2024-05-16 IAWG Meeting Agenda/Notes

Meeting Status Metadata

Quorum

quorate

Notes-Status

approved

Approved-Link

2024-07-11 IAWG Meeting Notes

The meeting status metadata table is used for summary reports - copy the status macros from the table in these instructions:

Quorum: quorate not quorate

Notes-Status: drafting Ready for review approved

Approved-Link: Insert a link to the Meeting Notes page holding the approval decision for this notes page

Agenda

  1. Administration:

    1. Roll call, determination of quorum.

      1. Voting:  Andrew Hughes, Michael Magrath, Mark King, Richard Wilsher, Vladimir Stojkovski, Jimmy Jung, Scott Jones, Yehoshua Silberstein

      2. Non-Voting: Jazzmine Dowtin, Eric Thompson

      3. Staff: Lynzie Adams, Amanda Gay, Kay Chopard, David Nutbrown, James Keenan

      4. Guests: Lisa Balzereit

    2. Minutes approval 

      1. Jimmy moves for unanimous approval.  Andrew seconds.  No objections.  Minutes approval passes.

      2. 2024.04.04 Meeting Minutes DRAFT 

      3. 2024.04.25 Meeting MInutes DRAFT

    3. Kantara Updates

      1. GSA’s SIN Release (Special Item Number) Schedule: This is a list of vendors with Kantara Approval/Certified (including Kantara) that goes to all federal and state agencies. It is pulled from our trust status list–goal is to be a faster procurement instrument for government agencies (it gives listed organizations a “leg-up” in terms of competing for government contracts”

      2. UK program–moving along to get 17065 accreditation – hoping to jump start 17065 with US Assurance Program.

      3. Conferences:

        1. Identiverse with Lynzie, Las Vegas, May 28-31

        2. EIC Berlin, Berlin, June 4-7

        3. Identity Week Europe, Amsterdam, June 11-12

        4. FedID, Baltimore, June 26-27

    4. Assurance Updates

  2. IAWG Actions/Reminders/Updates:

    • Adjusted meeting cadence for May:

      • May 30

    • Auditor Introduction

      • James Keenan

      • David Nutbrown

  3. ISO 17065 Discussion Items

  4. Group Discussion:  

    • Proposed 63A#0180 Revisions: 63A#0180 - proposed criteria adjustment (circulated by email 2024.04.06 by Richard Wilsher, attached for convenience) 

      • In Progress - Proposed supplement to NIST related to evidence requirements 

    • Continued discussion if needed: Proposed S3A edits to enhance transparency (as proposed to ARB) - Jimmy Jung

    • Assessment Program Question from 04.26.2024 - Assessment Program Question (attached for convenience)

  5. Any Other Business

 

 Attendees

Voting:

Nonvoting:

Staff:

Guests:

Quorum determination

Meeting is quorate when 50% + 1 of voting participants attend

There are <<9>> voters as of <<2024-05-16>>

 

Approval of Prior Minutes

Motion to approve meeting minutes listed below:

Moved by: Jimmy Jung

Seconded by: Andrew Hughes

Link to draft minutes and outcome

Discussion

Link to draft minutes and outcome

Discussion

  1. Jimmy moves for unanimous approval.  Andrew seconds.  No objections.  Minutes approval passes.

2024.04.04 Meeting Minutes DRAFT 

2024.04.25 Meeting MInutes DRAFT

 

 Discussion topics

Time

Item

Presenter

Notes

Time

Item

Presenter

Notes

 

Proposed 63A#0180 Revisions: 63A#0180 - proposed criteria adjustment

Richard Wilsher

  • Background-When criteria was drafted (based on the 800-63, produced by NIST regarding what a full service providers should do), we took NIST’s guidance on a permissible combinations of evidence (super, strong, etc) and put that in the Kantara criteria as 63A#1080.  This puts component providers in a difficult position when completing their Statement of Criteria Applicability in answering applicable v. not applicable.  This proposed change in criteria is intended to provide a means by which component providers can state which parts of a full set of proofing requirements that they fulfill by providing three valid options in terms of evidence collection.  See attached spreadsheet for detailed breakdown.

  • Eric Thompson and JImmy Jung voiced initial approval.

  • Yehoshua Silberstein voiced concerns regarding “back-dating”.

  • Andrew Hughes-Do we need to change our Trust Mark names since they reference IAL2 and these changes wouldn’t technically be IAL2?

    1. Question:  If you assess a service provider that does almost all of the IAL2 requirements and marks the SoCA as such, are they approved for an IAL2 Trust Mark? 

      1. Richard-If you have a provider that is performing a particularly functionality, we can assess them against a subset of the full set of criteria, and if they are found conformant and granted ARB approval, they should get a TrustMark.  Concerned about ARB worrying about who is consuming the service.  

      2. Yehoshua-Seems to be a need for a more rigorous set of standards if components are being separated out in terms of providing transparency with component approval.

    2. Concerns: If a CSP who is using an authorized component service advertises the Kantara Trust Mark as part of that service.  The second CSP is not licensed to do that.

  • Concerns voiced regarding misalignment with definitions posted on website and what was viewed in the call.  Continued onversation on definitions/classifications will take place at a later date.

  • ACTION:

    Richard Wilsher to draft motion regarding the criteria adjustments and send to staff.

     

 

 

 

 

 

 

 

 

 Open Action items

Richard Wilsher to draft motion regarding the criteria adjustments and send to staff.

Action items may be created inline on any page. This block shows all open action items from all meeting notes.

 Decisions