DRAFT IAWG Meeting Minutes 2017-04-27

Owned by Former user (Deleted)
Apr 27, 2017
3 min read

Kantara Initiative Identity Assurance WG Teleconference

DRAFT Meeting Minutes - IAWG approval required

Date and Time

Agenda

  1. Administration:
    1. Roll Call
    2. Agenda Confirmation
    3. Minutes Approval: <<<Link to minutes goes here>>>
    4. Action Item Review: action item list
    5. Organization Updates - Director's Corner
    6. Staff reports and updates
    7. LC reports and updates
    8. Call for Tweet-worthy items to feed (@KantaraNews or #kantara)
  2. Discussion
    1.  
  3. AOB

 Attendees

Link to IAWG Roster

As of 2017-03-16, quorum is 4 of 8 (see list box below for voting members)

Use the Info box below to record the meeting quorum status

Meeting (did / did not) achieve quorum

Voting

  • Adam Madlin
  • Ken Dagg
  • Scott Shorter
  • Denny Prvu
  • Richard Wilsher
  • Andrew Hughes

Non-Voting

  •  Mark Hapner, Resilient Networks

Staff

  •  Ruth Puente

Apologies

  • None

Notes & Minutes

Administration 

Minutes Approval

Motion to approve minutes of 2017-04-20: Andrew Hughes
Seconded: Denny Prvu
Discussion: Denny remarks that he will be the scribe next week.
Motion Carried 

Action Item Review

  • Andrew reports on the internet2 global summit. Meeting between internet2, REFEDS/GEANT, InCommon and Kantara, to talk about work that all the trust frameworks are doing on identity assurance frameworks. 
    • Kantara and IAWG are trying to handle 800-63 and the impact on the assessment program, CSPs and assessors.
    • REFEDS and InCommon are doing new minimal assurance profiles for their schemes.
    • Good discussion all around. Organizations are all working on the same things, even if the particular activities look different.  Identity proofing, credential management, assertion management and security.
    • Assurance Levels from RP point of view is like a risk tolerance level, whereas from the CSP point of view they are a form of bundling capabilities to line up with RP's expectations.
    • What risks should be considered when thinking about identity assurance - what's a catalog of risks to consider as an RP?  What's an atomization of discrete statements that describe CSP functions and how they map to those risks.  GEANT has a good start on this approach - they have 12 capabilities identified, needs extension but looks good now.
    • Andrew will write up a report on this once meeting participants give feedback on meeting notes 

Staff Updates

Director's Corner (Link)
  • Mapping of Identity Assurance Framework to IDEF - initiated by IDESG and reviewed by IAWG. Finishing touches, getting operational side sorted. Created a straw man MOU, had a conference call with IDESG. They were comfortable with the strawman and an annex showing what each party would have to do in order to onboard after testing into the IDEF registry. IDESG will review MOU.   We should see it completed by the end of May, beginning of June.
  • Folks should be receiving an emailed Kantara newsletter soon
  • Reminder about the ISO liaison subcommittee activity.  We should be monitoring updates to 29003, as well as privacy controls (27552). 29115 continues in its current state for now.
  • Colin met GSA to discuss 800-63-3. Looks like this final round is the final round, June may be the time for a final document. Aspects are dependent on what GSA gives to the FICAM trust framework solutions folks. We should get an indication of that by the end of august.    We may need to meet a template that GSA provides in August.  IAF.next and the GSA FICAM will be a profile.
LC Updates
  •  
Participant updates
  •  

Discussion

Discussion of comments on 800-63-3

Review of the draft of consolidated comments.

AOB

Attachments

 

 

Next Meeting

  • Date: Thursday, yyyy-mm-dd
  • Time: 12:00 PT | 15:00 ET
  • Time: 12:00 PDT | 15:00 EDT