IAWG Meeting Minutes 2013-04-11

Kantara Initiative Identity Assurance WG Teleconference

DRAFT minutes pending IAWG approval

 

Date and Time

Agenda

    1. Administration:
      1. Roll Call
      2. Agenda Confirmation
      3. Minutes approval - IAWG Meeting Minutes 2013-04-04
    2. Discussion
      1. Agile IAF
      2. P3WG and IAWG
      3. Glossary update
      4. Haka Federation - status
    3. AOB
    4. Adjourn

 Attendees

  • Cathy Tilton
  • Scott Shorter
  • Myisha Frazier-McElveen
  • Bill Braithwaite
  • Richard Wilsher

As of 14 January 2013, quorum is 4 of 7

Non-Voting

  • Jeff Stollman
  • Ken Dagg
  • Rich Furr

Staff

  • Heather Flanagan
  • Andrew Hughes

Notes & Minutes

  • Motion to approve meeting minutes: Bill makes the motion, Scott seconds.  Minutes approved with no objection.

Discussion

Agile IAF
  • Hold conversation pending the document discussed on last call
  • The most valuable approach, to be discussed on a call tomorrow - there is no work being done yet on standardized function in a decoupled identity model.  The IAWG has had the discussion about role and relationships, but our discussion is about the organization of those roles; next step should be actual function those roles are responsible for
    • there are such models in existence: we have tScheme where there are discrete assessment profiles, and 800-63 supports that model as well
    • the language must be rationalized; the text is there, the trick is putting it all side by side and see how badly opinions differ
  • It will be helpful to get use cases from vendors on what they are trying to introduce in to the marketplace with their particular component services
P3WG and IAWG
  • The P3WG has not been able to keep to quorum, and the Chair is stepping down.  A request has been made to consider bringing the P3WG effort in to the IAWG as a subgroup, shutting the P3WG as a WG in Kantara.
  • It does take privacy expertise to move this forward, so if we can't attract Privacy professionals, we have a problem; we shouldn't accept it unless we have such volunteers that fit that bill
  • The group did suggest that Kantara adopt the FICAM privacy guidelines rather than create new guidance
    • In practice, that is what is happening now, but the FICAM guidance isn't entirely actionable
    • If the P3WG has become a lame duck, why do we want to pick that up?  moving it in to the IAWG does not create interest, and so the problem would still exist of having not enough people to work on it
    • This will become important in the future, so perhaps we can put it on the roadmap with a note that we will work on it when we have resources
  • If the US government requires more privacy guidance, is adopting the FICAM guidance sufficient?
  • Putting the group on hold is not administratively in the Kantara procedures; if we know this will come back, it would be more practical to park this within a group; when it resurrects, the IAWG can punt it back out or adopt the work directly
  • The P3WG was originally split off from the IAWG.
  • If our assessors are ok with assessing against principles, then using the FICAM guidance should be sufficient for the US profile; this can be difficult but assessors can make this clear in their report
    • Would like to see an assessment criteria at some point, but the approach described is workable
  • why was the P3WG having such a challenge translating principles in to criteria?  was it the generalization to the worldwide applicability?  that scope was narrowed down
  • could Joni or Myisha approach Anil to ask for his guidance?  this isn't coming down from FICAM as a requirement, because what we have done so far has been acceptable to FICAM; this is an internal effort to Kantara to make the job of the Assessor more clear by creating actual criteria around privacy
  • there needs to be closer alignment between the entity doing the Privacy Criteria and the IAWG
  • by making it a subgroup that no one pays attention to, how is that any different than just closing the group?  From a practical standpoint, no work gets done in either case.
    • Given that, the group has no objections to bring it in
Glossary update
  • Day job has interfered with getting the update finished
  • About 60-70% complete
  • The challenge has been that as the work continues, finds more terms that need to be defined or rationalized; it is not hard, just tedious
  • Would have farmed it out to others in the group, but it will probably be a better document with just one editor
Haka Federation - status
  • Leif Johansson had a meeting with SWAMID and Haka - those federations have agreed to have a Kantara auditor to come audit their policy mapping; this will happen behind the scenes and will let the players know how far off Haka is from current IAF policies; that won't provide any particular status, just gives the federations a way to quality assure their work
  • IAWG will need to know when Haka is ready to put forward the profile they've created (which will be after their audit)
AOB
  • Richard requests feedback from the IAWG to his email re: the 800-63 mapping by the end of this week
  • Note that Andrew and Heather are talking about potential ways to improve the tracking and editability of the IAF document set

Next Meeting