 63B at AAL3 and 63C at FAL3. 

3. Any Other Business 

Minutes Approval

2020-07-09 Minutes were approved by motion. Moved: Mark Hapner Seconded: Martin Smith. Unanimous Approval. 

Updates

• Australian (ATO) and New Zealand (DIA) governments renewed their Kantara membership.  
• Kantara Summer Webinars: 

1)  What does it take to be Approved as NIST 800-63-3 conformant? 2020-07-15; recording and slides available at: https://kantarainitiative.org/download/what-does-it-take-to-be-approved-as-nist-800-63-3-conformant/

2) UMA 21st century health information interoperability + user control will take place on 2020-07-22; recording and slides will be posted here: https://kantarainitiative.org/download/uma-21st-century-health-information-interoperability-user-control/

• eGov WG was archived. 

Update on xAL3 Sub-group

• IAL3 was approved by IAWG on 2020-07-09.
• Sub-group is working on AAL3 and FAL3 criteria and plan to finish at the end of the month. Next steps: send the drafts for IAWG review and approval. 
• FAL2 is under Public Comment and IPR Review until July 24th.
• It is estimated that the xAL3s would be ready for assessment by end of September.

Gather comments for revisions to SP 800-63-3 to ultimately lead to Revision 4

• Ken sent the instructions to IAWG mailing list on how to comment and make suggestions on 800-63-3, including the PDFs with line numbers.

• He stressed that the commenters should use the following structure to submit comments:

1. Volume Identifier (All, Overview, A, B or C)
2. Section Identifier (Number AND Name)
3. Sub-Section Identifier (Number AND Name)
4. Line number
5. Comment: Be as specific as possible. If relevant, provide references to other jurisdictions to justify your comment.
6. Suggested Revision: Provide suggested text if possible.
7. Please use the PDFs with line numbers as reference for your comments.

• Ken will compile all comments into a list for discussion by IAWG. The plan is to schedule two IAWG meetings (July 30th and August 6th) to reach consensus prior to NIST’s August 10th submission deadline. 

AoB

• Mark King commented about a Jerry Fishenden paper 'Federated Identity for Access to UK Public Services: 1997–2020' that may be of IAWG interest: https://ntouk.files.wordpress.com/2020/06/federated-identity-for-access-to-uk-public-services-1997-2020-jerry-fishenden-1.pdf. Moreover, he mentioned that a British Standard, 'BS 8626 Design and operation of online user identification systems – Code of practice' is available for public comment until August 31st, available at the BSI website here: https://standardsdevelopment.bsigroup.com/projects/2018-01712#/section. He stressed that it is only guidance; he is preparing comments in relation to the significant gaps he founded on the standard. He clarified that BSI is equivalent to ANSI in the US. IAWG agreed not to comment on the British Standard #8626.  
• It was agreed that the next meeting will be on 2020-07-30