Kantara Initiative Identity Assurance WG Teleconference

Meeting Minutes approved 2014-11-20

Date and Time

Date: Thursday, 2014-11-13
Time: 12:00 PST | 15:00 EST | 20:00 UTC (Time chart - US Standard Time )
United States Toll +1 (805) 309-2350
Alternate Toll +1 (714) 551-9842
Skype: +99051000000481
- Conference ID: 613-2898
International Dial-In Numbers

Agenda

Administration:
1. Roll Call
2. Agenda Confirmation
3. Minutes approval: IAWG Meeting Minutes 2014-10-23
4. Staff reports and updates
Discussion
1. Review of joint TFP submission to FICAM TFS regarding criteria assignments to service provider roles.
AOB
Adjourn

Attendees

Link to IAWG Roster

As of 2014-09-29, quorum is 8 of 14

Use the Info box below to record the meeting quorum status

Meeting achieved quorum

Voting

Rich Furr ( C)
Andrew Hughes (S)
Ken Dagg
Matt Thompson
Cathy Tilton
Devin Kusek
Scott Shorter
Richard Wilsher

Non-Voting

Björn Sjöholm
Peter Alterman
Lee Aber (ID.me)

Staff

Joni Brennan

Regrets

None

Notes & Minutes

Administration

Minutes Approval

IAWG Meeting Minutes 2014-10-23

Motion to approve minutes of 2014-11-13: Shorter
Seconded: Kusek
Discussion: None
Motion Carried

Staff Updates

Events
- IRM Conference - well attended
- CA World
- PII2014
Board of Trustees has done a review of policies and procedures - plan to work with LC to update/refine
OpenUMA is now live - hosted at ForgeRock
Presidential Executive Order in October directed at Federal agencies requirement to plan for and implement MFA

Participant Updates

ID.me announcement: ID.me has chosen a new VP of Security and Risk Management: Lee Aber
- Strong background, great contacts

Discussion

FICAM TFPAP v2.1 split the CSP into several roles
This work is a response to FICAM TFS on the TFP proposal on how to map TFPAP requirements to those new roles
This should help to ensure alignment and cross-recognition between TFP applicants and approved service providers
- i.e. If two different approved service components are approved by different FICAM TFPs, they should be allowed to apply for FICAM approval directly
- The assessor would only have to examine the 'glue' requirements that are not part of one or the other role
Review the "FICAM Requirements Spreadsheet for IAWG Processing 111214.xls"
- This work serves the immediate needs for FICAM TFS and the TFPs - there are longer term objectives still to be addressed
Comment: the requirements on the T M tab appear to be related to components other than the T M
Question: are there requirements that applied to both IM and T M
- A: The terms in the text were updated to the new meanings before mapping
Comment: This analysis is being done in the context of Kantara and SAFEBioPharma only. FICAM TFS would need to incorporate this into future versions of TFPAP to have best effect.
Comment: The next step is for the TFPs to map their own criteria to this component mapping
- One approach: from the bottom up, the 'Receiving' assessor should act as the glue & use the already-assessed criteria as input into the final assessment of the combined entity (and so would not double-assess any entity)
  - i.e. from the full list of criteria, the assessor should exclude those criteria that are already in scope for the Service Component Approval from the other TFP
- Another approach: from the top down, once approved by FICAM as a service component, by definition that SC's policies and practices are equivalent/comparable under any other FICAM Approved TFP
- In either case, FICAM must be satisfied that the applicant meets the FICAM TFS TFPAP requirements in total
Comment: There is a difference between an IM satisfying FICAM requirements versus satisfying a TFP's requirements
The key point is that FICAM Approval is against the TFPAP list of Trust Criteria - not the individual TFPs criteria
Downside - the spreadsheet only applies to FICAM Approvals
- Kantara has criteria that go beyond FICAM Trust Criteria
- If Kantara is the only TFP, it uses its full range of criteria
- If a Service Component is accepted from another TFP, there's no certainty that all Kantara criteria have been satisfied - only those criteria that meet FICAM criteria
This distinction might form part of a Kantara roadmap activity to extend more globally
Note that this exercise does not create a strictly-defined Profile since it excludes criteria rather than constraining
Proposal: use email as the primary comment/feedback method; call an ad hoc meeting on Wednesday if needed
- Plan to present to FICAM at Thursday November 20 monthly call
Discussion about presentation format ensued

AOB

Carry-forward Items

Attachments

Next Meeting

Date: Thursday, 2014-11-20
Time: 12:00 PT | 15:00 ET | 20:00 UTC (Time chart - US Standard Time)
United States Toll +1 (805) 309-2350
Alternate Toll +1 (714) 551-9842
Skype: +99051000000481
- Conference ID: 613-2898
International Dial-In Numbers

Browser not supported