IAWG Meeting Minutes 2014-11-13
- Former user (Deleted)
Owned by Former user (Deleted)
Kantara Initiative Identity Assurance WG Teleconference
Meeting Minutes approved 2014-11-20
Date and Time
- Date: Thursday, 2014-11-13
- Time: 12:00 PST | 15:00 EST | 20:00 UTC (Time chart - US Standard Time )
- United States Toll +1 (805) 309-2350
Alternate Toll +1 (714) 551-9842
Skype: +99051000000481- Conference ID: 613-2898
- International Dial-In Numbers
Agenda
- Administration:
- Roll Call
- Agenda Confirmation
- Minutes approval: IAWG Meeting Minutes 2014-10-23
- Staff reports and updates
- Discussion
- Review of joint TFP submission to FICAM TFS regarding criteria assignments to service provider roles.
- AOB
- Adjourn
Attendees
Link to IAWG Roster
As of 2014-09-29, quorum is 8 of 14
Use the Info box below to record the meeting quorum status
Meeting achieved quorum
Voting
- Rich Furr ( C)
- Andrew Hughes (S)
- Ken Dagg
- Matt Thompson
- Cathy Tilton
- Devin Kusek
- Scott Shorter
- Richard Wilsher
Non-Voting
- Björn Sjöholm
- Peter Alterman
- Lee Aber (ID.me)
Staff
- Joni Brennan
Regrets
- None
Notes & Minutes
Administration
Minutes Approval
IAWG Meeting Minutes 2014-10-23
Motion to approve minutes of 2014-11-13: Shorter
Seconded: Kusek
Discussion: None
Motion Carried
Staff Updates
- Events
- IRM Conference - well attended
- CA World
- PII2014
- Board of Trustees has done a review of policies and procedures - plan to work with LC to update/refine
- OpenUMA is now live - hosted at ForgeRock
- Presidential Executive Order in October directed at Federal agencies requirement to plan for and implement MFA
Participant Updates
- ID.me announcement: ID.me has chosen a new VP of Security and Risk Management: Lee Aber
- Strong background, great contacts
Discussion
- FICAM TFPAP v2.1 split the CSP into several roles
- This work is a response to FICAM TFS on the TFP proposal on how to map TFPAP requirements to those new roles
- This should help to ensure alignment and cross-recognition between TFP applicants and approved service providers
- i.e. If two different approved service components are approved by different FICAM TFPs, they should be allowed to apply for FICAM approval directly
- The assessor would only have to examine the 'glue' requirements that are not part of one or the other role
- Review the "FICAM Requirements Spreadsheet for IAWG Processing 111214.xls"
- This work serves the immediate needs for FICAM TFS and the TFPs - there are longer term objectives still to be addressed
- Comment: the requirements on the T M tab appear to be related to components other than the T M
- Question: are there requirements that applied to both IM and T M
- A: The terms in the text were updated to the new meanings before mapping
- Comment: This analysis is being done in the context of Kantara and SAFEBioPharma only. FICAM TFS would need to incorporate this into future versions of TFPAP to have best effect.
- Comment: The next step is for the TFPs to map their own criteria to this component mapping
- One approach: from the bottom up, the 'Receiving' assessor should act as the glue & use the already-assessed criteria as input into the final assessment of the combined entity (and so would not double-assess any entity)
- i.e. from the full list of criteria, the assessor should exclude those criteria that are already in scope for the Service Component Approval from the other TFP
- Another approach: from the top down, once approved by FICAM as a service component, by definition that SC's policies and practices are equivalent/comparable under any other FICAM Approved TFP
- In either case, FICAM must be satisfied that the applicant meets the FICAM TFS TFPAP requirements in total
- One approach: from the bottom up, the 'Receiving' assessor should act as the glue & use the already-assessed criteria as input into the final assessment of the combined entity (and so would not double-assess any entity)
- Comment: There is a difference between an IM satisfying FICAM requirements versus satisfying a TFP's requirements
- The key point is that FICAM Approval is against the TFPAP list of Trust Criteria - not the individual TFPs criteria
- Downside - the spreadsheet only applies to FICAM Approvals
- Kantara has criteria that go beyond FICAM Trust Criteria
- If Kantara is the only TFP, it uses its full range of criteria
- If a Service Component is accepted from another TFP, there's no certainty that all Kantara criteria have been satisfied - only those criteria that meet FICAM criteria
- This distinction might form part of a Kantara roadmap activity to extend more globally
- Note that this exercise does not create a strictly-defined Profile since it excludes criteria rather than constraining
- Proposal: use email as the primary comment/feedback method; call an ad hoc meeting on Wednesday if needed
- Plan to present to FICAM at Thursday November 20 monthly call
- Discussion about presentation format ensued
AOB
Carry-forward Items
Attachments
Next Meeting
- Date: Thursday, 2014-11-20
- Time: 12:00 PT | 15:00 ET | 20:00 UTC (Time chart - US Standard Time)
- United States Toll +1 (805) 309-2350
- Alternate Toll +1 (714) 551-9842
Skype: +99051000000481- Conference ID: 613-2898
- International Dial-In Numbers