DRAFT HIAWG Meeting Minutes 2013-12-19

Kantara Initiative Health Identity Assurance WG Teleconference

DRAFT HIAWG Meeting Minutes

Date and Time

Date: Thursday, 2013 December 19
Time: 10:00 PT | 12:00 CT | 13:00 ET
Dial in: TurboBridge Conferencing

Health Identity Assurance Working Group Home Page

HIAWG Wiki Home

Agenda

  1. Administration:
    1. Roll Call
    2. Agenda Confirmation
    3. Meeting Minutes Approval: DRAFT HIAWG Meeting Minutes 2013-12-05
    4. Organization updates - Director's Corner
    5. Upcoming Events page: http://kantarainitiative.org/confluence/x/pYDWAw
    6. Report out from latest LC meeting
    7. Next HIAWG Meeting: January 2? January 9?
    8. Action Item Review
  2. Discussion
    1. Continuation of the discussion on the Feasibility Study work 
  3. AOB
  4. Adjourn

 Attendees

Participant Roster

As of December 3, 2013, quorum is 7 out of 12 voting participants.

Meeting did not achieve quorum

 

Voting
  • Andrew Hughes (V-C)
  • Bob Sullivan
  • Terry Gold
  • Ron Moser
  • Laurie Tull
  • Jerry Cox
Non-Voting
  • Brian Ahier
  • Scott Rea

Staff 

  •  
Apologies

Administration 

Minutes Approval

Minutes for approval: DRAFT HIAWG Meeting Minutes 2013-12-05

Motion to approve minutes of 2013-12-05: 

Seconded by: 

Discussion: 

Motion Carried  / Defeated / Carried with Amendments

Organization updates

Director's Corner

Upcoming Events page: http://kantarainitiative.org/confluence/x/pYDWAw

  • HIMSS has confirmed Kantara workshop space

Discussion

Next meeting: Tentatively cancel January 2, 2014 and hold off-week call if required.

HIAWG Deliverable

 

  Selected Background Information
    • Joni Brennan, David Kibbe, Lee Barrett, Pete Palmer, Andrew Hughes
The HIAWG will conduct research and analysis of the feasibility of optimization, harmonization, consolidation or merging of the policy, process and standards requirements, approval programs and associated assessment criteria related to IDP/V of individuals by Approved/Accredited CSP or RA organizations. The feasibility study report will present a small number of viable options and make recommendations to the boards of DirectTrust, EHNAC and Kantara Initiative for consideration and action.
"The overarching objective for the HIAWG work is to find ways to reduce financial and work burden on organizations seeking Approval under DTAAP, Kantara Initiative and FICAM TFS programs. By decreasing burden on our shared customers, DirectTrust, EHNAC and Kantara seek to increase the shared value of our respective programs."
  • HIAWG Participants agreed that: Starting with analysis of the RA Assessments and program processes is worth doing.
  • To get the Feasibility Study work kicked off fast, discussed getting the 4 or 6 primary roles represented: (expert in Approval/Assessment Programs as related to IDP/V; expert as Assessed entity as related to IDP/V) for each of (EHNAC/DTAAP/DirectTrust; Kantara; Federal Bridge CA)
  • Primary contributor assignments below (of course everyone on the call has experience in many boxes, but to keep things efficient it would be helpful to focus on one in the early content rounds):
    • Jerry Cox: familiar with Federal Bridge CP Identity Proofing processes
    • Rich Furr (as Verizon): can provide the Verizon perspective for Kantara Assessee 
    • Peter Alterman (as Kantara Assurance Review Board member): can take on the Kantara Assessment Program front
    • Ron (as EHNAC assessor): DTAAP assessor role
    • Pete (as Medallies): DTAAP Assessee
    • Pete as Relying Party 
    • SAFE BioPharma is there for the FBCA processes if we need to align there too


  • Terry - call for volunteers
  • Jerry - CP WG - just approved a new PKI CP
    • The ID Proofing is the same between FBCP, DT, FICAM at LOA3
    • His goal is to get a statement that if a PKI has been approved by the FBCA, then DT/EHNAC can accept it
  • ACH - what is the mapping exercise? Map the Assessment results? Map the Approval to the Assessment? Approval to Approval?
  • Jerry - when an entity goes to FBCA they do a mapping exercise of their policy to the FBCA policy requirements
    • We need to map the IDP/V process/criteria as defined by FBCA, DirectTrust, FICAM non-PKI
  • Scott - FBCA is more restrictive than others
  • For HealthCare providers they need to leverage other process approvals
  • Scott - DT is not exclusively focused on PKI (yes for Direct Addresses). 
    • They also do registration of people to the HISPs - this is very FICAM/Kantara-like
  • Healthcare customers must get DTAAP/EHNAC
    • To make it easier for them, we should map onto those processes
    • Need 2 mappings to occur - need to map the PKI portion of DT policy to FBCP; need to map process side
    • Keep in mind that in the DT framework even though there is RA Accreditation- it must be connected to the CA part
  • Healthcare application providers under DEA rules - can use credential Federal Bridge Approved PKI provider or FICAM non-PKI provider
    • but when that organization using the application goes for DTAAP/FICAM they need to go through an assessment again
  • Options:
    • DirectTrust to cross-certify with FB - might not work because DT does things the FB does not allow
    • Take FB IDPV requirements piece only and map those to the DT requirements
      • Then DT could say that when an entity has gone through the FBCA/FICAM assessment, those sections can be excluded
  • Bob: can we set up a metric to tell if we are making progress?
    • Could we just measure how much people are spending to get through this? If first costs X and second costs X-Y ? This would give us information on possible approval program structures. Be assertive on asking the questions. Hours or Dollars - measurable.
    • How many entities are out there? 10 or so that might want Federal Bridge, 1000's for DirectTrust, 100's for Kantara
      • Dr. Kibbe should be able to extrapolate for RA numbers - ACTION: Terry 
      • Andrew to ask the question of Kantara
  • Jerry - can take the DirectTrust Section 3 and and Federal Bridge CP Section 3
  • DirectTrust CP was originated as FB Medium - so there are unlikely to be many differences...
  • It would be useful to take the FBCA process and do a side-by-side comparison to DirectTrust process


AOB

 

Attachments

 

Next Meeting

DateThursday, 2014 January 16
Time: 10:00 PT | 12:00 CT | 13:00 ET
Dial in: TurboBridge Conferencing