IAWG Meeting Notes 2012-01-18

Attendees:

Tom Smedinghoff
Joe Stuntz
Myisha Frazier-McElveen
Ben Wilson
Linda Goettler
Rich Furr
Bill Brathewaite
Nathan Faut

Staff:
Joni Brennan
Anna Ticktin

Minutes:

1. ADMINISTRATIVE:

  • Roll Call
  • Motion for minutes approval: 14 Dec 2011, 11 Jan 2012
  • Quorum not reached. Motion tabled.

2. FEDERAL PRIVACY PROFILE

  • eBallot launched today and will close on the 27th of January at 5pm PT. All voting members are asked to respond asap.

3. ARB UPDATE

  • ARB is in discussion on SAAs:
  1. An SAA would need to convince the ARB that its processes for accepting a request for certification of a service operated by a CSP/IDP is at least equivalent to KI’s own process;
  2. According to what little notes there are in the SAC and AAS regarding SAAs, the Assessors would still need to be Kantara Accredited.  So ARB would still run the Accreditation but there would be some process for recognising an SAA.
  3. The board is looking into a track with UK Authority to ensure that the KI scheme is recognized (similar to ICAM TFPAP process).
  • ARB is currently reviewing an application for Electrosoft as an accredited assessor.
  • Brian Dilley called out a criteria audit which Richard Wilsher paraphrased and put forth on the IAWG list. (These have been added to the IAF stack edits list on the wiki).

4. ROAD MAP
Resources Required (KAR and RP Guidelines)

  • Myisha's hand is tentatively raised on behalf of Deloitte. She will report back whether Deloitte can take this lead. Otherwise, eValidate and KPMG are willing to help and participate.

5. IAF V 2.0 REVIEW - IAF STACK EDITS
(Docs sent to the list)
The group began to work through the IAF stack edits repository on the wiki : http://kantara.atlassian.net/wiki/display/idassurance/IAF+Stack+Edits

6. AOB

ABA Legal Task Force Mtg (DC)

  • Collect as many statutes and regulations that touch on ID management and its various activities. Privacy is a focus. There was lengthy discussion around "identity" and "attributes" as well as "id providers" vs. "attribute providers."
  • System Rules or some derivative thereof is being entertained in place of Trust Framework as much confusion seems to come from that latter term.
  • Will definitions or a glossary of terms be narrowed down? Scott David has compiled an extensive matrix and the ABA will link to that. (The matrix might be housed at InCommon...?)
  • Synonyms will be highlighted and readers of the ABA document will be pointed toward their glossary / definitions and usage of terms.

TelCo and IAF

  • IF anyone is interested in a preliminary analysis of the IAF by telcos, please contact Joni.
  • Telco’s are gathering initial resources, not quite ready to interface with IAWG, but have put together their assessment on IAF applicability to their environment.

Adjourned