IAWG Meeting Minutes 2012-06-7

Status:

These Minutes have been APPROVED by the IAWG on 6/21/12. (Note: After the 6/7/12 call, it was noted that Helen Hill had attended the meeting. Thus quorum was achieved on the 6/7/12 call.)

 

Attendees:

Voter Name

7 June 2012 Attendance

Patrick Curry

 

Myisha Frazier-McElveen

 x

Rich Furr

 x

Linda Goettler

 x

Helen Hill

 

Scott Shorter

 

Colin Soutar

 

Bill Braithwaite

 x

Anil John

 

Richard Trevorah

 

Richard Wilsher

 x

Non-voting:

Ken Dagg

Nathan Faut

Jeff Stollman

Joe Stuntz

Apologies:

Scott Shorter

Staff:

Joni Brennan

Pat Roder

1. ADMINISTRATIVE:

a) Roll Call – Since quorum is 6 of 11 and there were 5 voting members on the call, quorum was not achieved.

b) Motion for Minutes: Quorum was not achieved.

c) Agenda confirmation: Agenda confirmed.

2. KAR

In preparation for the discussion on the KAR, Chair Frazier-McElveen sent an email [WG-IDAssurance] KAR containing:

  • Attachment 1 – The template assertion letter with language inserted referencing the S3A Report. 
  • Attachment 2 – The document which describes what should be included in the Final S3A Report.  
  • Attachment 3 – A word doc which contains the requirements as given by the ARB for what the KAR should include and a snap shot of a sample table that was included in the SAC and referenced in the S3A. 

The group began discussing the template assertion letter.

  • There was a suggestion that a legal review of the letter may be necessary.
  • There was discussion on whether this letter is fulfilling the Kantara need for a consistent assessor report.
  • There are two groups of assessors: Kantara accredited assessors and AICPA certified assessors. All certified assessors can be utilized and one group should not be alienated.
  • It was agreed that it is necessary to work to a common core that is acceptable to everyone. Two approaches were suggested. Path 1 calls for the assessor to submit two reports – the KAR and the AICPA report. Path 2 calls for the assessor to submit one report which would satisfy both organizations.
  • It was decided that to move forward, it is necessary for the assessors with AICPA certification to produce evidence to confirm that they are able to provide non-AICPA compliant reports. Based on the evidence produced (if any), assessors can determine the best path forward. (ACTION ITEM)

3. IAWG ROADMAP

The group then discussed the IAWG Roadmap for 2012 which was emailed to the group. The graph displays the components of the revisions to the IAF-SAC document for each of the remaining three quarters of the year.

  • Joni Brennan asked the group to determine whether the expected revisions and delivery dates displayed on the Roadmap seem reasonable. She also asked the IAWG members to consider volunteering to champion each of these work items.
  • There are two components of the revision for Q2: the alignment to NIST 800-63-1 and the revision and completion of KAR as an IAWG report.
    • Regarding the alignment to NIST 800-63-1:
      • According to Joni Brennan, there are reviewers from NIST who are willing to assist in the alignment of the IAF-SAC at the appropriate time.
      • Richard Wilsher suggested that this item be moved to Q3 in order to ensure that all contingents are on board.
      • Champion: Richard Wilsher.
  • Regarding the revision and completion of KAR as an IAWG report:
    • Joni Brennan asked the group whether the Kantara KAR version can be closed out within one month since it is a Q2 item.
    • Champion: Chair Frazier-McElveen.
    • The Q3 effort involves drafting the pseudonymous approach of decoupling credentials from identities.
      • There was a group discussion on what the extent of this work would be. It may be as simple as preparing a single table or it may involve revisions of other documents too.
      • It was agreed that before the work begins, a position statement should be created which would outline the benefits to Kantara of this deliverable. (ACTION ITEM)
      • A gap analysis should be performed which would spell out the work that needs to be done. A champion is needed for this item. (ACTION ITEM)
      •  Use cases with examples should also be developed. A champion is needed for this item. (ACTION ITEM)
      • Due to time constraints, the revision components listed on the Roadmap for Q4 were put on hold and will be discussed on the next call. (ACTION ITEM)
      • It was suggested that the Roadmap progress be reviewed at the beginning and end of each quarter. (ACTION ITEM)

4. OUTREACH

As part of the IAWG’s Outreach program, a list of end-user communities who may leverage Kantara’s Identity Assurance Program should be developed.

  • Group to consider which other organizations it could interface with.
  • Ken Dagg suggested oversight bodies that deal with financial institutions such as bankers’ associations.
  • Joni Brennan suggested the Cloud Security Alliance (https://cloudsecurityalliance.org/ ) and the Open Data Center Alliance (http://www.opendatacenteralliance.org/).
  • It was suggested that compiling this list should become a standing agenda item as should developing a plan for outreach for each organization. (ACTION ITEM)

5. EVENTS

Chair Frazier-McElveen stated that there are two upcoming meetings and asked for responses from the group as to who is attending (link to attendance information request email from Dervla O’Reilly - [WG-IDAssurance] Cross collaborating meeting for HIA WG, IA WG, P3 WG & AM DG

6. AOB

Due to time constraints, the discussion of this item was deferred until the next conference call on June 14, 2012. (ACTION ITEM)

7. ACTION ITEMS

Action Item

Assigned To

Status

Description

Comments

20120607-01

Myisha, Nathan, Scott, and Joe

Open

Based   on evidence produced (if any), assessors to determine best path forward (see   June 7, 2012 notes)

 

20120607-02

Joni

Open

Move   the alignment to NIST 800-63-1 to Q3 on the Roadmap.

 

20120607-03

Joni

Open

Create   a position statement which outlines how the pseudonymous approach benefits   Kantara.

 

20120607-04

IAWG – Champion Needed

Open

Perform   a gap analysis for the pseudonymous approach which spells out the work that   needs to be done.

 

20120606-05

IAWG – Champion Needed

Open

Develop   use cases for the pseudonymous approach.

 

20120607-06

IAWG

Open

Review   Roadmap’s Q4 deliverables on next call.

 

20120607-07

Chair

Ongoing

Review   Roadmap progress at the beginning and end of each quarter.

 

20120607-08

IAWG

Ongoing

Compile   a list of end-user communities who may leverage Kantara’s Identity Assurance   Program.

 

20120607-09

Chair

Open

Move   discussion of AOB items to June 14 agenda

 

Adjourn

The meeting ended at 8:00 am PDT.