IAWG Bi-Weekly Meeting Minutes - 2010-07-07

These minutes were approved on 4 August 2010.

1. Approve minutes

Frank moved to approve minutes of 6/23.
Approved without dissent.

2. Ballot review – Joni

Open ballot for the US Federal Privacy Profile and the FOG. As of 5:00 Tuesday, both carried. Both have been updated with appropriate headers and footers. Both docs can go for 45 day review and comment then go to the LC for review and approval or we can leave them at draft recommendation status.

Once the 45 days is over they go to the LC for ratification as final reports. If we believe there may be updates in the next few months we can hold at this point pending update prior to going to the LC.

Frank – my preference is to move them to final through the LC. We may have to make the ICAM doc changes based on the Government activity. Joni – I see no reason not to move forward. I would support moving forward. Frank – what is the next step? Joni – I help craft notices for each document and set up the comment forms for review. After the 45 day we gather comments and resolve. At close of the review we ask the LC to ratify as a final recommendation. If any updates they are mapped to the disposition of comments and move forward.

2. ISO Subgroup liaison –

Patrick – Serious confusion as a result of the SC27 briefing in Malaysia. Confusion as to what national participation is. Clouded because some national groups are not properly structured or aware of Malaysia results. I need to connect with Erika McAllister to identify the actual impact. I am too low on the structure to know what is up. Nigel Tedeschi is more aware. Would appreciate the reach out toe Judith Spencer. Frank -= on the subgroup itself, I know there has been traffic and that Colin, Richard and Shin form Japan reached out. Are you ok with participation? Patrick – yes but the next step is to determine exactly where we are with the transition through the process.

Frank – we can carve out time to give the group time to update and request what they might need from the larger IWAG. In addition we could do an off cycle telecon to handle other things.

Patrick will put a coordinating e-mail out after (UK panel has a meeting on 18 August so we won’t have a UK position until after that.) Patrick will send a status update prior to next telecon.

3. Bring ICAM and IAWG tracks together

Joni – Materials are not prepared for action yet but this is a large piece of work so need to get started. When we started the ICAM work we decided to split IAF editing into two tracks. One within IAWG at a more leisurely pace and one in the IAG to move faster with the ICAM
Have been working to merge documents to determine what is really required. Not sure how much updating is really needed yet. Joni will build a report of where the docs are, what is needed to get back to one track. Other thing to consider is the fact that there is a set of docs in the IAF stack that need to be maintained. Joni has been doing some editing but bandwidth does not allow her to continue alone. Need to think about how we will maintain editing moving forward. First option is that the group polls and elects specific editors. Can be set up a number of ways. I think 2 or 3 needed with input from the group. If there are people with bandwidth, group needs to make a bid for budget to fund specific activities to support the group. Can also ask for supplemental budget for dedicated editor to help.

Frank – I believe that a dedicated, funded editor is needed. Need to look at comments from last review that were parked until next cycle. We need to bring these in and determine impacts, etc.

Is the plan to reconcile the two versions of the IAF to take one to ICAM?
Joni – yes the plan is to get to one up to date version. Will probably add ICAM and other editorial bits.

David Wasley – seems we should have discussion with other groups working this to get some consensus to produce a joint editor request for next year.

4. review of mapping tool from Richard Wilsher

Colin – interesting call as to how to structure a document, Question is:
1. How do you map requirements to a compliance mapper that would be provided by RW. Not sure how that would be done in terms of moving forward. There was a statement to provide the service as a contracted effort for those interested.

Frank – a couple paths forward – does RW’s path lock us into something proprietary that would make it difficult in the future. Are we then locked in to a vendor.

Colin – important to know there are a couple things on the table. One to stratify the document at different assurance levels which would be easier. For document maintenance tool could be made available to the IAWG. Mapper is an independent service that would be offered.

Colin – I think it would be worth dedicating time on a future call to explore more fully.

Frank – Is this a hosted service. Colin – yes seems to be something they developed and are hosting but could be made available to Kantara.

David – I like the idea of having a more useable document but am concerned about trying to maintain a document in a non-standard document. Second, the whole notion of mapping to an outside framework seems to be outside the purview of this group. Is there anyone putting an entity together to do such mapping.

Frank – concerned about proprietary format but we could try ot get things into a usable format and something we could use could be separated and consumed in multiple ways.

Mickey – Concur and we in the FBCA use an extractor to get all shall/must statement to ensure we can look at what matters.
It will be hard to get ICAM to accept something in a proprietary tool. If we are maintaining it in a tool there is a lot of tracking that needs to be considered. Is this something we can work on in the tool and eventually move it into a standard format. I think making a normative version in a proprietary tool is liable to not lead to acceptance.

David – we can maintain the normative version in a standard tool and it can be exported to other tools. Perhaps a tool could be developed to read Word XML to build tables, etc.

Joni – I did not get the sense that the tool would be used for version control and management. I think that changes would be human controlled and moved into the tool for work.

Frank – we need to define requirements as we move ahead to determine if there is a viable way forward. We may also need to restructure the documents to make them more useful with a tool.

Joni - The tool can host multiple versions of the document for mapping and review.

Frank – I think we need this to be more a subscription service than a product we manage and operate. Maybe we have RW come back after we have defined some requirements and make a formal request for funding.

Adjourn