IAWG Meeting Minutes 2015-02-05

Owned by Former user (Deleted)
Last updated: Feb 12, 2015
4 min read

Kantara Initiative Identity Assurance WG Teleconference

Date and Time

Agenda

  1. Administration:
    1. Roll Call
    2. Agenda Confirmation
    3. Minutes approval: 
    4. Call for Tweet-worthy items to feed (@KantaraNews or #kantara)
  2. Discussion
    1. Review and discuss the results of the task priority survey (to be provided to the list shortly before the call.
    2. ARB to consider taking over the IAF 1600 Assessor Qualifications and Requirements
    3. Recap of IDESG plenary
  3. AOB
    1.  

 Attendees

Link to IAWG Roster

As of 2015-01-22, quorum is 6 of 11

Use the Info box below to record the meeting quorum status

Meeting achieved quorum

Voting

  • Ken Dagg (C)
  • Andrew Hughes (VC)
  • Scott Shorter (S)
  • Cathy Tilton
  • Devin Kusek
  • Lee Aber
  • Rich Furr
  • Richard Wilsher

Non-Voting

  •  

Staff

  • Joni Brennan 

Regrets

  • Peter Alterman

Voting Members for Cut/Paste

  • Ken Dagg (C)
  • Devin Kusek
  • Andrew Hughes (VC)
  • Scott Shorter (S)
  • Rich Furr
  • Paul Calatayud (VC)
  • Devin Kusek
  • Adam Madlin
  • Kenneth Myers
  • Cathy Tilton
  • Richard Wilsher
  • Lee Aber

Selected Non-Voting members for Cut/Paste

  • Bill Braithwaite
  • Björn Sjöholm
  • Susan Schreiner
  • Jeff Stollman

 

Notes & Minutes

Administration 

Minutes Approval

Motion to approve minutes: Cathy Tilton moves to approve the 11-06, 11-20, 12-11, 01-08, 01-15, 01-22 minutes
Seconded: Lee Aber 
Discussion: Motion Carried

Discussion

Recap of IDESG

Andrew Hughes reported from the plenary, last week was the 12th plenary in Atlanta at the GTRU facility. Developing requirements that will feed to a self-attestation approval program for joining the NSTIC ecosystem. OASIS worked to prepare a number of drafts that were positively accepted. Mentioned Marc-Anthony Signorino as new executive director of IDESG.   InfoTrust has an electronic credential based service based on DMV data for access to state e-gov services.  Cathy noted that there isi work to be done on the developing the components in the functional model.  Overall positive plenary.  Also, IDESG is looking for donors.

Joni has a question - could we think of this report in the Kantara Initiative context?  How do we frame that in terms of this group and what we do next?  Andrew - biggest intersection point is at the point of recognizing entities that wish to be included in the NSTIC identity ecosystem. It's a fairly straightforward qualification process so far for organizations to support NSTIC principles.  Jack Seuss and Andrew are chair and vice chair of the trust framework committee, working to ensure a faster path for federation operators to come on board.  Andrew suggests that may be a point of interface between IDESG and Kantara, this work will be over the next 4 months or so.

Staff Report

Joni reports from International Identity Summit in Mexico, government to government communications on identity management and identity assurance.  US, UK, CA, NZ, Mexico, Denmark, Japan. Industry day allows connection between industry and government representatives, so that was well attended.  Presentation on the work of the IAWG and the trust framework program, interest from governments including Australia who has been studying the framework for some time. Presentations from a number of KI members, including SecureKey Experian and ForgeRock.

Ken asked if RP principles were discussed. Unofficial responses from CA, UK, Denmark and US were all supportive of the concept.  Joni will work to connect IAWG to other group going on.

Joni updated on the Health Identity WG, strong interest from the healthcare space, from organizations working around e-prescribing and Federal rules in that area. Strong interest in the program as a baseline from NIST. Discussions with GSA & SAFE-BioPharma, and ICAM program and Kantara IAF are well positioned to take advantage of the opportunity.  Will look for ways that ICAM and ONC can collaborate on attributes and other interoperability concerns. Will kick off in the next week or two, Pete Palmer and Peter Alterman. This will be taking place in the health working group call.  Announcement should be imminent.

Ken asks if other meetings were attended to report on?

Ken reports that the ARB did meet, we can discuss that item during any other bus

Task Priorities Review

Discussion of the attached spreadsheet.

Andrew Hughes volunteered to organize how IAWG approaches the NIST 800-63 RFI response. The question becomes how far is Kantara willing to go in suggesting changes.  We're expecting the RFI to be a set of questions around the use of levels of assurance (whether to keep or not), and whether NIST be should the organization authoring 800-63 going forward.

Ken Dagg noted that the active review cycle and privacy are also highly prioritized items.

RGW notes that the review cycle, the SAC was broken into sections, and some criteria appear multiple times, suggests removing that inefficiency.  Whether all criteria are really justified - why do we ask it and how does it improve with improved identity assurance and confidence.  For example criteria regarding suspension of inactive accounts may not actually add to identity assurance.  Ken asks if RGW is asking for a process for identifying anomalies and dealing with them.   RGW agreed.  

Ken suggests we revisit active review and update cycle and privacy considerations next week.

AOB

Discussion of IAF 1600 and IAF 1800 moving from the IAWG vs the ARB

Ken was asked by ARB whether the 1600 assessor qualifications document could be moved from IAWG to ARB responsibility for the document.  RGW adds that ARB also requested 1800 rules for assurance assessments.  Justification is that they are ARB operational documents rather than being trust framework provider related criteria.

Richard Wilsher moved that IAF-1600 and IAF-1800 be put under the authority of the ARB.  Scott Shorter seconded it.  Chair asked for objections, hearing none the motion carried. Ken noted that he will inform the ARB that they have authorship of those documents.

To be clear, the documents will remain within the Kantara IAF, but authorship will pass to the ARB.

Carry-forward Items

 

Attachments

 

 

Next Meeting