Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

Attendees:

Voting Participants: Ken Dagg, Martin Smith, Mark Hapner, Mark King, Richard Wilsher

Non-voting participants: Roger Quint, Varun Lal, Chris Lee, Jimmy Jung

Staff: Kay Chopard

Agenda:

  1. Administration:
    1. Roll Call and quorum determination
    2. Agenda Confirmation
    3. Minute approval (DRAFT minutes of 2021-08-12)
    4. Staff reports and updates
    5. LC reports and updates
    6. Call for Tweet-worthy items to feed (@KantaraNews)
  2. Discussion 
    1. Finalize proposed criterion language regarding "comparable alternative controls."  
    2. Finalize proposed text (if any) regarding use of "presentation attack detection" (PAD.) 
    3. Confirmation of other non-substantive changes to criteria to be included in the package to be submitted.
  3. Any Other Business and Next Meeting Date

Meeting notes: 

Administrative items:

IAWG Chair Ken Dagg called the meeting to order at about 1:04PM (US Eastern), and called the roll. It was noted that the meeting was quorate. 

Minutes approval:  Mark King moved approval of the draft Minutes of the IAWG meeting of Aug 12 . Richard W. seconded. The minutes as distributed were approved unanimously.

Staff reports and updates: ED Kay Chopard–New APM Lindsie Adams, starts next week on Monday. Hope she will be on next call. Invite anyone to offer suggestions re: any Kantara issues.   

LC reports and updates:  Ken – LC met yesterday. Discussion of appropriate scope of activity of Kantara WGs, DGs. Results to be communicated when finalized. 

Ken  reminded WG participants that Kantara staff is ready to help them publicize their newsworthy activities via the @KantaraNews Twitter handle. Requests can be sent to Ken D or Kay C.

Discussion:


Finalize proposed criterion language regarding "comparable alternative controls."  

Ken invited Richard W. to comment. Thinks "make available" discussion last week was off-target. "MA" has been used for a long time, not caused a problem. Don't tell them how. 

martin – need to send an alert, per David. 

Richard-- can't make the RP do something. 

Other things we might do: now require statement of criteria applicability; might also require that used of CAC is "mentioned" at least in their published discussion. 

Ken: should we add to the criterion that RP acknowledge receipt.?

JJ - not possible or effective – won't read.  But if KI provided notice we would have done all we can, 

Ken :  OK with everyone to go with "no change"

JJ: can we put in "Notes": comment that we (KI) are going to publish fact of CAC.  If we do something unusual, we need to make sure they know about it. 

RW:  maybe mod language to make avail : publish how you determined CAC and config requirements to make sure it is CAC. Fact of use in S3A could be noted. 

Ken: with that add-- is group OK? 

Mark H: Ok with current language but CAC is so poorly defined in 63-3 hard to understand how an assessor should proceed. 

RW:  did try in sub-clause a-c to add some specificity.

MH:  still uncomfy, but don't see what else we can do. 

RW:  without NIST risk assessment, how can assessor establish "comparable."? Difficult situation. 

KD: asks for motion to approve language for the package:  KD, MH

KD: approved. 














Finalize proposed text (if any) regarding use of "presentation attack detection" (PAD.) 



Confirmation of other non-substantive changes to criteria to be included in the package to be submitted.



Other Business:

Next Meeting: August 26 to finalize the criteria change package for submission to Kantara review. 

Ken adjourned the meeting at about 1:51PM US Eastern. 




  • No labels