IAWG Meeting Notes 2012-03-21
Attendees:
Richard Wilsher
Nathan Faut
Rich Furr
Myisha Frazier-McElveen
Scott Shorter
Joe Stuntz
Helen Hill
Patrick Curry
Apologies:
Bill Braithwaite
Joni Brennan
Staff:
Anna Ticktin
NOTES:
1. ADMINISTRATIVE:
- Roll Call
- Motion for minutes approval for 22 Feb 2012: http://kantara.atlassian.net/wiki/display/idassurance/IAWG+Meeting+Minutes+2012-02-22
- To review last meeting's non-quorate notes from 7 March 2012: http://kantara.atlassian.net/wiki/display/idassurance/IAWG+Meeting+Notes+2012-03-07
2. SAC Restructuring - Richard Wilsher
(See document set sent with agenda dated 20 March 2012)
- Rich Furr questions the "why" of what we are doing when we're trying to certify a service. How do we ensure moving forward that all SACs are met? How do we ensure upstream compliance? Who's responsible for that assurance?
- RGW, currently you can't have a stand alone ID proofing solution and seek Kantara certification. With this proposed approach we can be more malleable to the marketplace.
- It would be the responsibility of the Secretariat to ensure all mapping checks back 100% to the components of the OP-SAC. We could enhance or request that the language in their paperwork address previous certifications. It's a huge resource demand to reassess all these individual components at each level.
- Patrick suggests a modular approach or an over-arching approach as RGW is proposing which is agreed to be more complex.
- Rich: when a full-service provider comes in, who is responsible for ensuring that the entire program's entirety of criteria are met?
- Dual components can be "locked" and create a third service. Or you have a situation whereby a fuller service seeks certification but links a few additional previously certified components. In that case the assessor's review of those components would be accepted / mapped in the fuller certification review.
- Rich maintains that the components of their CP must be reviewed individually each year.
Myisha summarizes that CSPs applying for certification must ensure that all criteria are met by all sub components. - Rich is concerned that integration does not break any other criteria when (scenario) company A combines with company B+C components.
- Action Item 20120321-01 RGW will add text in the rules document to describe what the assessors must do to ensure that components are adequately integrated.
- Action Item 20120321-02 Rich Furr will review RGW's responses to SAC comments.
- These actions will be re-addressed on next week's call.
3. IAF Document Set Edits---Con'tdhttp://kantara.atlassian.net/wiki/display/idassurance/IAF+Document+Set+Edits
4. AOB