Kantara Initiative Identity Assurance WG Teleconference

Date and Time

• Date: Thursday, 2017-MM-DD
• Time: 12:00 PST | 15:00 EST (time zone calculator)
•  Please join the meeting from your computer, tablet or smartphone. https://global.gotomeeting.com/join/380672837  
  •  You can also dial in using your phone.  United States: +1 (312) 757-3119  (more phone numbers) 
  •  Access Code: 380-672-837  

Agenda

1. Administration:
   
   1. Roll Call
   2. Agenda Confirmation
   3. Minutes Approval: <<<Link to minutes goes here>>>
   4. Action Item Review: action item list
   5. Organization Updates - Director's Corner
   6. Staff reports and updates
   7. LC reports and updates
   8. Call for Tweet-worthy items to feed (@KantaraNews or #kantara)
2. Discussion
   
   1.  
3. AOB

 Attendees

Link to IAWG Roster

As of 2017-03-16, quorum is 4 of 8 (see list box below for voting members)

Voting

• Adam Madlin
• Ken Dagg
• Scott Shorter
• Denny Prvu
• Richard Wilsher
• Andrew Hughes

Non-Voting

•  Mark Hapner, Resilient Networks

Staff

•  Ruth Puente

Apologies

• None

Notes & Minutes

Administration 

Minutes Approval

• DRAFT IAWG Meeting Minutes 2017-04-20

Motion to approve minutes of 2017-04-20: Andrew Hughes
Seconded: Denny Prvu
Discussion: Denny remarks that he will be the scribe next week.
Motion Carried 

Action Item Review

• Andrew reports on the internet2 global summit. Meeting between internet2, REFEDS/GEANT, InCommon and Kantara, to talk about work that all the trust frameworks are doing on identity assurance frameworks. 
  • Kantara and IAWG are trying to handle 800-63 and the impact on the assessment program, CSPs and assessors.
  • REFEDS and InCommon are doing new minimal assurance profiles for their schemes.
  • Good discussion all around. Organizations are all working on the same things, even if the particular activities look different.  Identity proofing, credential management, assertion management and security.
  • Assurance Levels from RP point of view is like a risk tolerance level, whereas from the CSP point of view they are a form of bundling capabilities to line up with RP's expectations.
  • What risks should be considered when thinking about identity assurance - what's a catalog of risks to consider as an RP?  What's an atomization of discrete statements that describe CSP functions and how they map to those risks.  GEANT has a good start on this approach - they have 12 capabilities identified, needs extension but looks good now.
  • Andrew will write up a report on this once meeting participants give feedback on meeting notes 

Staff Updates

Director's Corner (Link)

• Mapping of Identity Assurance Framework to IDEF - initiated by IDESG and reviewed by IAWG. Finishing touches, getting operational side sorted. Created a straw man MOU, had a conference call with IDESG. They were comfortable with the strawman and an annex showing what each party would have to do in order to onboard after testing into the IDEF registry. IDESG will review MOU.   We should see it completed by the end of May, beginning of June.
• Folks should be receiving an emailed Kantara newsletter soon
• Reminder about the ISO liaison subcommittee activity.  We should be monitoring updates to 29003, as well as privacy controls (27552). 29115 continues in its current state for now.
• Colin met GSA to discuss 800-63-3. Looks like this final round is the final round, June may be the time for a final document. Aspects are dependent on what GSA gives to the FICAM trust framework solutions folks. We should get an indication of that by the end of august.    We may need to meet a template that GSA provides in August.  IAF.next and the GSA FICAM will be a profile.

LC Updates

Participant updates

Discussion

Discussion of comments on 800-63-3

Review of the draft of consolidated comments.

AOB

Attachments

Next Meeting

• Date: Thursday, yyyy-mm-dd
• Time: 12:00 PT | 15:00 ET
• Time: 12:00 PDT | 15:00 EDT