IAWG Meeting Minutes 2015-03-26

Owned by Former user (Deleted)
Last updated: Jun 02, 2015

Kantara Initiative Identity Assurance WG Teleconference

 

Date and Time

Agenda

  1. Administration:
    1. Roll Call
    2. Agenda Confirmation
    3. Minutes approval: IAWG Meeting Minutes 2015-02-19DRAFT IAWG Meeting Minutes 2015-02-26DRAFT IAWG Meeting Minutes 2015-03-12
    4. Action Item Review
      1. Richard Wilsher to provide proposed change that reflects the ISO/IEC 19790 approach
    5. Staff reports and updates
    6. Assurance Review Board (ARB) and Leadership Council (LC) reports and updates
    7. Call for Tweet-worthy items to feed (@KantaraNews or #kantara)
  2. Discussion
    1.  NIST SP 800-63 commentary round-up
  3. AOB
    1.  
  4. Adjourn

 Attendees

Link to IAWG Roster

As of 2015-01-22, quorum is 6 of 11

Use the Info box below to record the meeting quorum status

Meeting achieved quorum

 

Voting

  • Ken Dagg (C)
  • Andrew Hughes (VC)
  • Scott Shorter (S)
  • Rich Furr
  • Lee Aber
  • Devin Kusek
  •  Cathy Tilton
  • Adam Madlin
  • Richard Wilsher

Non-Voting

  • Bob Pinheiro
  • Björn Sjöholm

Staff

  • Joni Brennan 

Regrets

  • None

 

 

Notes & Minutes

Administration 

Minutes Approval

 IAWG Meeting Minutes 2015-02-19DRAFT IAWG Meeting Minutes 2015-02-26DRAFT IAWG Meeting Minutes 2015-03-12

Motion to approve minutes of 2015-02-19: Andrew Hughes
Seconded: Rich Furr
Discussion: 
Motion carried

Motion to approve minutes of 2015-02-26
Seconded: 
Discussion: Scott Shorter to update the minutes to reflect that the actual notes were lost by user error.
Motion: Defeated

Motion to approve minutes of 2015-03-12: Andrew Hughes 
Seconded: Adam Madlin
Discussion: 
Motion Carried

Action Item Review

  1. Richard Wilsher to provide proposed change that reflects the ISO/IEC 19790 approach

 

Staff Updates

Leadership Council (LC) Updates
  • Ken reports that the Trust Framework Metamodel and Business Case for Trust Frameworks groups are being shut down before long.
  • Kantara is receiving attention for approval of UMA and the Principles of Identity Relationships - being promoted at upcoming events
  • SecureKey has joined the Kantara board of trustees
ARB updates

No specific updates.

Discussion

Returning to the topic of NIST 800-63, Electronic Authentication Guidance.  NIST is contemplating how to proceed with revision to that document. As IAWG we are trying to prepare to gather thoughts and be coherent when the call comes.  

Andrew has an outstanding task to contact Paul Grassi from NIST regarding thoughts from tthe IAWG on how to gather comments from industry. Group consensus seems to be that an RFI is the way to proceed, a reasonable mechanism for NIST to use to gather information. Possibly with follow up workshops as well.

Andrew hoped that we could tackle a high level discussion of the areas that need work in 800-63

General areas of potential comment: governance, technical, fit/flexibility, document structure

Cathy Tilton provides Example - Daon's comments on biometrics as an additional authentication factor instead of an unlock mechanism for authentication token.  Also said there's a need to handle mobile devices better.

Bob Pinhiero asks about liveness tests.  Cathy responds that this is part of why it would be an added authentication factor instead.  Bob brings up the yubico example of a crypto token that's stored and unlocked with biometrics (which is already permitted).  Cathy points out that LOA2 allows proof of possession of the device, and LOA3 adds additional factor.  Daon product has some liveness detection, but NIST states that it varies by biometric modality and they have no standard for determining the effectiveness of a liveness measure. They also do not have accuracy requirements for the basic biometrics either.

Ken Dagg states the concern that we don't know if NIST is looking for things that should be included or potential solutions to things that can be included.

Andrew captured a number of items on a mind map which the team reviewed via join.me

Next meeting in two weeks.

AOB

 

Carry-forward Items

 

Attachments

 

 

Next Meeting