IAWG Meeting Notes 2011-12-07

Attendees:

Rich Furr
Nathan Faut
Richard Wilsher
Ben Wilson
Linda Goetler
Colin Soutar
Myisha Frazier-McElveen
David Wasley

Staff:
Joni Brennan
Anna Ticktin

Notes:

 
 
1. Administrative:
Roll Call-non quorate
Motion for minutes approval: 21 Sept 2011,26 Oct 2011
Held until next quorate call.

2. Federal Privacy Profile

  • Action Item 20111207-01 Anna to circulate an electronic ballot for the IAWG to approve the final edits made throughout the document reflecting the group's agreement to change the title to IAF Additional Criteria: Federal Privacy

3. ARB update:

  • PR released Monday reporting on Deloitte's recent accreditation and Verizon as the first LOA3 (non-crypto) CSP
  • The ARB is working on a due diligence report on its experience operationalizing the IAF. It will be the IAWG's first order of business to get a full package update of the IAF to ICAM so that the document set can be both ICAM and Kantara approved asap.
  • The ARB has been investigating the SAA track. Should there be editorial changes to the IAF, this work could find its way into the work group by Q1.
  • Verizon was assessed against IAF version 0.9 and the Federal Privacy Profile
  • Point-in-time vs Period-of-time audit needs to be expanded upon in the SACs. The group discussed examples in the community that allow for day-zero, a 60day and an annual audit.
  • The SACs stipulate that the services must be up and running to facilitate a "period-of-time" audit. Deloitte might be able to give some feedback on their experience and concerns here.
  • The ARB, Staff and BoT are looking into the Assurance Program fee structure. It is certain that fees will change as the program come out of pilot by the end of Q1 2012.

Discussion : Need for Identity Proofing Criteria (Richard Wilsher)

  • A need is identified for a "library" of what can/can't be stored.
  • Question-How prescriptive do we want to get?
  • SACs are technology agnostic. The point of this conversation is to address the inclusion of certain identity proofing documents at different LOAs.
  • Rich will post equivalent I9 lists for the ARB to review and discuss.
  • Ben recommends that the board also review and consider international document lists as well. Rich is confident the Safe BioPharma touch on these as well.

     
4. Road Map

  • Resources Required (KAR and RP Guidelines)---no progress

5. Funding Report

  • Did not discuss

6. AOB

Adjourned