TFS Monthly Sync – Draft Meeting Notes

Wednesday, June 14, 2017

Attendees

Ken Dagg, IAWG Chair

Erick Runeson, NIXU

James Clark, ARB member

Jeffrey Tackes, USPS

Lee Aber, ID.me

Ray Kimble, KUMA

Mark Hapner, Resilient

Russ Weiser, Zentry

Bradley Owens, Deloitte

Nathaniel Jones, Deloitte

Scott Shorter, KUMA

Andrew Hughes, LC Chair

Kathy Massucci, Symantec

Boris Konrod, Athenahealth

Scott Perry, Scott Perry

Steve Bowen

Denny Prvu, IAWG Secretary

Richard Wilsher, Zygma

Leif Johansson

Matt Muller, Inflection Risk Solutions

Kurt Zander, Zentry

Mike Garcia, NIST

David Temoshok, NIST

Chi Hickey, FICAM

Peter Alterman

Tom Barton, Incommon

Kevin Morooney, Incommon

Colin Wallis, KI

Ruth Puente, KI

Incommon Update

It was published the standard for the multifactor authentication interoperability profile. An Incommon WG developed this profile and it had a global process under REFEDS.
The 2 assurance profiles, which are responsive of research and education organizations needs and concluded the consultation process.

Kantara Update

FICAM Update

Working on certification and updating procedures for the trust services program. They merged PKI and TFS Programs in the documentation.
The SoP is under final internal review and it may be ready for community feedback by middle of July. They are incorporating the changes suggested by OMB and NIST.

NIST Update

800-63-3 is in final internal review process and extremely close to final release. The implementation of the new guidelines is one year after its publication date.

Open mic

It was commented that 800-63-A does not list what would be fair evidence, such as credit card or other items that will constitute acceptable evidence. It was pointed out that we also should consider what the solution is capable of validating.

TFPs should work on the list of acceptable evidence to comply with FICAM requirements.
NIST commented that agencies should be doing the necessary to balance minimization of data. Definition of attributes is not NIST responsibility. It was stressed that NIST role is to provide characteristics of acceptable types of evidence but not state them.
FICAM clarified that they would not define those bundles; they will revise and evaluate the TFPs proposals on how and why certain artifacts will ensure compliance with 800-63-3.

Browser not supported