Kantara Initiative Identity Assurance WG Teleconference

Date and Time

• Date: Thursday, 31 January 2013
• Time: 07:00 PT | 10:00 ET | 15:00 UTC (time chart)
• United States Toll +1 (805) 309-2350
  Alternate Toll +1 (714) 551-9842
  Skype: +99051000000481
  
  • Conference ID: 613-2898
• International Dial-In Numbers

Agenda

1. Administration:
   
   1. Roll Call
   2. Agenda Confirmation
   3. Minutes approval: IAWG Meeting Minutes 2012-12-13, IAWG Meeting Minutes 2013-01-24
   4. Nominations and ballots
2. Discussion
   
   1. IAF Process and Errata - update
   2. IAF document discussio
3. AOB
4. Adjourn

Attendees

• Myisha Frazier-McElveen
• Scott Shorter

As of 14 January 2013, quorum is 4 of 7

Non-Voting

• Ken Dagg
• Andrew Hughes
• Jeff Stollman
• Linda Goettler
• Rich Furr

Staff

• Heather Flanagan (scribe)

Apologies

Notes & Minutes

• Minute approval postponed to next week
• Nominations and ballots
  • Vice Chair nomination = Rich Furr; Heather to send out e-ballot

IAF Process and Errata - see current diagrams

• Errata process
• Update process
• Question - would it be one ticket per comment, or one ticket per paper?  We will be glad to get the comments whatever we can, and staff will split out in to separate tickets as appropriate
• Reminder - URL for errata tickets = http://kantarainitiative.org/ticket ; URL for Call for Comment updates = http://contact.kantarainitiative.org/comment/
• The IAF update process doesn't 100% reflect what actually happens during an update process

IAF document discussion

• Rich has gotten through the AAS and part way through the revised SAC; on the AAS document the biggest difficulty is "are we opening at least the potential impression of a conflict of interest when we have a currently Kantara assessor assessing the applications of other potential Kantara assessors?"  or if there is an app from a new assessor that maybe it should go through the IAWG for review before it goes through the Secretariat, and then go through the ARB?  The concern is that certified assessors are assessing their competitors; if someone applied and failed, it could get unpleasant
  • Rich will send the appropriate pieces and send to the list (section 7.1)
• Also has concerns with the SAC and is highlighting those; they relate to the fact that the SAC do not track back to NIST 800-63 including the retention of information
  
  • there was a great deal of discussion on this one; HF to find the notes and send to Rich; this was an attempt to make this compatible with legislation from other jurisdictions
  • See meeting notes/minutes from IAWG Meeting Notes 2012-08-30 and IAWG Meeting Minutes 2012-09-06 

IAF restructuring

• discrepencies between Canadian assurance levels and 800-63; one in particular is a remote L4 identity proofing in the Canadian scheme
• could we restructure the SAC to make it easier to taylor the documents towards regional requirements with profiles?
• Verizon is working quite a bit overseas and have to take these different regional definitions of LoA
• the difference between requirements and specifications = the requirement is for different LoA to be defined, and the specification is the translation regarding what those definition means per jurisdiction; but are we digging a deeper hole by adding another layer? At what point does that become so weak that everything significant becomes a profile and the base is just organizational? 

AOB

• Next week is the IDESG plenary; our attendance will be compromised here and so will cancel next week's call; next call on 14 February
• Reminder to read through the Gov't of Canada doc that Ken Dagg sent to the list

Next Meeting

• Date: Thursday, 14 February 2013
• Time: 07:00 PT | 10:00 ET | 15:00 UTC (time chart)
• United States Toll +1 (805) 309-2350
  Alternate Toll +1 (714) 551-9842
  Skype: +99051000000481
  
  • Conference ID: 613-2898
• International Dial-In Numbers