Attendees

Voting participants:

Jose Lopez, Zentry

Scott Shorter, Vice Chair

Ken Dagg, Chair

Richard Wilsher, Zygma

Staff:

Colin Wallis

Ruth Puente

Agenda

a. Refinement of CO-SAC IAF-1400 (non-material changes) and Repackaging into IAF-1410 and IAF-1420.

b. Risk Inventory Model

c. Next steps evaluating strengths of evidence

Quorum

IAWG Quorum has been updated, 5 of 8 voting members.

Minutes Approval

Motion to approve Draft Minutes of February 1st and February 8th was approved by MH and seconded by SS.

LC Update

UMA version 2 docs will be published shortly.
Blockchain report was well received in the industry and had lot of downloads. (Link to the report https://kantarainitiative.org/file-downloads/report-from-the-blockchain-and-smart-contracts-discussion-group-to-the-kantara-initiative-v1/)
Operational procedures document is being updated.

Refinement of CO-SAC IAF-1400 (non-material changes) and Repackaging into IAF-1410 and IAF-1420.

RW explained that he took 1400 (the classic SAC) and restructured it, so the CO-SAC is in the new doc IAF 1410 and the OP-SAC is in the new doc 1420.

KD pointed out that IAF 1400 was based on 4 levels of assurance, and the split only covers LoA 2 and LoA 3, so the new documents should cover the 4 levels as well.
RW commented that this Web Page tells you which criteria set applies to which classes of approval.
It was agreed that the web page of classes of approval need to be updated with these new documents (IAF 1410 and IAF 1420).
As we will park IAF 1400, it was agreed that we should cover all LoAs (1-4) in 1410 and 1420.
JL commented that main customers use LoA 1 and LoA 3, only one customer uses LoA2.
It was agreed that RW will make the changes to IAF 1410 and IAF 1420 documents and then will be submitted to IAWG for approval.

Risk Registry

It was shared this document: CCopy of Int'l Mapping Worksheet Extract - Identity Proofing (27November2017).xlsx
SS explained that it is a NIST contribution to the ISO/IEC JTC 1 SC 27 Work Group 5, a mapping of different trust frameworks and their identity requirements at different levels. It is all risk driven and it is useful for comparing schemes.
He added that it is in the public international domain so we can use it.
CW commented that the long term intention with this tool, is to use it as element for the project related to evaluating strenghts of evidence, which has been discussed within the TFS Sync.
SS commented that in the last TFS Sync (Feb 14) there was a discussion to find ways of consistency in evaluating evidence. He added that a Joint Working Group will be created to work on this topic and he will draft a charter and share it before the next Sync.

Next Meeting: March 1st.

Browser not supported