IAWG Meeting Minutes 2015-02-12

Owned by Former user (Deleted)
Last updated: Feb 19, 2015
4 min read

Kantara Initiative Identity Assurance WG Teleconference

 

 

Date and Time

Agenda

  1. Administration:
    1. Roll Call
    2. Agenda Confirmation
    3. Minutes approval: DRAFT IAWG Meeting Minutes 2015-02-05
    4. Action Item Review
    5. Staff reports and updates
    6. Assurance Review Board (ARB) and Leadership Council (LC) reports and updates
    7. Call for Tweet-worthy items to feed (@KantaraNews or #kantara)
  2. Discussion

    1.  Preparations for the NIST SP 800-63 RFI

    2. Incorporate Privacy items into the main body of SAC

    3. Relying Party Obligations

    4. Planning for interacting with the National and International bodies

  3. AOB
    1.  
  4. Adjourn

 Attendees

Link to IAWG Roster

As of 2015-01-22, quorum is 6 of 11

 

Meeting achieved quorum

 

 

Voting

  • Ken Dagg (C)
  • Andrew Hughes (VC)
  • Scott Shorter (S)
  • Rich Furr
  • Lee Aber
  • Richard Wilsher
  • Devin Kusek
  • Cathy Tilton
  • Adam Madlin

Non-Voting

  • Angela Rey
  •  

Staff

  •  

Regrets

  • None

 

 

Notes & Minutes

Administration 

Minutes Approval

DRAFT IAWG Meeting Minutes 2015-02-05

Motion to approve minutes of 2015-02-05: Richard Wilsher  pending a correction to the AOB
Seconded: Lee Aber
Discussion: 
Motion Carried | Carried with amendments | Defeated

Action Item Review

See the Action Items Log wiki page

Staff Updates

Leadership Council (LC) Updates
  • ARB will be considering the amendments to the IAF that are cited in last week's minutes
  • Relying party obligations work will be coordinated with the e-Gov group
Participant updates

Discussion

800-63 RFI

Andrew Hughes has volunteered to be editor for the Kantara response.  Expected questions based on listening to Paul Grassi: "are LOA still the right model", "how does 800-63 apply to private sector", "whether government or private industry has primary authorship of 800-63 going forward"

RGW asked if Paul Grassi had stated that list, Andrew confirmed that he did, perhaps at cloud identity summit talk.

Angela confirmed that 800-63 is cited frequently for government services, Andrew agreed that this is the prior scope of 800-63, but commercial applications could be covered in the new document.  RGW suggested that a non-govt doc could be used to support identity assurance in commercial space.  

Ken asked if anyone had heard of other questions, RGW suggested that the idea of international standardization could be raised.

Andrew suggests that the way to prepare is to get the document templates ready, and to re-read SP 800-32.

Incorporating Privacy

Ken asks if there is a volunteer or a statement of what might be involved.

RGW suggests the answer to the latter - expect there will be a PRIV-SAC in parallel to OP-SAC and CO-SAC, or else folded into the existing sections.

Ken states that his preference is for distinct privacy criteria. Privacy will be a topic of great interest, he things we need to address directly with requirements woven into the SAC.

Angela mentions that the NIST Privacy Advisory Committee is having testimony tomorrow afternoon.

RGW mentions that there are existing criteria that address PII, perhaps they can be tagged to indicate that they have a privacy focus instead of a general information security focus.

Ken asks for any volunteers for leading this. With no volunteers, he suggests that he may be able to fill this role considering his a strong privacy background.  He will ask for volunteers from the list but will take the lead for now.

Relying Party Obligations

The e-gov group has taken this on for their 2015 goals, it is their single work item. There is interest in Canada and EU in the question of RP obligations.  Obligations on RP by CSPs and IDPs.  Ken participated on the e-gov call, will be willing to coordinate with this.  Angela asked for clarification on the work item, Ken responded that it is about the responsibilities and obligations on the relying parties.

RGW states that the IAF is about assessing and approving service providers, and RPs are not service providers.  Difficulty in performing assessments of RPs.  Can see guidelines for standard code of conduct, but don't see there could be a way to make it enforceable or assessable.  Ken agrees with that point - might have to be a guideline for best practices for RP.

Andrew asks if this will be a counterpart to the federation operators guide?  Ken says that could be but would need a refresher.  

Ken asks if there's interested in setting this up as a counterpart to the federation operators guide?  Andrew said good idea but not volunteering.

Ken will check in with next group and determine what the nature of their deliverable will be.

Interacting with National or International Bodies

Andrew reminded that the idea is that IAWG should have a plan for the types of interactions we would like to have with other bodies. List bodies that are significant and why, do we need to liaise formally with other bodies, do we attend other groups or invite others to join our calls?  We should identify what the goals are then implement them.  The thought was to enumerate our connections to the other organizations so that we can keep track.  Andrew offers to lead the discussion next week if that makes sense.  Ken suggests that Andrew put a call out to the list for international groups that people may be participating in.

Ken asked for other thoughts on the topic, no response.

AOB

Identity Relationship Management WG is putting out the Laws of Identity Relationship Management as a Kantara work product, Ken will distribute to the list.

 

RGW moves to adjourn, Andrew seconds.

Carry-forward Items

Next week to discuss whether to switch to a weekly rotation through the projects specific calls 

Attachments

 

 

Next Meeting