2023-12-14 Minutes

Owned by Amanda
Last updated: Oct 01, 2024
3 min read

  • Roll call-Andrew Hughes called the meeting to order.  The meeting was not quorate.

    • Voting: Andrew Hughes, Mark King, Mark Hapner, Jimmy Jung, Peter Davis

    • Non-Voting: Martin Smith

    • Staff: Amanda Gay, Kay Chopard

    • Guests: Lisa Balzereit

  • Minutes approval 

  • Kantara Updates

    • AGM was a success,  and the recording will be shared with members. 

    • GSA-special schedule for KI certified vendors

  • Assurance Updates

  1.  Discussion:  

    • Discuss comments and changes: 2024 Charter Review Process 

      • Andrew Hughes sent around comments, color code: 

        1. red=delete, green=good to go, yellow=discussion

        2. Reiterates goal is to slim down/describe what we do/why we do, not expansionary/what we could do

        3. WG name: RED (quote not cited)-text doesn’t belong under WG name (could go into IAWG overview document, but it doesn’t go into a charter, and we don’t do these things)

          1. Martin notes agreement with what we don’t do and supports less is more-what are we doing about comments on other schemes?  If we want to do that, it should be reflected in purpose

        4. Purpose (green title, yellow substance)-perhaps these comments are the scope not the purpose?

          1. Martin’s comment above-comments on other schemes

          2. AHughes agrees-should be talking with other scheme owners and authors/maintainers of our SAC

          3. Leave door open to other schemes

          4. MK-UK activity?  Interestingly-IAWG doesn’t have anything to do with the UK, but thinks IAWG should be giving advice on the part of KI? AHughes captured this in advice to executive director (IAWG->ED->UK and vice versa (ex. Comments on DIATF)

            1. Doesn’t want it to be mostly NIST e.g. nist (find comment)

          5. Aligning language with scheme owners and post procedures–not in charter document.

          6. Topics point–is it OK? How to phrase and it is accurate

            1. Seems more what IAWG actually does (if following NIST)

            2. Federated access management

            3. 63C (AHughes)

            4. Could be an authentication statement-Peter

            5. Convene v. participate v join

            6. AHughes-chose convene because he wants the sense that we bring people into Kantara to discuss (idea that we have a place amongst ourselves to talk)

          7. Purpose text-too expansive, but ran out of time to make further comments.

            1. Martin concurs with limiting purpose section (shouldn’t be too much); Suggests deleting everything and starting fresh with something fresh and simple to save time

          8. Lines 25-28- belongs in IAF, not charter RED

          9. Lines 29-36 - we don’t do some things RED

          10. “Value” line 37-YELLOW-discussion: Should be outside of charter, important

        5. Scope: what is worked on–should move stuff from purpose comment to scope

          1. RED lines 61-66-out of scope

        6. Draft tech specs and draft recs: GREEN

        7. Leadership: RED lines 74 on–should be in operating procedures

          1. Leader team-adjust as needed GREEN

            1. Martin-secretary role?  Assessment manager has two roles? Will that continue? See comment for language regarding formal connection to ARB

            2. Additional vice-chairs?  Leadership is busy, should build in more cushion with people’s workload?

            3. Per operating procedures-any leadership structure is OK (can’t have two chair, must be CO)-default can have as many VC as needed

          2. Audience-we don’t talk to those people-similar to liaisons, audience should be entities directly impacted by IAWG decisions or they have a stake in the decisions (i.e. ARB, CSPs, FO, but policy makers is too broad (who-governing authorities)--needs clarification YELLOW

          3. Martin-what kind of language should be used to make sure that the people we care about understand our message and are persuaded by our message?

            1. Who do we care about understanding what we are doing?  Who is it important to understand?

            2. Should add BoD as well-governing body of business

          4. Kay: policymakers - US perspective is often towards government policy (agencies or administration or the Hill)-it is beneficial for them to know Kantara and Kantara’s role, but in other countries-the UK trust framework is more focused on commercial markets (people aren’t buying credential services for gvt functions the way it happens in the US)-last month’s fintech–banks/financial institutions are interested, and they are policy makers that would also benefit from the understanding about Kantara and the work.  Some purchasers may be more like relying parties, but their involvement could be beneficial to IAWG.  would be helpful to have industry associations/standards associations (martin/kay)-notary services now have to be IAL2 compliant–This is a whole new group of organizations that may need certification.

          5. Peter Davis-banking compliance-they know what the requirements are but they don’t know how to compare vendors against those compliance requirements

            1. Ie. KYC does not equal IAL2

        8. Related work and liaisons—RED delete see comment

          1. Divide and conquer–only list liaisons with meaningful interactions (clean this up)

          2. Add ARB and WG/DGs to audience

          3. Liaison v. audience

            1. We don’t want to name internal connections as liaisons, so ARB is audience

            2. Signal in title

            3. Need equal level of engagement for people on list (some deeply involved, some not, some were but now they are)

            4. ACTION:

@Amanda Staff-create an IAWG Liaisons page to begin finalizing a list (Peter for language as needed)  (Note: each WG should have this)

  1. Contributions: YELLOW

    1. Was this part of the initial set-up–should we clean-slate it?

  1. Any Other Business

    • Cancel next week’s meeting-no more meetings in December.   

    • Next meeting is January 11th, 2024