2018-04-11 Draft Meeting Notes

Attendees:

Matt King, SAFE BioPharma 

Peter Alterman, SAFE BioPharma 

Scott Shorter, IAWG Vice-Chair

Colin Wallis, KI

Matthew Williams

Jose Lopez, Zentry

Ann West, Incommon

Scott Perry, KI Assessor 

Tom Barton, Incommon

Andrew Hughes, LC Chair

Curtis Patty, IAW International

Stuart Levy, TransUnion

Ruth Puente, KI


Incommon Report provided by Tom Barton

  • Baseline Expectations for Trust and Federation - The legal relationship of the participants with the Federation has changed. 
  • They started a metadata health check (quality of the metadata of entities in the federation).
  • REFEDS: International Assurance Framework is still incomplete, and try to be less rigorous than NIST and Kantara requirements. The more stable part is the associated profile single factor authentication.

Kantara Identity Assurance Working Group (IAWG) Report provided by Scott Shorter 

  • Kantara Service Assessment Criteria for 800-63-3 is ready for grant approvals.
  • There are some participants contributing and providing feedback on the NIST spreadsheet as the basis for the NIST 800-63-3 Implementation Guidance.
  • Kantara is preparing comments on the OMB draft policy concerning Strengthening the Cybersecurity of Federal Agencies through Improved Identity, Credential, and Access Management
    (OMB Comment period closes on May 6).

SAFE BioPharma Report provided by Peter Alterman and Matt King

  • Peter is retiring and Matt will take over these activities.

Open Mic - NIST spreadsheet with 63A identity evidence 

  • PA suggested giving a numeric value to each one of the categories and determine the minimum number required for each of the IAL, which would be easier to work with alternatives. He added that the group should calculate acceptability of various combined strategies.
  • SL stressed the importance of the combination of the identity evidence and said that the group should agree upon a process on a fair evidence that could be provided to the multiple cases. 
  • TB asked if we should consider identity documents broader than US based. He requested clarity on the methodology to add a row. PA added that we need to have as many rows as we need to have.
  • SL suggested we should differentiate among the evidence types, as the US social security number is weak but the card is stronger; financial account statement is a document and has a different strength than a bank account number.  
  • TB highlighted that we should build a public and transparent process.
  • PA said that NIST sheet should be imported into a new spreadsheet that represents a wide variety of inputs from the TFS Stakeholders.