2024-09-26 IAWG Meeting Notes DRAFT

Owned by Amanda, created
Last updated: Oct 01, 2024
1 min read

Meeting Status Metadata

Quorum

not quorate

Notes-Status

Ready for review

Approved-Link

TBD

The meeting status metadata table is used for summary reports - copy the status macros from the table in these instructions:

Quorum: quorate not quorate

Notes-Status: drafting Ready for review approved

Approved-Link: Insert a link to the Meeting Notes page holding the approval decision for this notes page

Agenda

DRAFT 09.26.2024

  1. Administration:

  • Roll call, determination of quorum.  Not quorate.

  • Minutes approval 

  • Kantara Updates

  • Assurance Updates

  1. IAWG Actions/Reminders/Updates:

    • Meeting cadence - weekly.

  2. ISO 17065 Discussion Items

  3. Group Discussion:  

  4. AOB

 

 Attendees

  • Voting: Andrew Hughes, Richard Wilshire, Vladimir Stojkovski, Jimmy Jung, Yehoshua Silberstein

  • Nonvoting:

  • Staff: Amanda Gay, Carol Buttle, David Nutbrown

  • Guests:

Quorum determination

Meeting is quorate when 50% + 1 of voting participants attend

There are <<12>> voters as of <<2024-09-26>>

 

Approval of Prior Minutes

Motion to approve meeting minutes listed below: No quorum, so no minutes were approved.

Moved by:

Seconded by:

Link to draft minutes and outcome

Discussion

Link to draft minutes and outcome

Discussion

 

 Discussion topics

Time

Item

Presenter

Notes

Time

Item

Presenter

Notes

 

 

Carol: Collation has started, attempts to remove duplication.  Many comments are about identity proofing, syncable authenticators, and wallets.

  • Syncable authenticators - Not sure much guidance will come from NIST.  Will continue to evolve in conjunction with FIDO approach

  • Wallets - unclear overall.  Carol’s comments will revolve around who is actually holding the data.

  • Wallets/personal data stores/holder services/orchestrators: this all have a similar challenge of who is actually holding the data (challenge for Kantara criteria as well-how to assess?).

  • Timeline: next week (October 3rd) is the last call before submission deadline-will be looking to vote on the comments.

    1. ACTION: @Amanda AMG include a note in reminders that voting members should plan to attend to vote on comments approval.

 

Topics from IAWG leadership

 

  • Andrew - Syncable authenticators - Dean Sachs noted it might be useful if these were AAL1 (not just AAL2).  Extra criteria/requirements for AAL2.

    1. Carol: If there was a baseline with an overlay control, this might be possible.

    2. Andrew: Problem is the language says passkeys are syncable and AAL2.  If the language was changed to say they are AAL1, and could be AAL2 with additional criteria/requirements, it might be more clearly understood/easier to assess/additive.

    3. Carol: Seems keeping in line with something that is still evolving.

  • Richard - wallets - could we point out to NIST that there aren’t definitive requirements (likely will happen with Carol’s comments)?  Also points out that there is no obligation for Kantara to create criteria against everything in rev. 4., especially if we don’t have CSPs using them.

  • Richard - structure - Consistency is needed within NIST documents to start with the weakest set of assurances and progressing to the higher levels.

    1. Carol concurs and notes it is how things were done in the past.  It also makes it easier to maintain.

    2. Andrew - additive nature - proposes suggesting this to see if NIST Is able to take it on board.

  • Jimmy - syncable authenticators - rev 4 doesn’t have the issues that the supplement has.  Do we still have to deal with the supplement since rev. 4 is still unpublished?  Can we modify our criteria to be in line with rev. 4 v. supplement?  Action is needed (due to client/CSP needs).

    1. Andrew: This may be the approach if the supplement isn’t fixed.

    2. Richard: rev. 4 won’t even become mandatory for 12 months post-publication.  References syncable authenticators criteria draft from Jimmy/Richard as first steps.  Needs to get on the agenda.

      1. ACTION: @Amanda Proposed criteria on agenda for 10.10.2024 (draft from Jimmy/Richard to be circulated prior to call)

 

 

 

 

 Open Action items

@Amanda include a note in reminders that voting members should plan to attend to vote on comments approval.
@Amanda Proposed criteria on agenda for 10.10.2024 (draft from Jimmy/Richard to be circulated prior to call)

Action items may be created inline on any page. This block shows all open action items from all meeting notes.

 Decisions