IAWG Meeting Minutes 2013-06-06

Owned by Former user (Deleted)
Last updated: Jun 27, 2013Version comment
3 min read

Kantara Initiative Identity Assurance WG Teleconference

Approved by IAWG 27 June 2013

 

Date and Time

Agenda

  1. Administration:
    1. Roll Call
    2. Agenda Confirmation
    3. Upcoming events page: http://kantarainitiative.org/confluence/x/pYDWAw
    4. Secretary role announcement
  2. Discussion
    1. Feedback to the Government of Canada on "Guidelines on Identity Assurance"
    2. RP Guidelines call for participation
    3. Alignment with SP 800-63
  3. AOB
  4. Adjourn

 Attendees

  • Matthew Thompson
  • Myisha Frazier-McElveen
  • Cathy Tilton
  • Richard Wilsher
  • Scott Shorter
  • Bill Braithwaite
  • Andrew Hughes

As of 22 May 2013, quorum is 4 of 7

Non-Voting

  • Rich Furr
  • Ken Dagg
  • Jeff Stollman

Staff

  • Joni Brennan

Notes & Minutes

Administration 
  • Secretary role: Andrew Hughes has volunteered for the role.
  • Upcoming events page: members can edit directly, or send to staff
    • Community calendar is for all events
    • the Upcoming events page is for where Kantara intends to do something

Discussion

Feedback to the Government of Canada on "Guidelines on Identity Assurance"
  • Call for verbal comments or discussion prior to written response
  • Due to day-job time commitments, little progress
  • Ken offered to extend the deadline for comments to June 13 2013
  • Question: how does the Canadian document relate to similar docs from US or UK? Answer: the material was reviewed during document development. NZ & UK gov has provided comments so far.
RP Guidelines
  • Myisha notified that a draft call for participation has been sent out to the list 
  • Please send feedback

Ad Hoc Team Updates

Alignment with SP 800-63
  • Richard Wilsher provided a join.me 
  • Work to date has been distributed to IAWG list
  • Has restructured 800-63-2 to make analysis easier
  • Kantara talks about Subscriber and Subjects - NIST does not differentiate: they only use Subscriber - check the glossary section
  • 5.3 6.3 7.3 8.3 9.3 have been mapped - has skipped overviews and tutorial sections
  • Has added sub-numbering to enable more specific discussion
  • 5.3 section: the way 800-63-2 treats different LOAs is a bit mixed. RGW has re-sorted them into sections by LOA
  • Has broken down distinct requirements even if they originally appeared in single statements
    • then mapped each to the existing KI IAF item
    • there is a Many:Many relationship
  • In the KI SAC - has inserted indexes back into the modified 800-63
    • Note that there are SAC criteria that do not have an equivalent 
  • Comment: for those extra items, they originally came from Good Practice - Kantara's aim is to determine if the organization is sound. NIST assumes that Government Agencies are sound and following GSA guidance
  • Comment: Some of the items that are not specifically 800-63 criteria might actually be Privacy criteria
    • To create a Privacy profile, just go through the SAC and annotate them
  • There are some puzzling items
    • e.g. 5.3.1.2.5 question about item c) - it reads as if the bullets apply to all LOAs - it is difficult to disentangle the statements - is this a change request to NIST? RGW needs feedback.
  • Red Text to indicate where there might be the opportunity to define a US Profile:
    • 800-63-2 becomes very specific - there may be other options that could meet the criteria. 
    • There might be options that work outside of the US. 
    • These might be criteria that could be less specific in the SAC and use the US profile to include the more prescriptive material
    • There are items that do not currently exist in the SAC - question is do they need to be added?
  • Requested comments by 20 June 2013
    • RGW will send out a formal request for comment with a formal comments form
  • Intent with this work is
    • Result will be a Kantara owned publication
    • The mapping document will remain publicly viewable
    • Will be provided to NIST as suggestions for updates
  • The Comments back to RGW should eventually be posted to the wiki to enable future understanding of rationale
  • Comment: once the work is done, should schedule a IAWG F2F in DC area to discuss the approach and documents to update NIST and seek feedback
AOB
  • No items

Action Items

Item #DescriptionAssigned toEst. Completion
2013-06-06-001Review and provide feedback on Govt. Canada guideline. IAWG will collect and send a consolidated version.All13 June 2013
2013-06-06-002Review RGW 800-63-2 vs KI IAF mapping documents and provide feedbackAll20 June 2013
2013-06-06-003Review and provide feed back to Myisha on Relying Party Guidelines call for participationAll13 June 2013
2013-06-06-004Send in event information to Staff for updating the community calendar and Upcoming EventsAllInfo only
2013-06-06-005IAWG-NIST F2F in DC area to discuss approach and feedback on 800-63 v IAF analysis approachStaff / IAWG LeadsTBD
    

 

Attachments

Guideline on Identity Assurance-Consultation Draft Apr 25 2013.pdf

Standard_on_Identity_and_Credential_Assurance.pdf

EZP-63-2 v0-1.docx

Kantara IAF-1400 SAC-63-2 v0-1.docx

Next Meeting