IAWG Meeting Minutes 2015-02-12
Kantara Initiative Identity Assurance WG Teleconference
Date and Time
- Date: Thursday, 2015-02-12
- Time: 12:00 PST | 15:00 EST | 20:00 UTC (Time chart - US Standard Time )
- Time: 12:00 PDT | 15:00 EDT | 19:00 UTC (Time chart - US Daylight Saving Time )
- United States Toll +1 (805) 309-2350
Alternate Toll +1 (714) 551-9842
Skype: +99051000000481- Conference ID: 613-2898
- International Dial-In Numbers
Agenda
- Administration:
- Roll Call
- Agenda Confirmation
- Minutes approval: DRAFT IAWG Meeting Minutes 2015-02-05
- Action Item Review
- Staff reports and updates
- Assurance Review Board (ARB) and Leadership Council (LC) reports and updates
- Call for Tweet-worthy items to feed (@KantaraNews or #kantara)
- Discussion
Preparations for the NIST SP 800-63 RFI
Incorporate Privacy items into the main body of SAC
Relying Party Obligations
Planning for interacting with the National and International bodies
- AOB
- Adjourn
Attendees
Link to IAWG Roster
As of 2015-01-22, quorum is 6 of 11
Meeting achieved quorum
Voting
- Ken Dagg (C)
- Andrew Hughes (VC)
- Scott Shorter (S)
- Rich Furr
- Lee Aber
- Richard Wilsher
- Devin Kusek
- Cathy Tilton
- Adam Madlin
Non-Voting
- Angela Rey
Staff
Regrets
- None
Notes & Minutes
Administration
Minutes Approval
DRAFT IAWG Meeting Minutes 2015-02-05
Motion to approve minutes of 2015-02-05: Richard Wilsher pending a correction to the AOB
Seconded: Lee Aber
Discussion:
Motion Carried | Carried with amendments | Defeated
Action Item Review
See the Action Items Log wiki page
Staff Updates
Leadership Council (LC) Updates
- ARB will be considering the amendments to the IAF that are cited in last week's minutes
- Relying party obligations work will be coordinated with the e-Gov group
Participant updates
- Rich Furr informed the group of the news that Anil John has resigned from GSA.
- It was noted that Anil has also blogged about his resignation the same day.
Discussion
800-63 RFI
Andrew Hughes has volunteered to be editor for the Kantara response. Expected questions based on listening to Paul Grassi: "are LOA still the right model", "how does 800-63 apply to private sector", "whether government or private industry has primary authorship of 800-63 going forward"
RGW asked if Paul Grassi had stated that list, Andrew confirmed that he did, perhaps at cloud identity summit talk.
Angela confirmed that 800-63 is cited frequently for government services, Andrew agreed that this is the prior scope of 800-63, but commercial applications could be covered in the new document. RGW suggested that a non-govt doc could be used to support identity assurance in commercial space.
Ken asked if anyone had heard of other questions, RGW suggested that the idea of international standardization could be raised.
Andrew suggests that the way to prepare is to get the document templates ready, and to re-read SP 800-32.
Incorporating Privacy
Ken asks if there is a volunteer or a statement of what might be involved.
RGW suggests the answer to the latter - expect there will be a PRIV-SAC in parallel to OP-SAC and CO-SAC, or else folded into the existing sections.
Ken states that his preference is for distinct privacy criteria. Privacy will be a topic of great interest, he things we need to address directly with requirements woven into the SAC.
Angela mentions that the NIST Privacy Advisory Committee is having testimony tomorrow afternoon.
RGW mentions that there are existing criteria that address PII, perhaps they can be tagged to indicate that they have a privacy focus instead of a general information security focus.
Ken asks for any volunteers for leading this. With no volunteers, he suggests that he may be able to fill this role considering his a strong privacy background. He will ask for volunteers from the list but will take the lead for now.
Relying Party Obligations
The e-gov group has taken this on for their 2015 goals, it is their single work item. There is interest in Canada and EU in the question of RP obligations. Obligations on RP by CSPs and IDPs. Ken participated on the e-gov call, will be willing to coordinate with this. Angela asked for clarification on the work item, Ken responded that it is about the responsibilities and obligations on the relying parties.
RGW states that the IAF is about assessing and approving service providers, and RPs are not service providers. Difficulty in performing assessments of RPs. Can see guidelines for standard code of conduct, but don't see there could be a way to make it enforceable or assessable. Ken agrees with that point - might have to be a guideline for best practices for RP.
Andrew asks if this will be a counterpart to the federation operators guide? Ken says that could be but would need a refresher.
Ken asks if there's interested in setting this up as a counterpart to the federation operators guide? Andrew said good idea but not volunteering.
Ken will check in with next group and determine what the nature of their deliverable will be.
Interacting with National or International Bodies
Andrew reminded that the idea is that IAWG should have a plan for the types of interactions we would like to have with other bodies. List bodies that are significant and why, do we need to liaise formally with other bodies, do we attend other groups or invite others to join our calls? We should identify what the goals are then implement them. The thought was to enumerate our connections to the other organizations so that we can keep track. Andrew offers to lead the discussion next week if that makes sense. Ken suggests that Andrew put a call out to the list for international groups that people may be participating in.
Ken asked for other thoughts on the topic, no response.
AOB
Identity Relationship Management WG is putting out the Laws of Identity Relationship Management as a Kantara work product, Ken will distribute to the list.
RGW moves to adjourn, Andrew seconds.
Carry-forward Items
Next week to discuss whether to switch to a weekly rotation through the projects specific calls
Attachments
Next Meeting
- Date: Thursday, yyyy mmm dd+7
- Time: 12:00 PT | 15:00 ET | 20:00 UTC (Time chart - US Standard Time)
- Time: 12:00 PDT | 15:00 EDT | 19:00 UTC (Time chart - US Daylight Saving Time )
- United States Toll +1 (805) 309-2350
- Alternate Toll +1 (714) 551-9842
Skype: +99051000000481- Conference ID: 613-2898
- International Dial-In Numbers