/
IAWG Meeting Minutes 2014-09-04

IAWG Meeting Minutes 2014-09-04

Sep 25, 2014

Kantara Initiative Identity Assurance WG Teleconference

1 Date and Time | 2 Agenda | 3  Attendees | 4 Minutes Approval | 5 Staff Updates  | 6 Discussion | 7 AOB | 8 Next Meeting

 

Approved by IAWG 2014-09-25

 

Date and Time

Agenda

  1. Administration:

    1. Roll Call

    2. Agenda Confirmation

    3. Minutes approval: IAWG Meeting Minutes 2014-07-24

    4. Action Item Review

    5. Staff reports and updates

    6. LC reports and updates

    7. Call for Tweet-worthy items to feed (@KantaraNews or #kantara)

  2. Discussion

    1.  Assessment of Service Components - costs, feedback, business models, tactics 

  3. AOB

    1.  

  4. Adjourn

 Attendees

Link to IAWG Roster

As of 2014 May 6, quorum is 7 of 11

 

Meeting achieved quorum

Voting

  • Rich Furr ( C)

  • Paul Calatayud (V-C)

  • Andrew Hughes (S)

  • Scott Shorter

  • Devin Kusek

  • Bill Braithwaite

  • Richard Wilsher

Non-Voting

  • Ken Dagg

  • Björn Sjöholm

Staff

  •  none present

Regrets

  • Cathy Tilton

Notes & Minutes

Administration 

Minutes Approval

IAWG Meeting Minutes 2014-07-24

Motion to approve minutes of 2014-09-04: Bill Braithwaite
Seconded: Rich Furr
Discussion: None
Motion Carried

Staff Updates 

Discussion

Rich Furr started a discussion on Component Services Assessment

  • A few years ago IAWG went through the exercise of splitting into component-based 

  • As of today, Kantara has only one approved component service - Experian

  • It would be interesting to learn the order of magnitude costs to be assessed

    • They would have to go through the common core SAC plus a number of other depending on their offered service

  • If the full CSP decides to use a component service provider, they negotiate prices down to offer end-user services at competitive prices

    • Is the cost of annual conformance assessment making it non-competitive to become approved?

  • Are there other models that would be more sustainable?

  • Comment: Remember that the SAC states that the CSP is accountable for all SACs no matter which entities deliver the services

    • So, to use an Approved Service Component the CSP must either use an Approved SC or include that SC in the overall assessment scope

  • This addresses the issue of cost model 

  • Outstanding questions: 

    • Why is there only one approved SC? 

    • Rich to reach out to contacts at possible SC as to why they are choosing to not go through the process at this time.

    • This could be a Kantara Marketing topic for discussion

    • Overall cost - it all depends on LOA and the state of readiness of the SC provider prior to being assessed

  • Surescripts - the idea of reuse of certifications across target customer bases is very interesting

  • IDESG - is looking at approaches to functioning as a conduit between different trust frameworks

    • The general idea is to work on the vocabulary and syntax to express a fine-grained componentization of the underlying requirements, so that where a requirement is satisfied by one certification program, it can be used/recognized by other certification programs

    • Take a look at http://trustmark.gtri.gatech.edu for descriptions of Georgia Tech's approach. They are currently an NSTIC Pilot and should have some results for sharing in late 2014.

  • Motion: To get volunteers to reach out to known service component providers to discover their views on the SC approach and approval process through participation: Furr; 

  • Seconded: Scott; 

  • Discussion none. 

  • Motion carried

    • Equifax - Rich

    • Experian - Richard Wilsher

    • LexisNexis - Rich

    • Axicom - Rich

    • SecureKey - Paul C

    • Symantec - Adam M

    • id.me - Matt T

    • Verizon - Rich F

    • 2keys - Andrew H

    • Daon - Cathy T

  • Rich to draft pro-forma

AOB

None

 

Next Meeting