Kantara Initiative Identity Assurance WG Teleconference
Date and Time
- Date: Thursday, 2017-MM-DD
- Time: 12:00 PST | 15:00 EST (time zone calculator)
- Please join the meeting from your computer, tablet or smartphone. https://global.gotomeeting.com/join/380672837
Link to IAWG Roster
As of 2017-03-16, quorum is 4 of 8 (see list box below for voting members)
- Adam Madlin
- Ken Dagg
- Scott Shorter
- Denny Prvu
- Richard Wilsher
- Andrew Hughes
- Mark Hapner, Resilient Networks
- Ruth Puente
Notes & Minutes
Motion to approve minutes of 2017-04-20: Andrew Hughes
Seconded: Denny Prvu
Discussion: Denny remarks that he will be the scribe next week.
Action Item Review
- Andrew reports on the internet2 global summit. Meeting between internet2, REFEDS/GEANT, InCommon and Kantara, to talk about work that all the trust frameworks are doing on identity assurance frameworks.
- Kantara and IAWG are trying to handle 800-63 and the impact on the assessment program, CSPs and assessors.
- REFEDS and InCommon are doing new minimal assurance profiles for their schemes.
- Good discussion all around. Organizations are all working on the same things, even if the particular activities look different. Identity proofing, credential management, assertion management and security.
- Assurance Levels from RP point of view is like a risk tolerance level, whereas from the CSP point of view they are a form of bundling capabilities to line up with RP's expectations.
- What risks should be considered when thinking about identity assurance - what's a catalog of risks to consider as an RP? What's an atomization of discrete statements that describe CSP functions and how they map to those risks. GEANT has a good start on this approach - they have 12 capabilities identified, needs extension but looks good now.
- Andrew will write up a report on this once meeting participants give feedback on meeting notes
- Mapping of Identity Assurance Framework to IDEF - initiated by IDESG and reviewed by IAWG. Finishing touches, getting operational side sorted. Created a straw man MOU, had a conference call with IDESG. They were comfortable with the strawman and an annex showing what each party would have to do in order to onboard after testing into the IDEF registry. IDESG will review MOU. We should see it completed by the end of May, beginning of June.
- Folks should be receiving an emailed Kantara newsletter soon
- Reminder about the ISO liaison subcommittee activity. We should be monitoring updates to 29003, as well as privacy controls (27552). 29115 continues in its current state for now.
- Colin met GSA to discuss 800-63-3. Looks like this final round is the final round, June may be the time for a final document. Aspects are dependent on what GSA gives to the FICAM trust framework solutions folks. We should get an indication of that by the end of august. We may need to meet a template that GSA provides in August. IAF.next and the GSA FICAM will be a profile.
Discussion of comments on 800-63-3
Review of the draft of consolidated comments.
- Date: Thursday, yyyy-mm-dd
- Time: 12:00 PT | 15:00 ET
- Time: 12:00 PDT | 15:00 EDT