IAWG Meeting Notes 2012-06-14

Owned by Former user (Deleted)
Last updated: Jun 21, 2012
5 min read

Status:

NOTE: On the 6/14/12 call, the IAWG believed there was quorum but upon review of the attendance quorum was not achieved - thus these are Meeting Notes and not Meeting Minutes. The motions taken during this meeting were re-heard and re-approved on 6/21/12.

 

Attendees:

Voter Name

14 June 2012 Attendance

Bill Braithwaite

x

Myisha   Frazier-McElveen

x

Rich Furr

 

Linda Goettler

 

Sarbari Gupta

x

Colin Soutar

x

Richard Wilsher

 

Non-voting:

Ken Dagg

Andrew Hughes

Mark Lundin

Apologies: Patrick Curry, Richard Wilsher

Staff: Joni Brennan, Pat Roder

1. ADMINISTRATIVE:

a) Roll Call – Quorum was achieved since there were 4 voting members out of 7 on the call.

b) Motion for Minutes: Bill moved to approve the Meeting Minutes from 5/31/12 and Colin seconded the motion.

c) Agenda confirmation: Agenda confirmed.

Before the agenda items were discussed, Colin asked for clarification on the IAWG document review period. Joni provided information after the call which stated that the 45 day review period for the 4 Kantara IAF documents (1100, 1300, 1400, and 1800) ends on July 14, 2012 and that the online comment submission form should be used for all comments.

2. KAR

On the 6/7/12 call, there was an Action Item taken for the assessors with AICPA certification to produce evidence to confirm that they are able to provide non-AICPA compliant reports. Based on the evidence produced (if any), assessors can determine the best path forward.

  • Nathan and Myisha met with Mark Lundin of KPMG to review the approach using the template assertion letter.
  • Mark believed that based on his preliminary review, the approach can be adopted. He had no concerns with the format of the letter in which management asserts that requirements were met and then an auditor issues an opinion that the manager’s assertion was correct. He stated that he would need to conduct a detailed review of all related language and provide any necessary clarifications.
  • Colin suggested that a clear process is needed for producing the final version of the document, including an editor who solicits comments from the group and then makes the final disposition of the comments.
  • There was a discussion of whether to use the template letter or the KAR Version 3.0 as the base document for editing.
  • Bill made a motion to adopt Kantara IAF-3310 KAR v0-3 as the base document for the editing perspective with a formal call for comments and an editor assigned.  Sarbari seconded the motion and no one opposed it. (ACTION ITEM)
  • Mark volunteered to be the editor.

3. IAWG ROADMAP

The group then discussed the Q3 and Q4 components displayed on the IAWG Roadmap for 2012 of the revisions to the IAF-SAC document.

Q3:

  • The Q3 effort involves drafting the pseudonymous approach of decoupling credentials from identities.
  • On the 6/7/12 call, it was agreed that a position statement, use cases, and gap analysis be developed for this approach.
  • IAWG members were asked to express their interest in participating in this effort. Ken, Colin and Andrew indicated their willingness to contribute to this task. (ACTION ITEM)
  • This effort may be conducted as a sub-team which provides updates to the IAWG on their weekly calls.

Q4:

  • The Q4 effort involves profile development which is nation/sector specific.
  • This effort may be premature for the Government of Canada. It is still being determined whether a profile specific to health care is necessary.
  • The Q4 effort also involves the initial draft development of Relying Party Guidelines.
  • The questions of whether Q4 is the appropriate timeframe for this work and whether the IAWG is the appropriate body to conduct this work were put to the group.
  • The group agreed that the guidelines are needed since there are currently none available but that there are many facets of this work which will fall into many working groups and that it would not belong solely to the IAWG.
  • It was decided to leave this component as a Q4 item at this time.

4. OUTREACH

  • On the 6/7/12 call, Ken Dagg suggested oversight bodies that deal with financial institutions, such as bankers’ associations, be added to the list of end-user communities who may leverage Kantara’s Identity Assurance Program.
  • Joni questioned what kind of financial institutions should be included and Ken stated that he meant banks as well as the insurance industry and investment firms.
  •  Any institution that deals with online access presents an opportunity for a business case to be made for using external certifying providers.
  • When outreach is made from peer to peer, material (use case or business case) should be in hand to present.
  • This material could be specific to the institution type (financial, insurance, etc.) and could be geared toward recruitment to Kantara or towards the adoption of Kantara’s programs.
  • It was agreed that an item should be added to the IAWG’s workstream to develop a paper that describes what Kantara has to offer and how it can provide an organization with a high value service. (ACTION ITEM)

5. EVENTS

Due to time constraints, the discussion of this item was deferred until the next conference call on June 21, 2012. (ACTION ITEM)

6. AOB

Due to time constraints, the discussion of this item was deferred until the next conference call on June 21, 2012. (ACTION ITEM)

7. ACTION ITEMS

Due to time constraints, the discussion of this item was deferred until the next conference call on June 21, 2012. (ACTION ITEM)

6/14/12 Action Items

Action Item

Assigned To

Status

Description

Comments

20120614-01

IAWG

Open

Provide comments on Kantara IAF-3310 KAR v0-3 to Mark Lundin

 

20120614-02

Ken, Colin, Andrew

Open

Begin   working as a sub-group to develop a position statement, use cases, and gap   analysis for the pseudonymous approach

 

20120614-03

IAWG

Open

Add an item to the   IAWG’s workstream to develop an Outreach paper that describes what Kantara   has to offer and how it can provide an organization with a high value   service.

 

20120614-04

IAWG

Open

Discuss   IAWG Events on the 6/21/12 call.

 

20120614-05

IAWG

Open

Discuss   AOB on the 6/21/12 call.

 

20120614-06

IAWG

Open

Review   Action Items on the 6/21/12 call.

 

 

6/7/12 Action Items

Action Item

Assigned To

Status

Description

Comments

20120607-01

Myisha, Nathan, Scott, and Joe

Closed

Based   on evidence produced (if any), assessors to determine best path forward (see   June 7, 2012 notes)

This item was closed   on 6/14/12.

20120607-02

Joni

Open

Move   the alignment to NIST 800-63-1 to Q3 on the Roadmap.

 

20120607-03

Joni

Closed

Create   a position statement which outlines how the pseudonymous approach benefits   Kantara.

Sub-team formed on   6/14/12. See item 20120614-02.

20120607-04

IAWG – Champion Needed

Closed

Perform   a gap analysis for the pseudonymous approach which spells out the work that   needs to be done.

Sub-team formed on   6/14/12. See item 20120614-02.

20120606-05

IAWG – Champion Needed

Closed

Develop   use cases for the pseudonymous approach.

Sub-team formed on   6/14/12. See item 20120614-02.

20120607-06

IAWG

Closed

Review   Roadmap’s Q4 deliverables on next call.

This item was closed   on 6/14/12.

20120607-07

Chair

Ongoing

Review   Roadmap progress at the beginning and end of each quarter.

 

20120607-08

IAWG

Ongoing

Compile   a list of end-user communities who may leverage Kantara’s Identity Assurance   Program.

 

20120607-09

Chair

Closed

Move   discussion of AOB items to June 14 agenda

This item was closed   on 6/14/12. See item 20120614-05.

Adjourn

The meeting ended at 8:00 am PDT.