LC telecon Notes 2013-01-23

Call not at quorum

LC telecon 2013-01-23

Date and Time

Agenda

  1. Roll Call
  2. Approve Minutes: LC telecon Minutes 2013-01-09
  3. Administration:
    1. Executive Director report
    2. Action Item Review
    3. Quarterly Reports
    4. LC Chair, Vice-Chair, Secretary nominations - update
    5. Update on open All-Member Ballots
      1. IAF document set
      2. At-Large BoT seats
  4. Discussion and Votes
    1. Kantara 2013 Roadmap and Business Planning
    2. Proposed group: Cloud Best Practices Network Work Group
    3. Subscriber vs Member
  5. WG Updates - 2013 plans
  6. BoT Liaison Representative Update
  7. AOB
  8. Adjourn

Attendees

  • Pete Palmer - HIAWG
  • Colin Wallis - eGov
  • Ingo Friese, Jonas Hogberg - Telco Identity

Guest

  • Neil McEvoy

Quorum is 6 of 10 as of 06 June 2012.

Staff:

  • Joni Brennan
  • Andrew Hughes
  • Heather Flanagan (scribe)

Apologies:

Minutes & Notes

MotionIDMotionMovedSecondDiscussion / ObjectionStatus
      

Executive Director report

  • Sponsorship Opportunity - a hospitality night "Non profits on the loose" at RSA, put together by National CyberSecurity Alliance, Tech America, and AntiPhishing Work Group; they have asked Kantara to be a partner; Joni is looking for partners to participate in this opportunity at $1000 for up to 5 participants (normally it is a $5000 USD buy in); could break this up other ways if there are more interested participants
    • the sponsors do not need to be non-profits, nor do they even need to be Kantara members
    • will need to time box this since we cannot commit Kantara dollars at this time
    • Please contact Joni if interested

Action Item Review

Action

Assigned To

Status

Description

Comments

20120530-04Patrick Curry, Colin Wallis, Joni Brennan, Ken DaggIn ProgressCome up with first pass of industry classification and Venn diagramAdded: Sal D'Agostino, Andrew Hughes, Rainer Hoerbe
20121107-01Pete Palmer, Heather FlanaganOpenWork with WG chairs for quarterly reports update.All overdue WG and DG chairs notified
20121107-02Heather Flanagan, Joni BrennanCompleteNote to insert link to BoT 2012-11-01 minutes once they are up in draft.Completed 19 Dec 2012
20121219-03Heather FlanaganCompleteVerify whether the By-Laws allow for a non-LC KI member to act as LC-BoT liaisonPosted to LC list 21-Jan-2013
20121219-04Heather FlanaganIn ProgressCreate a zip file of all current, normative documents in the IAFWill complete after Ballot has concluded
20121219-05Heather FlanaganCompleteSend out the IAF documents for an All-Member BallotSent to all 14-Jan-2013
20121219-06Heather FlanaganCompleteSend an email framing the Subscriber vs Member issue to the LC list for discussionSent to LC 21-Jan-2013
A-20130109-01Heather FlanaganCompleteAdd election timing to LC RosterSee Roster

Discussion of Action Items

Quarterly Reports

See Quarterly Reports

Reminder sent to LC list re: Quarterly Reports

Nominations

  • FIWG Chair open for nomination
  • IAWG ViceChair open for nomination

Discussion

Proposed group: Cloud Best Practices Network Work Group
  • the name should be the Cloud Identity and Security Best Practices Work Group
  • started talking about this over about a year ago, but with work schedules had to put it on the back burner for a few months
  • A few highlights
    • also helping launch a UTC in OASIS - Cloud Computing, Open Standards and Best Practices
    • for some recent developments, Neil has been invited to talk to the GSA Cloud Computing group to talk about the common issues in this space
  • Comments
    • looking for a succinct way this could be positioned for LC members: it is Kantara identity assurance and interop certifications on an IDaaS
    • how does the OASIS group differ from Kantara? - OASIS is focusing on all aspects of cloud computing, and embedded the role of Kantara to focus on specifically on the identity issues
    • Several industry leaders in security and cryptography are partnering at the OASIS open standards consortium to update and enhance the PKCS #11 standard: RSA/EMC, SafeNet, Thales, SecureAuth, Cryptsoft, Athena Smartcard, HP, Oracle, Quintessence Labs, Bloomberg, and University of Auckland.  Surescripts is invited to contribute technical requirements and design through participation in the OASIS Technical Committee.  Where does this fit in with other initiatives?
      • the other initiatives are all general, and PKCS are to package them for government implementation so they can be audited against specific compliance
    • in Section 4, is there an additional item that might be worthwhile? maybe an assessment template to provide to auditors?  How would you go about assessing a cloud provider?
      • Kantara would basically form the identity piece of the overall assessment template needed in this space
    • Are there any IDaaS providers interested in this, or is this presuming a business?  there are early adopters such as Verizon already in the market, and others are expected to follow; as soon as there are procurement templates, more will follow
    • Are you aware of the OASIS DSS-X standard that could enable digital signing in the cloud?  the IAF currently does not envision the use of of a non-PKI LoA 3 credential to authenticate for the use of a signing key in the cloud.  Would your new effort provide guidance for this in the future?

      • yes, they would be a clearing house for all the OASIS standards
    • Next steps are for HF to send out an e-ballot to the LC list, including the notes from today's LC call
Kantara 2013 Roadmap and Business Planning
Subscriber vs Member

WG Updates

BoT Liason Report

AOB

New Action Items

Action

Assigned To

Description

Comments

A-20130123-01Heather FlanaganSend out an e-ballot for the creation of the CloudIDSec WG 
    
    

 

Next meeting

Date: Wednesday, 30 January 2013 - Strategy call; 06 February 2013 - Admin Call

Time: 13:00 PT | 16:00 ET | 21:00 UTC (time chart)

Call-in toll-free number: 1-866-203-0920

Call-in number: 1-206-445-0056

  • Conference Code: 5423695925#

International Dial-In Numbers