2017-05-17 Meeting Notes DRAFT

John Wunderlich

Rainer Hoerbe

John Bradley

Draft minutes for approval:

2017-03-15 Meeting Notes DRAFT

"To approve listed meeting minutes"

Motion by:

Second:

Discussion:

Result:

Director's Corner: 2017: March

• April Director's Corner is in progress. Blockchain is at the end of their report. Will contextualize it around what Kantara can do to assist
• Hamilton ISO meeting, and Internet 2, not much else going on in April
• KIPI projects - see press release for information
• Planning for CIS 2017
• IIW and EIC - good showing for Kantara
  • Feedback for next year: Kantara was same time as OpenID (at EIC) - too much overlap; detrimental to participation. See if they can arrange it differently.
• IPR refresh is going to be published on Friday
• Bylaws have been published
• Ken Dagg and Andrew are working on the Operating Procedures, developing a matrix to reference Bylaws

The Kantara Initiative is the global consortium improving trustworthy use of identity and personal data through innovation, standardization and good practice.

• Strategic work by Board: 
  
  • New IPR policy ready for Board approval - includes a Non-Assert Covenant as the default IPR for new work
  • Portal tools & membership management tools review continues
• Consent Receipt Specification approval vote was successful - posting and announcements now
• UMA v2.0 nearly ready to bring Recommendations to LC for sending to all member ballot
• BSC finalizing Report soon - Eve and Thomas cleaning up
• IRM Draft Report soon - Andrew edited, now Sal and Ian need to fill in some information
• eGov Draft Report soon - next in priority once we get others in queue
• Fed Interop Draft Technical Specification soon - in working group phase now
• Very strong interest in Kantara at recent conference events. Pitching the idea to form a group to develop good practice / requirements for Consent Management Systems; also Customer IAM systems. Continue to discuss with GEANT, Internet2, SUNET and others about creating common specifications and recommendations for assurance of digital identity.

Administrative Reminders/Requests: Please ensure your WG and DG charters are reasonably current. These are supposed to be reviewed annually.

IRM WG

OTTO WG - May update is on blog. Draft documents for API, core vocab and open id connect are complete. working on SAML vocabulary out in the next week or two. One interesting item out of IIW, might make a case for fast feds to use auto vocabulary as a way to publish auto.

UMA WG

BSC DG

IA WG - updates are on the blog. releasing a new update on the wiki, submitted comments to NIST, working with IDESG on operationilizing the use of Kantara approval of a CSP

CIS WG - still working on V1 backlog items. working on what should go into version 1.1.

eGov WG

*Not much update to Board - won't have a written report.

• Consent and Information Sharing WG: 
  • New project to start soon: personal information data model to facilitate GDPR-related data portability requests (Iain Henderson)
  • New project to start soon: Ontology for personal data systems - to allow for personal information management systems to store and express information using a common ontology

Please take a moment to review the list of action items and do your best to take action.

• Previous meeting notes:
  Identity-Consent-Data Control: Kantara's core - how to light it up? Cross-border data transfers: consent based? data portability? What do our members need an <audience> need to learn about? Poll: of these 5 topics, which ones would you work on? What does a <regulator> need to learn about or have greater awareness of that is needed to advance our members' initiatives? Data Ethics? CoCo / code of ethics? Consent directives / defaults?
• Starting a group to work on 'GDPR Toolkit' - multiple WG participants
  • How do we get multiple WG together to design and build
  • Data control technologies can eliminate need for certain data protection requirements - that is the toolkit
  • Nymity?? GDPR toolkit is all clauses with annotations and checklists.
  • Technology is moving so fast, new technology means new risks
  • KI feels we have technology and practices that will be of use. Instead of requiring everyone to figure out Kantara, we should organize it in a way that people can look for it.
  • UMA legal group uses the GDPR toolkit phrase
• 
  

New boilerplate templates for email ballots are being created.

First priority is templates for moving draft recommendations from WG Draft, through public review and on to all-member ballot.

This work is also driving review and update of Operations Procedures - both aligned to a new draft of Kantara Bylaws.

Andrew is working on an updated document template for Reports and Recommendations (this is what held up the docs mentioned earlier)

Notification message: http://kantarainitiative.org/pipermail/membership/2017-March/000002.html

Intellectual Property Rights policies are a strict requirement of Kantara for all Kantara work groups, discussion groups, and other work products.  This version 2.0 cleans up some editorial inconsistencies that arose with Kantara’s 2016 incorporation as a standalone organization with the Operating Procedures and the Bylaws.
New in this Policy Version 2.0 is inclusion of  an additional IPR Option requested by a significant number of members over the last 2 years - the Non-Assertion Covenant - an increasingly popular option in standards development organizations.  
Members have over time expressed a desire to converge on one IPR option, to allow separate Working and Discussion Group outputs to be later aggregated under this new Non-Assertion option, given that the identity management and personal data scope of Kantara's mission sees strong cross-Group connections and relationships as the outputs mature.  
The Non Assertion Covenant is indicated as the default option, but there is no obligation for a Working Group or Discussion group to choose it. Each Working and Discussion Group is entitled to choose the IPR Policy option that is most suitable for its work.  This email and announcement is an open invitation to comment. Kantara Initiative, Inc. is seeking to solicit feedback from all members on Kantara’s IPR policy.  The Board and staff thanks you for your continued support and welcomes any comments you may have.
Member Review Period:
The 45-day member review 2017-March-17 and ends 2017-April-30 at 23:59 Pacific Time.

The new draft IPR Policy v2.0 is available here:
http://contact.kantarainitiative.org/comment/KantaraInitiativeIPRPolicies_Draft_V2_0.pdf

The feedback period has concluded and the new IPR policy is going to Board of Directors ballot this month.

• Kantara has implemented a pre-download 'who are you' page for all document downloads, to gather some very basic information about who is interested in Kantara's work. Stats are being collected & will be shared at the Board and LC levels, probably monthly.
• Top documents in April: IAF Overview and IAF Assurance Levels.

List of future events on KantaraInitiative.org

** Not listed on Kantara site yet

Open discussion

Mike: Erasmus project - proposing a federation for first responders. What legal form would that take? What org would help provide the legal operations and governance for the organization. Internet 2 operates as LLC, would Kantara be interested in having and LLC or a separate nonprofit that operates this federation? Could be revenue generating - 65,000 first responders. How do you make sure that Kantara is not legally responsible? Looking at this to be also nonprofit. Federation serves the members. Timing - DHS is in July. Propose funding for phase 2, need ideas for how it would work and who would operate it. Could set up a light weight certification for the federation. Where to get the start up funding to staff it? Phase 2 has money associated with it. Trustmark as part of it. 93% of organizations are less than 100 employees. opportunities to work with Georgia Tech on trustmarks. Kantara could be third party verifier. June Board meeting will be face to face at CIS, add this to the agenda.