IAWG Meeting Minutes 2014-04-17

Owned by Former user (Deleted)

Last updated: May 15, 2014

3 min read

Kantara Initiative Identity Assurance WG Teleconference

IAWG Approved 2014-05-07

Date and Time

Date: Thursday, 2014 04 17
Time: 09:00 PDT | 12:00 EDT | 16:00 UTC (Time chart - US Daylight Saving Time )
United States Toll +1 (805) 309-2350
Alternate Toll +1 (714) 551-9842
Skype: +99051000000481
- Conference ID: 613-2898
International Dial-In Numbers

Agenda

Administration:
1. Roll Call
2. Agenda Confirmation
3. Minutes approval: IAWG Meeting Minutes 2014-04-03, IAWG Meeting Minutes 2014-04-10
4. Action Item Review
5. Staff reports and updates
6. LC reports and updates
7. Call for Tweet-worthy items to feed (@KantaraNews or #kantara)
Discussion
1. FICAM TFS Monthly call (occurs April 17 just prior to IAWG)
2. Kantara-FICAM mapping update
AOB
Adjourn

Attendees

Link to IAWG Roster

As of 2014 March 13, quorum is 5 of 9

Meeting achieved quorum

Voting

Rich Furr ( C)
Andrew Hughes (S)
Bill Braithwaite
Scott Shorter
Matt Thompson
Cathy Tilton
Ken Myers

Non-Voting

Ken Dagg
Jeff Stollman

Staff

Joni Brennan

Regrest

- Paul Calatayud (V-C)

Notes & Minutes

Administration

Minutes Approval

IAWG Meeting Minutes 2014-04-03

IAWG Meeting Minutes 2014-04-10

Motion to approve minutes of 2014-04-03 and 2014-04-10: Braithwaite
Seconded: Shorter
Discussion: None
Motion Carried

Action Item Review

See the Action Items Log wiki page

(action item log not updated since last call)

Staff Updates

Director's Corner Link
Event Radar 2013 and 2014 Link
Marissa (Project Manager) will be assisting IAWG to support leadership progress and ongoing projects.
Working closely with other FICAM TFP participants in engaging FICAM program.

LC Updates

No call this period

Participant updates

None offered

Discussion

FICAM TFS Monthly call

Many IAWG regulars were on the FICAM TFS call
'Comparability' versus 'compliance' was a hot topic
FICAM TFS says that TFP's TF rules must show Comparability to the FICAM Trust Criteria. Then the CSP must Conform to the TFP TF rules
Comparability versus conformance matters more in some areas than others
The Federal Agencies are asking for certified services that are not the FICAM approved services
- A challenge is that the reasons the Agencies are not accepting FICAM offerings are not fully understood or known
- Is there a view that FICAM Approved services do not deliver services that meet the Agency needs? (needs to be checked)
FICAM Trust Framework Solutions needs to work with Industry to inform Agencies on the programs and how they meet the requirements
Should look at how other governments (Canada, New Zealand) have addressed this, and help FICAM
- Kantara could work towards a Comparability Framework drawing on global experiences would be very helpful
- Need to define the process to determine comparability
- Could state the objective for comparability so that the Assessors would have guidance
- Comparability must start at the objective point - this must precede and support the Criteria
  - many schemes state criteria without obvious objectives statements
  - Look at Canada's work on objectives
  - Look at UK GPG 43 - sets up the objectives for service delivery
Canada did a guide on how RPs should approach risk assessment to determine what they need. Then the CSP offers the AL service and can express how it meets.
Comment: 4 AL seems to work best when Comparability is not in play - only when there are strict criteria do all parties know what they are getting. When there's uncertainty on what's included, it is hard to stay within an AL and variability ensues.
Shorter will send: Implementation Guidance for FIPS 140-2 which sets out the cases that have been examined.
- Link is here: http://csrc.nist.gov/groups/STM/cmvp/documents/fips140-2/FIPS1402IG.pdf

Reference links to Canada work:

Directive - http://www.tbs-sct.gc.ca/pol/doc-eng.aspx?id=16577&section=text
Standard - http://www.tbs-sct.gc.ca/pol/doc-eng.aspx?id=26776
Guideline of Defining Authentication Requirements - http://www.tbs-sct.gc.ca/pol/doc-eng.aspx?id=26262
Draft guideline on identy management http://kantarainitiative.org/pipermail/wg-egov/2013-October/001400.html

Update on FICAM SAC Mapping sub-group

Round 1 is done - Rich to circulate to IAWG - please comment back and input
- Color coded the requirements
- Note that most ATOS requirements are Red - around the 'Attribute' issue
Next: create a sub-group to take current SAC and build a 'global core' of requirements,
- then setup for Geographic Entity Profiles (e.g. FICAM, UK GPG, Canada, NZ)
AI: Rich to call for participation for sub-group - Joni to forward call to Anil for wider engagement. Listeners OK. Contributors must sign GPA.

AOB

Carry-forward Items

Attachments

Next Meeting

Date: Thursday, 2014 April 24
Time: 09:00 PDT | 12:00 EDT | 16:00 UTC (Time chart - US Daylight Saving Time )
United States Toll +1 (805) 309-2350
Alternate Toll +1 (714) 551-9842
Skype: +99051000000481
- Conference ID: 613-2898
International Dial-In Numbers