HIA WG Concall 2011-09-15 Minutes

Kantara HIAWG Teleconference

Date and Time

  • Date: Thursday, September 15, 2011
  • Time: 10am PST | 1pm EST | 5pm UTC | 7pm CEST (Time Chart)

Attendees

  • John Fraser
  • Anna Ticktin
  • Bob Pinheiro
  • Laurie Tull
  • Dan Combs
  • Pete Palmer
  • Dazza Greenwood
  • Daniel Bennett
  • Lara Zimberoff

Agenda

  1. Intro
    1. Roll Call
    2. Approval of Minutes
  2. Update on IAF acceptance by FICAM, ONC AND NSTIC
  3. PIDS Document (draft) 0.8
    1. Review
    2. Edits and input by Thursday, 9/22
  4. Next Steps
    1. 2012 budget request for LC for PIDS
    2. Discussion for Launch PIDS 1.5
    3. Participation Commitments
  5. Other Business
  6. Adjourn

Minutes

1. Intro

a. Roll Call: See above

b. Approval of Minutes: Tabled until next meeting, call not in quorum.

2. Update on IAF acceptance by FICAM, ONC AND NSTIC

Pete Palmer: Update from NSTIC – they are of the opinion that we should recommend that any ID providers promote the assessment program. We can point to identity providers or at least the assessors program. Getting audited and being in compliance with the Kantara identity assurance framework will be sufficient. I’m not sure what the next steps are with that but that is what will be documented at the NSTIC level.

John Fraser: Pete, please clarify - IAF is a Kantara Initiative, but what does acceptance mean?

Pete Palmer: One of the missions of our WG is to promote the Kantara Identity Assurance Framework within the healthcare industry. The idea then is that an HIE or federated entity receives digital IDs from a provider that is Kantara compliant, those agencies can be trusted by the federal government.

Dazza Greenwood: What’s the status?

Pete Palmer: FICAM went from provisional to official acceptance.

Dazza Greenwood: are there any service providers that have been assessed against the Kantara IAF?

Pete Palmer: No, but we are going to take this decision and really promote that providers get assessed.

Discussion about press release announcing this news.

3. PIDS Document (draft) 0.8

Daniel Bennett : Addressing Bob Pinheiro’s comments – re: OpenID and Bob’s comments about credentials. OpenID is not equivalent to a user ID and password. It can include high level assurance credentials and I just wanted to make that clear.

Dazza Greenwood: OpenID is a method of identifying a person. There is a password associated with the OpenID, but if you read the specifications, a password is not required. PKI or biometrics could be used. What we’ve done in the architecture is delink the credential and allowed for the enrollment aspect to be delinked as well. The enrollment can happen at points or the credential authentication provider. In that case, the enrollment would be bound back to the PIDS ID.

There’s another model where you have a high assurance credential that’s been issued by a non-relying party that could be bound to a PIDS account and leveraged by a relying party. That’s a bit more complex because the relying party needs to understand how to accept the non-relying party credential. This is another way to leverage high assurance credentials.

John Fraser: next steps – input on PIDS document. What are your thoughts about adding details about technical architecture?

Dan Combs: We do have some more work. Some technical detail needs to be added so people can understand the technology from a high level, and we’ll take special notice of dealing with OpenID. We’re planning on have a 0.9 available for the next call, and hopefully a 1.0 by next month.

John Fraser: A note should be sent to the list serve about that schedule and feedback should be encouraged.

4. Next Steps

Pete Palmer: PIDS presented to LC yesterday, definitely made the case for how important the project and Kantara sponsorship is. WG needs to submit a formal request for funding. We estimated that for phase 1.5 we’d need about $100,000 which we realize would be excessive. The LC makes the recommendation for the dollar amount which goes to the Board of Trustees and its treasurer. The requests to the LC are due by 9/30. My recommendation would be to request 20k with no conditions, and would accept an offer of 10k if Kantara agrees to match 10k if we are able to raise the additional 10k ourselves.

Group agrees to Pete’s recommendation, Pete will complete justification.

5. Other Business

None

6. Adjourn

Next Meeting

  • Date: Thursday, October 13, 2011
  • Time: X PDT | X EDT | X UTC (Time Chart)
  • Dial-In: +1-201-793-9022
  • Code: 4630912