LC telecon 2012-12-12 - Strategy Call

 

LC Strategy Call 2012-12-11

Date and Time

Agenda

  1. Discussion
    1. Kantara and L0A 4
    2. The Big Picture
      1. The relationship of the various groups/entities within Kantara -- e.g., the IAWG, P3WG, AOB, BoT, eGOV, CSPs etc. - and how they all fit together (and who might not yet be included, or intentionally excluded, such as RPs)

      2. The other is the relationship of the various work products (either existing, contemplated, or expressly excluded) and how they all fit together (in other words, what piece of the identity ecosystem is Kantara creating -- e.g., with the IAF -- and how does it relate to the rest of the ecosystem)

  2. AOB
  3. Adjourn

Attendees

  • Andrew Hughes
  • Allan Foster
  • John Bradley
  • Colin Soutar
  • Colin Wallis
  • Sal D'Agostino

Staff:

  • Joni Brennan
  • Heather Flanagan (scribe)

Apologies:

  • Patrick Curry

Notes

Discussion

Notes from LC Admin call:

Add to the Strategy discussion: Do we move away from LoA1? Do we look to supporting LoA4?

  • LoA4 work would require approx $30K of doc updates (including incorporation of 800-63); still looking for funding
  • Look for potential funders - bring this up on the LC strategy call
  • LoA4 = hard tokens
  • What is already done for the US Federal Bridge? Some potential US customers who are already certified may not see the need; LoA4 may be of more interest in the international space

Notes from Patrick Curry to LC mail list 12-Dec-2012:

KI to support LoA 3 and 4 was discussed at the ABA US & EU Legal workshop Mon/Tue, run by Tom Smedinghoff and with many key US/NSTIC players.  Point well noted by all.  However KI will need to work with EU on this, and also on the new multinational cyber situational awareness initiative kicking off in Feb, which also includes NATO and the EU External Action Service (just below the President and above the Commission).  There is a possibility that KI could be used by other governments too to certify TTPs, but much shaping work needs to be done - just reusing NSTIC and FICAM products won't work.  However, the wheels are in motion and the opportunities are good.

(John) The Service Assessment criteria covers L3 and L4, but everyone wants their own "flavor" which might be what Patrick is talking about; these are often credentials governments issue to themselves, and so each government has something different involved; there are probably bigger fish to fry before we get to this, and the market itself for this kind of certification program is unclear

(Joni) context: the IAF is about to go out for a recommendation vote, then one of the next sets of changes will be updating the IAF against the latest revision of 800-62-1 and possibly -2; there are some realignments that need to happen with that next NIST version (particularly around LOA4); there is not a well orchestrated L4 in Europe

(ColinW) so, summary, we are not opposed in principle, but until there a market pressure to do this we won't spend much time on this; waiting for a business case to emerge

(Joni) maybe there is an opportunity for Kantara and BBFA to convene the discussion? willing to hose a venue where business cases could be brought forward

(John) higher priority is the lower LoA where is a stronger desire for interoperability, and (Joni) we are already in that track

 

The Big Picture

  1. The relationship of the various groups/entities within Kantara -- e.g., the IAWG, P3WG, AOB, BoT, eGOV, CSPs etc. - and how they all fit together (and who might not yet be included, or intentionally excluded, such as RPs)

  2. The other is the relationship of the various work products (either existing, contemplated, or expressly excluded) and how they all fit together (in other words, what piece of the identity ecosystem is Kantara creating -- e.g., with the IAF -- and how does it relate to the rest of the ecosystem)

(Joni) some of this came out of the F2F in Crystal City, in terms of having some clear management structure and clear understanding of who is working on what, and how they are contributing to a larger pictures; good to look at overview slide deck; it's a disjointed visual approach, but what it doesn't show is how operationally how they work together and where the lines are; a conceptual model kind of what Andrew had up at the F2F

(ColinS) would be useful to get pen on paper and something for the larger group to discuss - volunteers for a small team to start on? this might also be useful to the NSTIC IDESG to encourage them not to reinvent this wheel

  • Volunteers: Andrew, Joni (as an advisor), ColinS, Sal D'Agostino, let's ask Ken Dagg also - to schedule something for January (prior to the next Strategy call)

(Andrew) have any other WG started discussing group roadmaps for 2013?  IAWG is to work on this, no one else has chimed in

AOB

  • Reminder: Meeting schedule = Admin Call Dec 19, no call Dec 26 and Jan 2, Admin Call Jan 9, Strategy Call Jan 16

Next meeting

  • Date: Wednesday, 19 December 2012 - Strategy call
  • Time: 13:00 PT | 16:00 ET | 20:00 UTC (time chart)
  • Call-in toll-free number: 1-866-203-0920
  • Call-in number: 1-206-445-0056
    • Conference Code: 5423695925#
  • International Dial-In Numbers