2017-05-17 Meeting Notes DRAFT

Date

2017-05-17

Attendees

Representation

 

  NameAttended
Connected Life Innovation Groups
IRMWG1stSalvatore D'Agostino (LC Secretary)

 

IRMWG2ndBill Nelson 
UMAWG1stEve Maler 
UMAWG2ndMaciej Machulak 
CISWG1stAndrew Hughes (LC Chair)yes
CISWG 

John Wunderlich

 

CISWG Mark Lizar (LC Vice-Chair) 
CISWG Mary Hodder 
IDoTDG Ingo Friese 
BSCDG Thomas Hardjono 
BSCDG Eve Maler 
DIDProDG1stIan Glazer 
DIDProDG2ndSarah Squire 
Trust Services Interoperability Groups
IAWG1stKen Daggyes
IAWG2ndFormer user (Deleted) 
HIAWG1stNON-VOTING 2016-09-07 
eGovWG1st

Rainer Hoerbe

 
eGovWG2ndKeith Uber 
FIWG1st

John Bradley

 

FIWG2ndWalter Forbes Hoehn 
OTTOWG1stMichael Schwartzyes
OTTOWG2ndJanusz Ulanowski 
Staff
Kantara-Colin Wallisyes
Virtual-Megan Cannonyes

NOTE: As of April 19, 2017, for calculation of quorum there are 7 WGs.



Agenda and Meeting Notes

TopicDesired Outcome
Meeting Administration
Roll Call 
Agenda Confirmation

 

Minutes confirmation

 

Draft minutes for approval:

2017-03-15 Meeting Notes DRAFT

2017-01-18 Meeting Notes DRAFT

"To approve listed meeting minutes"

Motion by:

Second:

Discussion:

Result:

 

Organizational Updates
Executive Director and Staff Report

Director's Corner: 2017: March

  • April Director's Corner is in progress. Blockchain is at the end of their report. Will contextualize it around what Kantara can do to assist
  • Hamilton ISO meeting, and Internet 2, not much else going on in April
  • KIPI projects - see press release for information
  • Planning for CIS 2017
  • IIW and EIC - good showing for Kantara
    • Feedback for next year: Kantara was same time as OpenID (at EIC) - too much overlap; detrimental to participation. See if they can arrange it differently.
  • IPR refresh is going to be published on Friday
  • Bylaws have been published
  • Ken Dagg and Andrew are working on the Operating Procedures, developing a matrix to reference Bylaws
LC Chair Report

The Kantara Initiative is the global consortium improving trustworthy use of identity and personal data through innovation, standardization and good practice.

  • Strategic work by Board: 
    • New IPR policy ready for Board approval - includes a Non-Assert Covenant as the default IPR for new work
    • Portal tools & membership management tools review continues
  • Consent Receipt Specification approval vote was successful - posting and announcements now
  • UMA v2.0 nearly ready to bring Recommendations to LC for sending to all member ballot
  • BSC finalizing Report soon - Eve and Thomas cleaning up
  • IRM Draft Report soon - Andrew edited, now Sal and Ian need to fill in some information
  • eGov Draft Report soon - next in priority once we get others in queue
  • Fed Interop Draft Technical Specification soon - in working group phase now
  • Very strong interest in Kantara at recent conference events. Pitching the idea to form a group to develop good practice / requirements for Consent Management Systems; also Customer IAM systems. Continue to discuss with GEANT, Internet2, SUNET and others about creating common specifications and recommendations for assurance of digital identity.
New Business
WG/DG Updates

Administrative Reminders/Requests: Please ensure your WG and DG charters are reasonably current. These are supposed to be reviewed annually.

IRM WG

OTTO WG - May update is on blog. Draft documents for API, core vocab and open id connect are complete. working on SAML vocabulary out in the next week or two. One interesting item out of IIW, might make a case for fast feds to use auto vocabulary as a way to publish auto.

UMA WG

BSC DG

IA WG - updates are on the blog. releasing a new update on the wiki, submitted comments to NIST, working with IDESG on operationilizing the use of Kantara approval of a CSP

CIS WG - still working on V1 backlog items. working on what should go into version 1.1.

eGov WG

*Not much update to Board - won't have a written report.

Launching New WG/DG's
  • Consent and Information Sharing WG: 
    • New project to start soon: personal information data model to facilitate GDPR-related data portability requests (Iain Henderson)
    • New project to start soon: Ontology for personal data systems - to allow for personal information management systems to store and express information using a common ontology
Long-running Topics
Action Items Review

Please take a moment to review the list of action items and do your best to take action.

GDPR-Related Activities
  • Previous meeting notes:
    Identity-Consent-Data Control: Kantara's core - how to light it up? Cross-border data transfers: consent based? data portability? What do our members need an <audience> need to learn about? Poll: of these 5 topics, which ones would you work on? What does a <regulator> need to learn about or have
    greater awareness of that is needed to advance our members' initiatives? Data Ethics? CoCo / code of ethics? Consent directives / defaults?
  • Starting a group to work on 'GDPR Toolkit' - multiple WG participants
    • How do we get multiple WG together to design and build
    • Data control technologies can eliminate need for certain data protection requirements - that is the toolkit
    • Nymity?? GDPR toolkit is all clauses with annotations and checklists.
    • Technology is moving so fast, new technology means new risks
    • KI feels we have technology and practices that will be of use. Instead of requiring everyone to figure out Kantara, we should organize it in a way that people can look for it.
    • UMA legal group uses the GDPR toolkit phrase

Policies & Procedures update

New boilerplate templates for email ballots are being created.

First priority is templates for moving draft recommendations from WG Draft, through public review and on to all-member ballot.

This work is also driving review and update of Operations Procedures - both aligned to a new draft of Kantara Bylaws.

Andrew is working on an updated document template for Reports and Recommendations (this is what held up the docs mentioned earlier)

IPR Policy update

Notification message: http://kantarainitiative.org/pipermail/membership/2017-March/000002.html

Intellectual Property Rights policies are a strict requirement of Kantara for all Kantara work groups, discussion groups, and other work products.  This version 2.0 cleans up some editorial inconsistencies that arose with Kantara’s 2016 incorporation as a standalone organization with the Operating Procedures and the Bylaws.
New in this Policy Version 2.0 is inclusion of  an additional IPR Option requested by a significant number of members over the last 2 years - the Non-Assertion Covenant - an increasingly popular option in standards development organizations.  
Members have over time expressed a desire to converge on one IPR option, to allow separate Working and Discussion Group outputs to be later aggregated under this new Non-Assertion option, given that the identity management and personal data scope of Kantara's mission sees strong cross-Group connections and relationships as the outputs mature.  
The Non Assertion Covenant is indicated as the default option, but there is no obligation for a Working Group or Discussion group to choose it. Each Working and Discussion Group is entitled to choose the IPR Policy option that is most suitable for its work.  This email and announcement is an open invitation to comment. Kantara Initiative, Inc. is seeking to solicit feedback from all members on Kantara’s IPR policy.  The Board and staff thanks you for your continued support and welcomes any comments you may have.
Member Review Period:
The 45-day member review 2017-March-17 and ends 2017-April-30 at 23:59 Pacific Time.

The new draft IPR Policy v2.0 is available here:
http://contact.kantarainitiative.org/comment/KantaraInitiativeIPRPolicies_Draft_V2_0.pdf

The feedback period has concluded and the new IPR policy is going to Board of Directors ballot this month.

Tips and Tricks 
2017 Project Funding 
Document repo/Publications Library
  • Kantara has implemented a pre-download 'who are you' page for all document downloads, to gather some very basic information about who is interested in Kantara's work. Stats are being collected & will be shared at the Board and LC levels, probably monthly.
  • Top documents in April: IAF Overview and IAF Assurance Levels.
Kantara-presence Events

List of future events on KantaraInitiative.org

ISO/IEC JTC 1/SC 27 Plenary and Working Group MeetingsISO SC 27April 18-25, 2017Hamilton, NZ
Internet Identity Workshop #24 + pre-workshops + post-meetingsIIW 2017 AMay 2-4, 2017Mountain View, US
European Identity and Cloud Conference 2017EIC 2017May 9-12, 2017Munich, DE
Identity North 2017IDN 2017June 6-7, 2017Toronto, CA
Cloud Identity Summit CIS 2017June 19-22, 2017Chicago, US
EEMA Conference "Privacy v Identity"EEMA 2017July 4-5, 2017London, UK

** Not listed on Kantara site yet

AOB

Open discussion

Mike: Erasmus project - proposing a federation for first responders. What legal form would that take? What org would help provide the legal operations and governance for the organization. Internet 2 operates as LLC, would Kantara be interested in having and LLC or a separate nonprofit that operates this federation? Could be revenue generating - 65,000 first responders. How do you make sure that Kantara is not legally responsible? Looking at this to be also nonprofit. Federation serves the members. Timing - DHS is in July. Propose funding for phase 2, need ideas for how it would work and who would operate it. Could set up a light weight certification for the federation. Where to get the start up funding to staff it? Phase 2 has money associated with it. Trustmark as part of it. 93% of organizations are less than 100 employees. opportunities to work with Georgia Tech on trustmarks. Kantara could be third party verifier. June Board meeting will be face to face at CIS, add this to the agenda.

Action Items

  •  Add Federation for First Responders to agenda at June Board meeting - Megan