IAWG Meeting Minutes 2017-02-09

Kantara Initiative Identity Assurance WG Teleconference

 

Date and Time

  • Date: Thursday, 2017-02-09
  • Time: 12:00 PST | 15:00 EST
  • Dial-in Details
  • Skype: +99051000000481
  • US Dial-In: +1-805-309-2350
  • Conference ID: 613-2898

Agenda

  1. Administration:
    1. Roll Call
    2. Agenda Confirmation
    3. Minutes Approval: 
      1. DRAFT IAWG Meeting Minutes 2017-01-26
      2. DRAFT IAWG Meeting Minutes 2017-01-12
    4. Action Item Review: action item list
    5. Organization Updates - Director's Corner
    6. Staff reports and updates
    7. LC reports and updates
    8. Call for Tweet-worthy items to feed (@KantaraNews or #kantara)
  2. Discussion
    1. Election for IAWG leadership
    2. Charter review
    3. IDEF mapping to Kantara IAF
    4. Status of NISTIR 8149 comments 
    5. NIST SP 800-63-3 public review period next steps
  3. AOB

 Attendees

Link to IAWG Roster

As of 2017-01-12, quorum is 4 of 7

Use the Info box below to record the meeting quorum status

Meeting (did / did not) achieve quorum

 

 

Voting

  • Lee Aber
  • Ken Dagg (C)
  • Andrew Hughes (VC)
  • Scott Shorter (S)
  • Richard Wilsher
  • Adam Madlin

Non-Voting

  • Kolin Whitley
  • Russ Weiser
  • Ken Crowl
  • Boris Kronrod

Staff

  • Colin Wallis
  • Ruth Puente

Apologies

  • None

 

 

 

Notes & Minutes

Administration 

Minutes Approval

  1. DRAFT IAWG Meeting Minutes 2017-01-26
  2. DRAFT IAWG Meeting Minutes 2017-01-12

Motion to approve minutes of 2017-01-26, 2017-01-12, Andrew Hughes moves 
Seconded: Russ Weiser
Discussion: 
Motion Carried 

Action Item Review

  •  Deferred for now.

Staff Updates

  • Colin reports the focus has been the need for directed funds and sponsorship funds to finish our work. We get a long way with volunteer work but resources can be exhausted with the work. The hard work for the final work to get products across the line. Members with an interest in output from Kantara.
  • Reach out in directors corner asks for that. There's sliders on the website for IDPRO and Consent Receipt. 
LC Updates
  •  
Participant updates
  •  

Discussion

Thanks to Kolin Whitley and good wishes in future endeavors.

Election of IAWG leadership

we are currently lacking a Secretary candidate.

Charter review

Ken has updated the charter for review by members, next week we should be able to review/approve and make it the current charter.  Main update has been to focus on the stewardship of the IAF specifications. Update will go out this week for review next week.

IDEF to SAC mapping

Andrew has called for comments. This version of the mapping spreadsheet includes Kantara comments has not changed since the first time. The document looked at IDESG's analysis of how the Kantara approval criteria match the IDESG's baseline requirements of the IDEF framework. IDESG noted some requirements that they felt would be not met by Kantara approved entities. On the left of the spreadsheet is the analysis done by IDESG, and Kantara comments on the right. Some comment were not applicable to the criteria because IAF doesn't apply to relying parties.  We confirm that some requirements are not covered, IAWG will consider updates to the SAC in the regular course of business to either create criteria to meet the requirements. Question is what form should the response take?

Andrew Hughes moves that IAWG approve the comments on the IDEF baseline to SAC mapping, and we deliver the comments as written to IDESG for their consideration. Adam Madlin seconds.  Passed.

NISTIR 8149

Propose to forward comments and dissenting comments to NIST.

Scott Shorter moves to forward the comments developed by IAWG on NISTIR 8149, including the dissenting comments to Colin for deliver to NIST.  Andrew Hughes seconds.  Passed.

NIST SP 800-63-3 Comment Period

Deadline is March 31, but NIST would of course prefer comments sooner than that.  IAWG is coordinating the creation of the comments, with ARB invited to participate as they see fit.

Has anyone not had a chance to review the document?

Andrew asks what the IAWG comment process should be?  Ken responds that discussion in the next four weeks would be best, so that we can get comments in at least a week before March 31.  Switching back to weekly meetings to accomplish that.

What level of comments should we be addressing - typos addressed by the organization?   RGW suggests that we don't want to spend our time on typos or grammar.   Ken agrees, we need meaty comments.  Comments regarding the cost and impact of the changes the the CSPs.

Ken asked when the CSPs would be expected to comply.  FICAM had no response, Paul Grassi indicated that agencies should comply with NIST publications within 12 months.  In order to meet a 12 month timeframe, Kantara would need to update the framework within 7 months.

Kolin Whitley - ID proofing strategies were put in place as part of multiyear contracts, how might that impact the component given that the new guidelines are significantly different.

Russ mentions that requirements for authoritative data sources, chasing identity documents to their source. The federal and state governments have failed to provide a verification service.  TFS work on standard operating procedures, the implication was that there were changes underway to make things easier for agencies to understand.  It's more unrealistic if agencies must grapple with new standard procedures from TFS at the same time that 800-63-3 hits.

Andrew points out that if we model the criteria to 800-63 - does it improve our ability to use the Kantara criteria with other international schemes?  Will we need to do a level of abstraction so that we can conform with Canadian model and 800-63?

One problem with 800-63 has been lack of flexibility in the face of considerable CSP innovation in how services are provided, we shouldn't try to stand in the way.

Comment we will want to work on based on discussion with Kolin Whitley, the simplification of the levels from 4 to 3 may have made it more difficult to obtain the levels. Removes the lower cost category and increased the cost to comply. 

The different numbers of levels in different countries may result in interoperability issues between the jurisdictions.

AOB

For those at RSA there's a Kantara member's breakfast.

Attachments

 

 

Next Meeting

  • Date: Thursday, 2017-02-16
  • Time: 12:00 PT | 15:00 ET
  • Time: 12:00 PDT | 15:00 EDT
  • United States Toll +1 (805) 309-2350
  • Alternate Toll +1 (714) 551-9842
    Skype: +99051000000481
    • Conference ID: 613-2898
  • International Dial-In Numbers