IAWG Meeting Minutes 2012-06-7

Attendees:

Non-voting:

Ken Dagg

Nathan Faut

Jeff Stollman

Joe Stuntz

Apologies:

Scott Shorter

Staff:

Joni Brennan

Pat Roder

1. ADMINISTRATIVE:

a) Roll Call – Since quorum is 6 of 11 and there were 5 voting members on the call, quorum was not achieved.

b) Motion for Minutes: Quorum was not achieved.

c) Agenda confirmation: Agenda confirmed.

2. KAR

In preparation for the discussion on the KAR, Chair Frazier-McElveen sent an email [WG-IDAssurance] KAR containing:

• Attachment 1 – The template assertion letter with language inserted referencing the S3A Report. 
• Attachment 2 – The document which describes what should be included in the Final S3A Report.  
• Attachment 3 – A word doc which contains the requirements as given by the ARB for what the KAR should include and a snap shot of a sample table that was included in the SAC and referenced in the S3A. 

The group began discussing the template assertion letter.

• There was a suggestion that a legal review of the letter may be necessary.
• There was discussion on whether this letter is fulfilling the Kantara need for a consistent assessor report.
• There are two groups of assessors: Kantara accredited assessors and AICPA certified assessors. All certified assessors can be utilized and one group should not be alienated.
• It was agreed that it is necessary to work to a common core that is acceptable to everyone. Two approaches were suggested. Path 1 calls for the assessor to submit two reports – the KAR and the AICPA report. Path 2 calls for the assessor to submit one report which would satisfy both organizations.
• It was decided that to move forward, it is necessary for the assessors with AICPA certification to produce evidence to confirm that they are able to provide non-AICPA compliant reports. Based on the evidence produced (if any), assessors can determine the best path forward. (ACTION ITEM)

3. IAWG ROADMAP

The group then discussed the IAWG Roadmap for 2012 which was emailed to the group. The graph displays the components of the revisions to the IAF-SAC document for each of the remaining three quarters of the year.

• Joni Brennan asked the group to determine whether the expected revisions and delivery dates displayed on the Roadmap seem reasonable. She also asked the IAWG members to consider volunteering to champion each of these work items.
• There are two components of the revision for Q2: the alignment to NIST 800-63-1 and the revision and completion of KAR as an IAWG report.
  • Regarding the alignment to NIST 800-63-1:
    • According to Joni Brennan, there are reviewers from NIST who are willing to assist in the alignment of the IAF-SAC at the appropriate time.
    • Richard Wilsher suggested that this item be moved to Q3 in order to ensure that all contingents are on board.
    • Champion: Richard Wilsher.
• Regarding the revision and completion of KAR as an IAWG report:
  • Joni Brennan asked the group whether the Kantara KAR version can be closed out within one month since it is a Q2 item.
  • Champion: Chair Frazier-McElveen.
  • The Q3 effort involves drafting the pseudonymous approach of decoupling credentials from identities.
    • There was a group discussion on what the extent of this work would be. It may be as simple as preparing a single table or it may involve revisions of other documents too.
    • It was agreed that before the work begins, a position statement should be created which would outline the benefits to Kantara of this deliverable. (ACTION ITEM)
    • A gap analysis should be performed which would spell out the work that needs to be done. A champion is needed for this item. (ACTION ITEM)
    •  Use cases with examples should also be developed. A champion is needed for this item. (ACTION ITEM)
    • Due to time constraints, the revision components listed on the Roadmap for Q4 were put on hold and will be discussed on the next call. (ACTION ITEM)
    • It was suggested that the Roadmap progress be reviewed at the beginning and end of each quarter. (ACTION ITEM)

4. OUTREACH

As part of the IAWG’s Outreach program, a list of end-user communities who may leverage Kantara’s Identity Assurance Program should be developed.

• Group to consider which other organizations it could interface with.
• Ken Dagg suggested oversight bodies that deal with financial institutions such as bankers’ associations.
• Joni Brennan suggested the Cloud Security Alliance (https://cloudsecurityalliance.org/ ) and the Open Data Center Alliance (http://www.opendatacenteralliance.org/).
• It was suggested that compiling this list should become a standing agenda item as should developing a plan for outreach for each organization. (ACTION ITEM)

5. EVENTS

Chair Frazier-McElveen stated that there are two upcoming meetings and asked for responses from the group as to who is attending (link to attendance information request email from Dervla O’Reilly - [WG-IDAssurance] Cross collaborating meeting for HIA WG, IA WG, P3 WG & AM DG

• Cloud Identity Summit Roll Call: http://www.cloudidentitysummit.com/
• Joint IAWG, HIA, P3, AM Meeting: http://kantarainitiative.org/pipermail/wg-idassurance/2012-May/001256.html
  • What: Cross collaboration meeting
  • When: August 6 - group leadership meeting, August 7 & 8 cross collaboration meeting 
  • Where: Surescripts Office, Crystal City (DC Metro)

6. AOB

Due to time constraints, the discussion of this item was deferred until the next conference call on June 14, 2012. (ACTION ITEM)

7. ACTION ITEMS

Adjourn

The meeting ended at 8:00 am PDT.