Kantara Initiative Identity Assurance WG Teleconference

Date and Time

Date: Thursday, 2017-04-06
Time: 12:00 PST | 15:00 EST (time zone calculator)
Please join the meeting from your computer, tablet or smartphone. https://global.gotomeeting.com/join/380672837
- You can also dial in using your phone. United States: +1 (312) 757-3119 (more phone numbers)
- Access Code: 380-672-837

Agenda

Administration:
1. Roll Call
2. Agenda Confirmation
3. Minutes Approval: DRAFT IAWG Meeting Minutes 2017-03-30
4. Action Item Review: action item list
5. Organization Updates - Director's Corner
6. Staff reports and updates
7. LC reports and updates
8. Call for Tweet-worthy items to feed (@KantaraNews or #kantara)
Discussion
1. Overview of re-organized IAWG wiki space (Ruth).
2. Update on the initiative to create a structure mapping between the KI IAF and other frameworks towards the improvement of comparability (Andrew).
3. 800-63-3 comment period deadline extension (Ken).
AOB

Attendees

Link to IAWG Roster

As of 2017-03-16, quorum is 4 of 8 (see list box below for voting members)

Use the Info box below to record the meeting quorum status

Meeting did not achieve quorum

Voting

Ken Dagg (C)
Andrew Hughes
Denny Prvu (S)

Non-Voting

Ken Crowl

Staff

Ruth Puente

Apologies

None

Voting Members for Cut/Paste

Ken Dagg (C)
Andrew Hughes
Scott Shorter (VC)
Denny Prvu (S)
Paul Caskey
Adam Madlin
Richard Wilsher
Lee Aber

Selected Non-Voting members for Cut/Paste

Bill Braithwaite
Rich Furr
Devin Kusek
Björn Sjöholm
Susan Schreiner
Jeff Stollman

Notes & Minutes

Administration

Staff Updates

Participant updates

Ken Crowl commented about K(NO)W IDENTITY CONFERENCE 2017 that will be held on May 15th - 17th, in Washington, DC Ronald Reagan Building and International Trade Center.
K(no)W ID conference link: http://knowidentityconference.oneworldidentity.com/2017/

Discussion

Update on the initiative to create a structure mapping between the KI IAF and other frameworks towards the improvement of comparability (Andrew).

During the TIIME Meeting in Vienna, February 2017 it was discussed the need to work together and find common ground within the informal profiles based or inspired in KI IAF, such as Incommon, GEANT, eIDAS, etc. The interested parties will meet during Internet2 Global Summit (April 23-26, WDC US) and start creating a straw man for a structure mapping between the frameworks and the KI IAF, including a common catalogue of risks.
Andrew Hughes commented that during the TIIME un-conference session, the discussion was focused on the various research and education federations that have profiled or adopted the KI IAF, and we have agreed to further discuss how much commonality do we have between the different frameworks and what should we do collectively and individually. Andrew is preparing the material for the group.
He is making an analysis of the SAC and found that the service assessment criteria (SAC) are the second artifact that should exist for our CSP. The first artifact is the standard or the requirement that the CSP must meet and the criteria should be the test or the evidence required to show to the assessor that the CSP is meeting the requirement. The requirement is implied in the criteria but not stated. He is sampling some of the criteria groupings, what may look if we try to document the implied requirement. Can we come up with a collectively stated standard for what is required as a credential manager, registration agent, and verifier, Relying Party?. Each federation would have to write its own profile, so creating a meta framework would be easy. The sampling would available to share with IAWG before the meeting in Washington.

800-83-3

Ken Dagg commented that regarding comment #1067, he does not see that sub issues b)* and d)** have been addressed in the two references made in the "will be resolved via" section. He believes that both are significant issues that need to be addressed before rev. 3 is published.

*b) Existing credentials will need to be re-proofed because of both the changes of applicable assurance levels and the changes in the proofing requirements. This will have high economic and time investment.

**d) Because of a, b and c getting service implementations to be compliant with the revised standards will take time. As such, there needs to be consideration of the timeframe and roadmap for implementation.

It was suggested that Ruth comment back to Paul Grassi on #1067 and point out what Ken has said.

On Thursday, April 13 we will start the process of gathering comments on the Revised Draft of the parent document for Special Publication 800-63-3, whose comment period closes May 1, 2017.

Available at: https://pages.nist.gov/800-63-3/

Ruth will send the pdf version to the list.

Next Meeting

Date: Thursday, 2017-04-13
Time: 12:00 PT | 15:00 ET

Browser not supported