IAWG Meeting Minutes 2014-09-04

Owned by Former user (Deleted)
Last updated: Sep 25, 2014
2 min read

Kantara Initiative Identity Assurance WG Teleconference

 

Approved by IAWG 2014-09-25

 

Date and Time

Agenda

  1. Administration:
    1. Roll Call
    2. Agenda Confirmation
    3. Minutes approval: IAWG Meeting Minutes 2014-07-24
    4. Action Item Review
    5. Staff reports and updates
    6. LC reports and updates
    7. Call for Tweet-worthy items to feed (@KantaraNews or #kantara)
  2. Discussion
    1.  Assessment of Service Components - costs, feedback, business models, tactics 
  3. AOB
    1.  
  4. Adjourn

 Attendees

Link to IAWG Roster

As of 2014 May 6, quorum is 7 of 11

 

Meeting achieved quorum

Voting

  • Rich Furr ( C)
  • Paul Calatayud (V-C)
  • Andrew Hughes (S)
  • Scott Shorter
  • Devin Kusek
  • Bill Braithwaite
  • Richard Wilsher

Non-Voting

  • Ken Dagg
  • Björn Sjöholm

Staff

  •  none present

Regrets

  • Cathy Tilton

Notes & Minutes

Administration 

Minutes Approval

IAWG Meeting Minutes 2014-07-24

Motion to approve minutes of 2014-09-04: Bill Braithwaite
Seconded: Rich Furr
Discussion: None
Motion Carried

Staff Updates 

Discussion

Rich Furr started a discussion on Component Services Assessment

  • A few years ago IAWG went through the exercise of splitting into component-based 
  • As of today, Kantara has only one approved component service - Experian
  • It would be interesting to learn the order of magnitude costs to be assessed
    • They would have to go through the common core SAC plus a number of other depending on their offered service
  • If the full CSP decides to use a component service provider, they negotiate prices down to offer end-user services at competitive prices
    • Is the cost of annual conformance assessment making it non-competitive to become approved?
  • Are there other models that would be more sustainable?
  • Comment: Remember that the SAC states that the CSP is accountable for all SACs no matter which entities deliver the services
    • So, to use an Approved Service Component the CSP must either use an Approved SC or include that SC in the overall assessment scope
  • This addresses the issue of cost model 
  • Outstanding questions: 
    • Why is there only one approved SC? 
    • Rich to reach out to contacts at possible SC as to why they are choosing to not go through the process at this time.
    • This could be a Kantara Marketing topic for discussion
    • Overall cost - it all depends on LOA and the state of readiness of the SC provider prior to being assessed
  • Surescripts - the idea of reuse of certifications across target customer bases is very interesting
  • IDESG - is looking at approaches to functioning as a conduit between different trust frameworks
    • The general idea is to work on the vocabulary and syntax to express a fine-grained componentization of the underlying requirements, so that where a requirement is satisfied by one certification program, it can be used/recognized by other certification programs
    • Take a look at http://trustmark.gtri.gatech.edu for descriptions of Georgia Tech's approach. They are currently an NSTIC Pilot and should have some results for sharing in late 2014.
  • Motion: To get volunteers to reach out to known service component providers to discover their views on the SC approach and approval process through participation: Furr; 
  • Seconded: Scott; 
  • Discussion none. 
  • Motion carried
    • Equifax - Rich
    • Experian - Richard Wilsher
    • LexisNexis - Rich
    • Axicom - Rich
    • SecureKey - Paul C
    • Symantec - Adam M
    • id.me - Matt T
    • Verizon - Rich F
    • 2keys - Andrew H
    • Daon - Cathy T
  • Rich to draft pro-forma

AOB

None

 

Next Meeting