IAWG Meeting Minutes 2013-03-14

Owned by Former user (Deleted)
Last updated: Apr 08, 2013
4 min read

Kantara Initiative Identity Assurance WG Teleconference

Call recorded for purposes of note taking

Minutes approved 4-Apr-2013

Date and Time

Agenda

  1. Administration:
    1. Roll Call
    2. Agenda Confirmation
    3. Minutes approval: IAWG Meeting Minutes 2012-12-13, IAWG Meeting Minutes 2013-01-24
    4. Vice Chair
  2. Discussion
    • Road Map
    • Key Signing Ceremony - Recap
    • Agile IAF
  3. AOB
  4. Adjourn

Attendees

  • Bill Braithwaite
  • Myisha Frazier-McElveen
  • Scott Shorter
  • Richard Wilsher

As of 14 January 2013, quorum is 4 of 7

Non-Voting

  • Ken Dagg
  • Helen Hill
  • Rich Furr

Staff

  • Andrew Hughes

Apologies

Minutes

  • Minutes approval: Bill Braithwaite moves to approve the minutes; Rich Furr seconds - minutes approved with no discussion
Vice Chair vote
  • Nomination for vice chair completed, and Rich Furr was the sole nominee
  • Rich Furr approved by acclimation, no objection

Discussion

Roadmap
  • see 2013 IAWG ROADMAP
  • re: privacy effort, rescheduling the discussion with the P3WG leadership
  • De-coupled binding - how are we progressing this forward since Andrew is no longer an individual contributor to the group?  this can still be part of Andrew's contribution, just needs to find time to do so
    • if there is a Q3 time frame, Scott Shorter, Ken Dagg, and Richard Wilsher can commit to work on it in that timescale
    • is there a scope to this activity? that is part of the activity as defined in the roadmap
  • IAF alignment - should be with the 800-63-2, not -1; this is in progress and it will be Q2 analysis and completion, so there will be a revised SAC, which Richard is treating it as an independent revision (not looking at anything else that might need to be changed in the SAC); does not anticipate any other documents needing to be changed
    • risk to time frame is the feedback rate from the IAWG
    • Richard may request a revision to 800-63-2 to make it a more useful document; had discussed this with Tim Polk but now with Tim out of the immediately loop, not sure who the champion is for 800-63
  • Relying Party guidelines - on the list, but we don't have a champion or direct driving need; will keep on the list so as not to lose sight of its importance
    • should consider reviewing the original notes that inspired this and discussing on a future call
    • AI for Myisha: send out thoughts on the scope of this document to frame the discussion
  • Alignment with ISO 29115 - Richard suggests we should definitely work on this alignment so that we can in turn provide input to a related doc, IS29003; this group should actively participate in reviewing that document; Kantara has a liaison with SC 27 which allows us to submit comments
    • SC 27 will publish after April a working draft of 29003; that will be sent to national bodies and (probably) liaison bodies; when the docs are published, we could make them available to the liaison subcommittee (need to check the copyright issue)
    • specifically, how do we engage IAWG members to have a discussion? it is difficult to get time slices from the members, so for those who are analyzing the doc through their own channels, would it be reasonable for IAWG to have those people bring in specific issues rather than ask the whole group to review the doc? do we need to engage a wider discussion within the IAWG to shape the details on the documents? If that is something we want to do, what is the best way to make this discussion interesting and relevant enough to get more participation from other IAWG members?
      • when we get the document, can make an announcement of its availability, and then it will be accessed only through the liaison subcommittee
    • should this be IAF alignment, or IAWG feedback?  it should be alignment to 29115, and it should say Q2; 29003 is being based on 29115 and feedback in to that should be Q3
  • Anything else to add? people were asking if there was a scheme or something about attributes gathered after identity has been established; the scenarios is that there is some identity provider that gathers an identity from an authentication/credential, but then goes out for additional attributes before issuing a final SAML assertion - it is doing some kind of suitability assessment
    • basically, an LoA on attributes; aka attribute assurance
    • there are groups working on attributes right now through OIX and OASIS and Kantara (AIM WG)
    • may want to consider if and how this needs to feed in to the IAF
Key Signing Ceremonies
  • On the call last week, we discussed the key signing ceremony and whether or not we should have language in the IAF around it
  • the consensus of the group was that there are a set of requirements that need to be met to conduct key signing ceremonies, and we need to investigate how they might be different from what we have in the SAC and possibly add language about that; not to have specific direction about key signing, but some guidance
  • Scott and Rich are interested in participating in this work effort, but need a champion to lead it
  • we have the SAC revision in Q2 (end of June); given that time frame, does anyone have cycles that could be applied to this?  if we could have a streamlined published release of the SAC, that would be good
    • Scott will try to come up with some suggestions by June on this; anyone who has cycles is welcome to work on this as well
    • This is to be added to our roadmap and deliverables
Agile IAF
  • to be discussed next call

 

AOB

  • recommendation to include a short review of Roadmap at least every other meeting

Next Meeting