Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Attendees:

Voting Participants: Ken Dagg, Martin Smith, Mark Hapner, Richard Wilsher, Mark King, Jimmy Jung, Maria Vachino
Other IAWG Members: Hiroyuki Sato, Angela Rey, Matt King
Staff: Lynzie Adams, Kay Chopard

Proposed Agenda

  • Administration:
    • Roll call, determination of quorum
    • Agenda confirmation
    • Minutes approval - 2022-04-21 DRAFT Minutes
    • Staff reports and updates
    • International liaisons updates
    • LC reports and updates
    • Call for Tweet-worthy items to feed (@KantaraNews)
  •  Discussion: 
    • IAWG Chair Nomination and Election Process
    • Kantara Service Descriptors continued conversation
  • Any Other Business and Next Meeting Date

Meeting Notes 

Administrative Items:

IAWG Vice Chair Martin Smith called the meeting to order.  Roll was called. Meeting was quorate. Distributed agenda was confirmed. 

Minutes approval:  Mark Hapner motioned to approve the draft minutes from the April 21 IAWG meeting. Jimmy Jung seconded the motion. The minutes were approved unanimously.

Staff Reports and Updates:

Monthly newsletter was distributed today. If you did not receive it and want to be added to the mailing list, please reach out to Lynzie.

Discussion:

DIACC

Still unclear on if IAWG should be the one who comments on this or if other work groups would be more inclined. Pulled up the Conformance Profile Draft Recommendation to briefly review and discuss.

Ken’s fear is that different assessors would come up with different results. These criteria appear to have more likelihood for a ‘maybe’ answer, opposed to ‘yes’ or ‘no’. Where Kantara criteria lend themselves to ‘yes’/’no’ responses. It was proposed to follow up with the other groups and look further at the documents before fully committing.

As a note, previously, it was standard to have one primary author. The initial drafting would take about 3 hours and then 1-2 IAWG meetings dedicated to discussion. That’s the extent of time to spend on requests such as this. Maybe a bit more for members, but DIACC is not.

Lynzie will create a wiki page that has all of these files easily accessible.

Service Descriptors

With limited time, this will be the focus of the next meeting agenda.

Lynzie addressed the ARB’s concerns about technical approvals and feeling as though they should not be offered. Richard continues to believe it was a mistake to create the technical approvals – but the CO_SAC needs to be better aligned to support 63-3 criteria. It is currently written to support the OP_SAC.

Jimmy views it differently. Many companies he talks with already have FEDRAMP or a SOC that they are showing people. So, saying they have to pay for a CO_SAC too seems unnecessary. Hesitant to make it required.

Richard pointed out that there are Proofing and credential management criteria in the CO_SAC that are important and would not be included in a FEDRAMP/SOC assessment. 

Jimmy laid out the questions:

  1. Full v. component – IAL and AAL or can it by just one?
  2. Technical  – have it or not?
  3. Who owns this? Board owns classes of approval. We can advise them. But the KIBOD makes the decision. The service descriptions are a business decision. Andrew confirmed the matrix is confusing to companies from his prior experiences and could be tweaked. These are market acceptance topics for what we want to call things. Make sure the label matches up with the class of approval. We can recommend this all to the Board, but they will vote.

Next Meeting:

April 28 to continue the discussion on Service Descriptors.

  • No labels