IAWG Meeting Minutes 2013-06-06
- Former user (Deleted)
Owned by Former user (Deleted)
Kantara Initiative Identity Assurance WG Teleconference
Approved by IAWG 27 June 2013
Date and Time
- Date: Thursday, 6 June 2013
- Time: 07:00 PT | 10:00 ET | 14:00 UTC (time chart)
- United States Toll +1 (805) 309-2350
Alternate Toll +1 (714) 551-9842
Skype: +99051000000481- Conference ID: 613-2898
- International Dial-In Numbers
Agenda
- Administration:
- Roll Call
- Agenda Confirmation
- Upcoming events page: http://kantarainitiative.org/confluence/x/pYDWAw
- Secretary role announcement
- Discussion
- Feedback to the Government of Canada on "Guidelines on Identity Assurance"
- RP Guidelines call for participation
- Alignment with SP 800-63
- AOB
- Adjourn
Attendees
- Matthew Thompson
- Myisha Frazier-McElveen
- Cathy Tilton
- Richard Wilsher
- Scott Shorter
- Bill Braithwaite
- Andrew Hughes
As of 22 May 2013, quorum is 4 of 7
Non-Voting
- Rich Furr
- Ken Dagg
- Jeff Stollman
Staff
- Joni Brennan
Notes & Minutes
Administration
- Secretary role: Andrew Hughes has volunteered for the role.
- Upcoming events page: members can edit directly, or send to staff
- Community calendar is for all events
- the Upcoming events page is for where Kantara intends to do something
Discussion
Feedback to the Government of Canada on "Guidelines on Identity Assurance"
- Call for verbal comments or discussion prior to written response
- Due to day-job time commitments, little progress
- Ken offered to extend the deadline for comments to June 13 2013
- Question: how does the Canadian document relate to similar docs from US or UK? Answer: the material was reviewed during document development. NZ & UK gov has provided comments so far.
RP Guidelines
- Myisha notified that a draft call for participation has been sent out to the list
- Please send feedback
Ad Hoc Team Updates
Alignment with SP 800-63
- Richard Wilsher provided a join.me
- Work to date has been distributed to IAWG list
- Has restructured 800-63-2 to make analysis easier
- Kantara talks about Subscriber and Subjects - NIST does not differentiate: they only use Subscriber - check the glossary section
- 5.3 6.3 7.3 8.3 9.3 have been mapped - has skipped overviews and tutorial sections
- Has added sub-numbering to enable more specific discussion
- 5.3 section: the way 800-63-2 treats different LOAs is a bit mixed. RGW has re-sorted them into sections by LOA
- Has broken down distinct requirements even if they originally appeared in single statements
- then mapped each to the existing KI IAF item
- there is a Many:Many relationship
- In the KI SAC - has inserted indexes back into the modified 800-63
- Note that there are SAC criteria that do not have an equivalent
- Comment: for those extra items, they originally came from Good Practice - Kantara's aim is to determine if the organization is sound. NIST assumes that Government Agencies are sound and following GSA guidance
- Comment: Some of the items that are not specifically 800-63 criteria might actually be Privacy criteria
- To create a Privacy profile, just go through the SAC and annotate them
- There are some puzzling items
- e.g. 5.3.1.2.5 question about item c) - it reads as if the bullets apply to all LOAs - it is difficult to disentangle the statements - is this a change request to NIST? RGW needs feedback.
- Red Text to indicate where there might be the opportunity to define a US Profile:
- 800-63-2 becomes very specific - there may be other options that could meet the criteria.
- There might be options that work outside of the US.
- These might be criteria that could be less specific in the SAC and use the US profile to include the more prescriptive material
- There are items that do not currently exist in the SAC - question is do they need to be added?
- Requested comments by 20 June 2013
- RGW will send out a formal request for comment with a formal comments form
- Intent with this work is
- Result will be a Kantara owned publication
- The mapping document will remain publicly viewable
- Will be provided to NIST as suggestions for updates
- The Comments back to RGW should eventually be posted to the wiki to enable future understanding of rationale
- Comment: once the work is done, should schedule a IAWG F2F in DC area to discuss the approach and documents to update NIST and seek feedback
AOB
- No items
Action Items
| Item # | Description | Assigned to | Est. Completion |
|---|---|---|---|
| 2013-06-06-001 | Review and provide feedback on Govt. Canada guideline. IAWG will collect and send a consolidated version. | All | 13 June 2013 |
| 2013-06-06-002 | Review RGW 800-63-2 vs KI IAF mapping documents and provide feedback | All | 20 June 2013 |
| 2013-06-06-003 | Review and provide feed back to Myisha on Relying Party Guidelines call for participation | All | 13 June 2013 |
| 2013-06-06-004 | Send in event information to Staff for updating the community calendar and Upcoming Events | All | Info only |
| 2013-06-06-005 | IAWG-NIST F2F in DC area to discuss approach and feedback on 800-63 v IAF analysis approach | Staff / IAWG Leads | TBD |
Attachments
Guideline on Identity Assurance-Consultation Draft Apr 25 2013.pdf
Standard_on_Identity_and_Credential_Assurance.pdf
Kantara IAF-1400 SAC-63-2 v0-1.docx
Next Meeting
- Date: Thursday, 13 June 2013
- Time: 07:00 PT | 10:00 ET | 15:00 UTC (time chart)
- United States Toll +1 (805) 309-2350
Alternate Toll +1 (714) 551-9842
Skype: +99051000000481- Conference ID: 613-2898
- International Dial-In Numbers