Kantara Initiative Identity Assurance WG Teleconference

Date and Time

• Date: Thursday, 10 January 2013
• Time: 07:00 PT | 10:00 ET | 15:00 UTC (time chart)
• United States Toll +1 (805) 309-2350
  Alternate Toll +1 (714) 551-9842
  Skype: +99051000000481
  
  • Conference ID: 613-2898
• International Dial-In Numbers

Agenda

1. Administration:
   
   1. Roll Call
   2. Agenda Confirmation
   3. Minutes approval: IAWG Meeting Minutes 2012-12-13
   4. Open nominations for Vice Chair
2. Discussion
   
   1. Issue Tracking update
   2. IAF Process and Errata
   3. Glossary work
3. AOB
4. Adjourn

Attendees

• Myisha Frazier-McElveen
• Scott Shorter
• Bill Braithwaite

As of 1 November 2012, quorum is 4 of 6.

Non-Voting

• Heather Flanagan (scribe)
• Andrew Hughes
• Ken Dagg
• Helen Hill
• Rich Furr

Apologies

Notes

1. Ticket system
   
   1. HF has figured out what needs to change in the mySQL and PHP to create the additional fields; waiting to hear back from the sys admin to move this forward
2. IAF Process and Errata
   
   1. Diagram sent out by Myisha before the meeting, but there are some items we need to come to resolution on and then we can include it all in one document
      
      1. Andrew: should there be a feedback to the commenter loop? Yes
      2. Ken: Errata Addressed could be broken down further in to what that means; eg it's an immediate fix or a work item to be resolved in a future version or its rejected.  Myisha: that's part of prioritize
      3. Bill: should be feedback to the commenter while the errata is being reviewed; Andrew: first step, notify interested parties of discussion date
      4. Myisha: how does this play with the Kantara process of anonymizing the comments? HF: give them the option of participating in the conversation, defaulting to anonymous when necessary
      5. Scott: can we include the actual IAF revision cycle? can we include some temporal information on how often we review the incoming comments and how often the substantive comments are addressed? Myisha: this is part of what we need to consider, listed at the bottom of the page
      6. Myisha: there is still a lot that needs to be included, but we haven't reached consensus on it yet
      7. Andrew: there should be regular updates (once a year? twice a year? every two years?); HF: think we discussed having an 18 month cycle, to be counted at publication time, with the option of publishing more often if something big comes up; Myisha: if we look at an 18 month cycle, when would errata be accepted/published? Scott: we're always collecting this for 9 months to a year, so does that mean any errata after that would wait until the next release? Are we talking about publishing an actual errata document? Andrew: yes, there will be an errata doc published, and then at the 18month mark we incorporate those changes in to the next version;
      8. HF: don't confuse the Call for Comment period with the errata process
      9. Myisha: we will work on the errata on a monthly basis, and on a 9 month mark we'll start looking at the substantive change and incorporate them in to the revised IAF; the errata document would be updated as we accept new docs; HF: and we would notify the new BoT subcommittees for Assessors and CSPs when we publish a new errata doc
      10. Ken: we need to make sure we include in our review of the errata how massive a change that errata would cause for the certified organizations
      11. Andrew: if it actually changes current assessments, its substantive; Ken: so an errata change wouldn't be that and so we don't need to worry about which errata were applied during the decision for certification
      12. Andrew: so what will errata actually be?  What else other than typos, what things could we correct quickly that wouldn't impact assessments? Scott: incorrect references, for example
      13. Andrew: overall timeline would be: notify comment, comment processed and given to IAWG, IAWG has 3 weeks to classify and determine change required, and then once classified the errata page will happen within 7 days and appropriate parties (ARB, IRB, etc) notified; the goal is to have up to 30 days from receipt to getting the text online; do we have to quorum for acceptance of errata? We can do this via e-ballot if calls are not a quorum
3. Glossary - hold to next week's call
   
   1. Ken is still waiting for comments; will resend what he has so far to bring it back to the top of people's email queue

AOB

• regarding the Decoupled Binding document that's receiving so much interest, what are the next steps on that? 
  
  • Myisha: it is on our roadmap, and the next steps were to accept input, update the doc, and incorporate in the next IAF
  • Scott: when is the next IAF? Myisha: will start some heavy work in Q3 to incorporate changes and updates needing to be made (800-63, decoupled binding)
  • Scott: is there is demand to shift to make the FICAM approval a profile and the base IAF has flexibility? Depends on champion/funding
    
    • Scott: to define work effort and scope to work on this and we'll have it on the agenda for next week; Ken to assist as available
    • Scott: NIST 800-130 might have some useful information to inform what goes in to the IAF

Next Meeting

• Date: Thursday, 17 January 2013
  
• Time: 07:00 PT | 10:00 ET | 15:00 UTC (time chart)
• United States Toll +1 (805) 309-2350
  Alternate Toll +1 (714) 551-9842
  Skype: +99051000000481
  
  • Conference ID: 613-2898
• International Dial-In Numbers