Kantara Initiative Identity Assurance WG Teleconference

Date and Time

Date: Thursday, 2015-05-14
Time: 12:00 PST | 15:00 EST | 20:00 UTC (Time chart - US Standard Time )
Time: 12:00 PDT | 15:00 EDT | 19:00 UTC (Time chart - US Daylight Saving Time )
United States Toll +1 (805) 309-2350
Alternate Toll +1 (714) 551-9842
Skype: +99051000000481
- Conference ID: 613-2898
International Dial-In Numbers

Agenda

Administration:
1. Roll Call
2. Minutes approval:
3. Staff reports and updates
4. Assurance Review Board (ARB) and Leadership Council (LC) reports and updates
5. Call for Tweet-worthy items to feed (@KantaraNews or #kantara)
Discussion
1. NIST SP 800-63 comments from IAWG

Attendees

Link to IAWG Roster

As of 2015-01-22, quorum is 6 of 11

Use the Info box below to record the meeting quorum status

Meeting achieved quorum

Voting

Lee Aber
Ken Dagg (C)
Scott Shorter
Colin Wallis

Non-Voting

Angela Rey

Steve Skordinski

Staff

Joni Brennan

Regrets

Andrew Hughes (VC)
Rich Furr

Voting Members for Cut/Paste

Ken Dagg (C)
Andrew Hughes (VC)
Scott Shorter (S)
Rich Furr
Paul Calatayud (VC)

Devin Kusek
Adam Madlin
Kenneth Myers
Cathy Tilton
Richard Wilsher
Lee Aber

Selected Non-Voting members for Cut/Paste

Bill Braithwaite
Björn Sjöholm
Susan Schreiner
Jeff Stollman

Notes & Minutes

Administration

Discussion

Ken: a scheme comes to mind for NIST's first question, based on discussions at identity north, separation of three functions, identification, authentication, and authorization. Scott agrees, will expand on comment about A&I to cover this.

CW Oasis trust elevation discussion - some transactions where people won't ask for authentication, by we leak so much data that low risk transactions are supported without clear authentication step.

UMA developing binding obligations and controls.

Contact Eve Mahler, ask for her comments?

Scott to ping Pete Palmer.

Ken will mention at leadership council.

Examples of authentication, identification and authorization system does it that way. Those three functions take place. Age authorization for old age security. Length of time in country during twelve month calendar. Employement status. Visa, work status.

Ken in terms of privacy, like the comment with respect to the triple blind being part of the privacy spectrum. Additional spect, PIA is focused on client and end user and protecting their privacy. Conducting a PIA gets the questions asked, and if a privacy commissioner exists in a jurisdiction they can say whether privacy is being respected.

When out to RFP for privacy solution the privacy commission, who can adjust the text of that.

Colin says should be a risk assessment is applied up front, it is not that clear what risk is being assessed and for what reason. Do an identity related risk assessment on the service, need approaches for doing the identity related risk assessment.

Ken, sent a link to Canadian govt assurance and guidance. Risk assessment to identity assurance. Scott to review.

CSPs are coming out and saying we have a level three system. The identity risk assessment rather than the system compromise risk assessment.

Scott to put the links in the minutes...

Joni to talk to UMA and CSPs.
Ken speak to LC.

Scott to distribute comments, ask for a COB Monday deadline. Get to Joni next Tuesday, joni will create cover letter and send to NIST.

Suggest to meet next week to discuss what was submitted, catch up on administrative stuff and decide on whether to meet biweekly again.

Carry-forward Items

Attachments

Next Meeting

Date: Thursday, 2015-05-21
Time: 12:00 PT | 15:00 ET | 20:00 UTC (Time chart - US Standard Time)
Time: 12:00 PDT | 15:00 EDT | 19:00 UTC (Time chart - US Daylight Saving Time )
United States Toll +1 (805) 309-2350
Alternate Toll +1 (714) 551-9842
Skype: +99051000000481
- Conference ID: 613-2898
International Dial-In Numbers