Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 6 Next »

Attendees:

Voting Participants: Ken Dagg, Martin Smith, Richard Wilsher, Mark Hapner. 

Non-voting participants: Jimmy Jung, Jeremy Haines Pradeep, Rohan Pinta , Roger Quint, Blake

Staff: Kay Chopard,  Ruth Puente

Quorum: There was quorum.


Agenda:

  1. Administration:
    1. Roll Call
    2. Agenda Confirmation
    3. Minute approval (DRAFT minutes of 2021-06-03)
    4. Staff reports and updates
    5. LC reports and updates
    6. Call for Tweet-worthy items to feed (@KantaraNews)
  2. Discussion
    1. Consideration of 'comparable alternatives' - See: https://groups.google.com/g/idassurance/c/GIGLjValdg4
    2. Australian Digital Identity Legislation Consultation Phase 2 - See: Public consultation on Australia’s Digital Identity legislation
    3. Proposal for a Regulation of the European Parliament and of the Council amending Regulation (EU) No 910/2014 as regards establishing a framework for a European Digital Identity. See: https://digital-strategy.ec.europa.eu/en/library/trusted-and-secure-european-e-id-regulation
    4. d. Component Service Consumer criteria.

Meeting notes: 

Administrative items:

IAWG Chair Ken Dagg called the meeting to order at 1:05PM (US Eastern), and called the roll. It was noted that the meeting was quorate. 

Agenda confirmation:  Ken noted that the order of Discussion items had been changed from the original meeting announcement to accommodate the "comparable alternatives" item that is believed to be of current interest to CSPs.

Chair comments: Ken welcomed the new Kantara Executive Director (ED), Kay Chopard, and invited her to introduce herself. Kay said she is very impressed with the variety of important work being done in Kantara and specifically in the IAWG, citing today's full agenda as an example. She has so far been fully occupied with learning how Kantara operates and meeting people in Kantara and from other organizations interested in working with us, but she looks forward to contributing to the substantive work very soon. She called out particularly the assistance Ruth Puentes has been providing to support a quick and smooth transition.  She invited meeting participants to reach out to her at kay@kantarainitiative.org.  

Ken noted that Ruth is also transitioning, to a new position at another organization, as of July 1.  He congratulated her but also expressed how important she has been to maturing Kantara's Information Assurance Program during her 9-year association with us. He also thanked her for her excellent support of the IAWG. Richard Wilshire added that she has been a "great accomplice." Kay commented that finding a new Information Assurance Program Manager (IAPM) is one of her highest priorities, and that she is currently evaluating several candidates. 

Ken added that pending a new IAPM's getting up to speed the WG will be on its own for administrative support and is in need of a volunteer Secretary to prepare Minutes. He emphasized that responsibility does not require a great deal of time and invited IAWG participants to contact him if they might be able to step up. 

Minutes approval: Mark Hapner moved approval of the the draft Minutes of the IAWG meeting of June 3; Eric Thompson seconded.  The Minutes were approved unanimously, as written.   

Staff reports and updates: Ruth Puentes reported that the assessment program is quite active and she anticipates approval of 4 or five new SPs over the next two months. 

LC reports and updates:  Ken said the LC has approved a very substantive report on mDL Privacy, which is now in the publication pipeline. He believes the report will be very influential because it documents a number of significant privacy issues that mDL solutions will have to address. 

Ken reminded WG participants that Kantara staff is ready to help them publicize their newsworthy activities and via the @KantaraNews Twitter handle. 

Discussion:

Consideration of 'comparable alternatives' - See: https://groups.google.com/g/idassurance/c/GIGLjValdg4

Ken asked Richard Wilshire to introduce the topic and provide background. Richard reported that a US Federal agency has asked how Kantara would handle its using a CSP implementing a "compatible alternative" to the IA controls included in 800-63-3.  He said Sec 5.4. does allow US Federal agencies to use "comparable alternatives" and provides some guidance on how that would be done. Richard suggested that KI might perform an assessment of a service that used an alternative control, but he feels that Kantara can't take on determination of what is  "comparable." He shared draft language for an approach to this issue Kantara might take. Richard further reported discussion of this issue with David Temoshok of NIST. He said David strongly discouraged KI involvement in assessing these alternative controls; he further believes use of such alternatives would only be appropriate to address a use-case unique to one agency. and that sign-off for use of an alternative control would have to be made at the agency executive level, i.e., by the CIO.  

Blake ?? 


IbLAKE – D.Me – thinks this is DOL, trying to use expired DLs. Hopes to service this requirement. THinks maybe ReaLid COULD BE ACCEPTABLE. 

eRIC tHO,MPSON AGREES THAT ALTERNATIVES SHOUDL BE ok, NOT EVERYONE HAS id

Ken:  2 issues:  gaping hole in rev 3; "comparable" process. 

Roger Quint: what are we trying to accomplish? Is this a general strategy for addressing exceptions? Need to avoid getting KI in the middle of hard determinations. 

The remaining agenda items were deferred to the next meeting due to time limitation:

b. Australian Digital Identity Legislation Consultation Phase 2 - See: Public consultation on Australia’s Digital Identity legislation
c. Proposal for a Regulation of the European Parliament and of the Council amending Regulation (EU) No 910/2014 as regards establishing a framework for a European Digital Identity. See: https://digital-strategy.ec.europa.eu/en/library/trusted-and-secure-european-e-id-regulation
d. Component Service Consumer criteria.


Mark Hapner: 

SOCA:  applicable

(Pete Eskew. leaves) 

Chairman Dagg called time on the discussion as 2:59PM.  He characterized the discussion as very useful and stated that Kantara will need to settle on an approach soon.  He confirmed that the WG will meet next week to continue this discussion and, if possible, address other issues on today's Agenda. 

Next Meeting: Next Thursday, July 1 at 1PM US Easternl

  • No labels