IAWG Meeting Minutes 2013-11-21

Owned by Former user (Deleted)
Last updated: Dec 06, 2013
4 min read

Kantara Initiative Identity Assurance WG Teleconference

 

Meeting Minutes - approved December 5 2013

 

Date and Time

Agenda

  1. Administration:
    1. Roll Call
    2. Agenda Confirmation
    3. Minutes approval: IAWG Meeting Minutes 2013-11-07
    4. Action Item Review
    5. Staff reports and updates
    6. LC reports and updates
    7. Call for Tweet-worthy items to feed (@KantaraNews or #kantara)
  2. Discussion
    1. Review, analysis and comments to be solicited from Kantara members regarding FICAM TFS draft updates. Kantara ARB is also composing comments.
      Material is here:  http://info.idmanagement.gov/2013/11/ficam-trust-framework-solutions-tfs.html
  3. AOB
    1. Report out of November 13, 2013 F2F meeting in DC.
    2. Review latest SAC updates resulting from Antecedent Process discussions
  4. Adjourn

 Attendees

Link to IAWG Roster

As of 1 July 2013, quorum is 5 of 9

 

Meeting achieved quorum

Voting

  • Myisha Frazier-McElveen (C)
  • Andrew Hughes (S)
  • Rich Furr (V-C)
  • Scott Shorter
  • Richard Wilsher

Non-Voting

  • Kenneth Myers
  • Colin Wallis

Staff

  •  Joni Brennan

Apologies

  • Ken Dagg

Notes & Minutes

Administration 

Minutes Approval

IAWG Meeting Minutes 2013-11-07

Motion to approve minutes of 2013-11-07: Rich Furr
Seconded: Scott Shorter
Discussion: Non
Motion Passed 

Action Item Review

See the Action Items Log wiki page

Staff Updates

  • Director's Corner Link - October 2013 has been posted
  • Event Radar 2013 and 2014 Link
  • Several conferences attended/participated over the last several weeks.
  • Kantara producing NSTIC Pilot Day January 30 2014 in Washington DC - hosted at Dept of Commerce - all pilots that Kantara has a role primarily, then all remaining pilots will be invited depending on space 
  • Avocco Identity has joined Kantara
LC Updates
  • Meeting held this week
  • Several refreshed charters were approved: IAWG, HIAWG, UMA, FIWG
Participant updates

Discussion

IAWG Page for aggregation of comments is here: FICAM TFS v2.0 (2013) Draft Documents Comments From IAWG

  • ARB will be submitting comments on the documents
  • IAWG has been asked to provide comments to ARB
  • Noted that the ATOS and RP Guidelines are new, and have impacts on all Approveds going forward
  • The NASPO ID Proofing standards are now referenced & may be including additional attributes required for an authentication
    • Line 165++ : this section needs a closer reading because the docs seem to indicate that validated attributes should be provided, but it is unclear if this is a critical factor in FICAM approval. 
  • It is anticipated that these documents will have impact on SAC in several places
  • Noted that Financial Institutions do not have to go through the TFS processes - question is: are the Financial institutions asserting ALs in the form of 800-63? There is confusion about how the Regulated Industries need to or actually do comply with 800-63-2 - in particular the non-ID Proofing criteria/requirements. This needs to be clarified for certainty.
  • R. Furr suggests that the current SAC revision includes changes resulting from the TFS drafts.
  • R. Wilsher disagrees, as the timeline for the TFS documents is not firm
  • Kantara should indicate timeline preferences to FICAM
  • The HealthCare.gov situation might have increased sensitivity to interoperability and certification issues, which might be increasing pressure to implement.
  • Two sub-team have been created: the Approved and Accredited organizations; they have been asked to return comments to ARB by December 2; joint feedback response to be consolidated by December 12; comments due to FICAM TFS on December 14. IAWG to follow the same schedule.
  • Myisha to forward the comment spreadsheet to IAWG.
  • The privacy guidance - looks like the RP has to indicate to the TFP(? ) the need for specific attributes - this might cause complications for the assessments - might end up in custom approvals
  • These requirements are specific to FICAM - caution urged to examine proposed SAC changes to ensure that IAF remains independent from FICAM requirements
  • Question: re privacy requirements - if these documents are written in the context of FCCX, then why should there be interactions directly between Federal RP and FICAM CSP?
  • Question for FICAM: should there be an FCCX-specific profile process? that is separate from use cases where the RP has a direct relationship with the CSP?
  • Due to time constraints, please forward comments directly to 
  • IAWG to meet in the week of December 2-6 to discuss comments submitted by IAWG. 
  • Regular IAWG meeting December 5. Extra working session for IAWG on December 6, 10:00am EST.

AOB

Review latest SAC updates resulting from Antecedent Process discussions
  • R. Wilsher suggests that the 800-63-2 related changes should be moved forward independent of anything that comes out of the new FICAM drafts
  • The material presented is an isolation of the SAC related to the Antecedent Process - so that they can be considered easily
  • SCO#10 - Secure remote communications - adjusted to de-reference the need for hardware crypto devices
  • SCO#16 - Verification of remote credential - clarified and moved into revocation criteria
  • IDV#10 - NEW - ID Proofing and Verification - CSP to describe verification measures and justify how they meet the requirement
  • CTR#025 - Authentication Protocols - broader references
  • CRM#60 - typo corrected 
  • Motion to include these changes into the current SAC version and put them out for 45 day public review: R. Wilsher. 
    • Seconded: R. Furr
    • Discussion: none
    • Motion carries

Attachments

 

 

Next Meeting