2018-02-22 IAWG Minutes

Attendees

Voting participants:

Jose Lopez, Zentry

Scott Shorter, Vice Chair

Ken Dagg, Chair

Richard Wilsher, Zygma 

Staff:

Colin Wallis 

Ruth Puente


Agenda

  1. Administration:
    1. Roll Call
    2. Agenda Confirmation
    3. Minutes approval:  2018-02-08 DRAFT IAWG Minutes   2018-02-01 DRAFT IAWG Minutes
    4. Action Item Review: action item list
    5. Organization Updates - Director's Corner
    6. Staff reports and updates
    7. LC reports and updates
    8. Call for Tweet-worthy items to feed (@KantaraNews or #kantara)
  2. Discussion

a. Refinement of CO-SAC IAF-1400 (non-material changes) and Repackaging into IAF-1410 and IAF-1420.

b. Risk Inventory Model

c. Next steps evaluating strengths of evidence

Discussion items


Quorum

IAWG Quorum has been updated, 5 of 8 voting members. 


Minutes Approval 

Motion to approve Draft Minutes of February 1st and February 8th was approved by MH and seconded by SS.


LC Update


Refinement of CO-SAC IAF-1400 (non-material changes) and Repackaging into IAF-1410 and IAF-1420.

  • RW explained that he took 1400 (the classic SAC) and restructured it, so the CO-SAC is in the new doc IAF 1410 and the OP-SAC is in the new doc 1420. 
  • KD pointed out that IAF 1400 was based on 4 levels of assurance, and the split only covers LoA 2 and LoA 3, so the new documents should cover the 4 levels as well.
  • RW commented that this Web Page tells you which criteria set applies to which classes of approval.
  • It was agreed that the web page of classes of approval need to be updated with these new documents (IAF 1410 and IAF 1420). 
  • As we will park IAF 1400, it was agreed that we should cover all LoAs (1-4) in 1410 and 1420.
  • JL commented that main customers use LoA 1 and LoA 3, only one customer uses LoA2.
  • It was agreed that RW will make the changes to IAF 1410 and IAF 1420 documents and then will be submitted to IAWG for approval.


Risk Registry

  • It was shared this document: CCopy of Int'l Mapping Worksheet Extract - Identity Proofing (27November2017).xlsx
  • SS explained that it is a NIST contribution to the ISO/IEC JTC 1 SC 27 Work Group 5, a mapping of different trust frameworks and their identity requirements at different levels. It is all risk driven and it is useful for comparing schemes.
  • He added that it is in the public international domain so we can use it. 
  • CW commented that the long term intention with this tool, is to use it as element for the project related to evaluating strenghts of evidence, which has been discussed within the TFS Sync.
  • SS commented that in the last TFS Sync (Feb 14) there was a discussion to find ways of consistency in evaluating evidence. He added that a Joint Working Group will be created to work on this topic and he will draft a charter and share it before the next Sync. 


Next Meeting: March 1st.