Page tree
Skip to end of metadata
Go to start of metadata

Kantara Initiative Identity Assurance WG Teleconference


Meeting Minutes - approved December 5 2013


Date and Time


  1. Administration:
    1. Roll Call
    2. Agenda Confirmation
    3. Minutes approval: IAWG Meeting Minutes 2013-11-07
    4. Action Item Review
    5. Staff reports and updates
    6. LC reports and updates
    7. Call for Tweet-worthy items to feed (@KantaraNews or #kantara)
  2. Discussion
    1. Review, analysis and comments to be solicited from Kantara members regarding FICAM TFS draft updates. Kantara ARB is also composing comments.
      Material is here:
  3. AOB
    1. Report out of November 13, 2013 F2F meeting in DC.
    2. Review latest SAC updates resulting from Antecedent Process discussions
  4. Adjourn


Link to IAWG Roster

As of 1 July 2013, quorum is 5 of 9


Meeting achieved quorum


  • Myisha Frazier-McElveen (C)
  • Andrew Hughes (S)
  • Rich Furr (V-C)
  • Scott Shorter
  • Richard Wilsher


  • Kenneth Myers
  • Colin Wallis


  •  Joni Brennan


  • Ken Dagg

Notes & Minutes


Minutes Approval

IAWG Meeting Minutes 2013-11-07

Motion to approve minutes of 2013-11-07: Rich Furr
Seconded: Scott Shorter
Discussion: Non
Motion Passed 

Action Item Review

See the Action Items Log wiki page

Staff Updates

  • Director's Corner Link - October 2013 has been posted
  • Event Radar 2013 and 2014 Link
  • Several conferences attended/participated over the last several weeks.
  • Kantara producing NSTIC Pilot Day January 30 2014 in Washington DC - hosted at Dept of Commerce - all pilots that Kantara has a role primarily, then all remaining pilots will be invited depending on space 
  • Avocco Identity has joined Kantara
LC Updates
  • Meeting held this week
  • Several refreshed charters were approved: IAWG, HIAWG, UMA, FIWG
Participant updates


IAWG Page for aggregation of comments is here: FICAM TFS v2.0 (2013) Draft Documents Comments From IAWG

  • ARB will be submitting comments on the documents
  • IAWG has been asked to provide comments to ARB
  • Noted that the ATOS and RP Guidelines are new, and have impacts on all Approveds going forward
  • The NASPO ID Proofing standards are now referenced & may be including additional attributes required for an authentication
    • Line 165++ : this section needs a closer reading because the docs seem to indicate that validated attributes should be provided, but it is unclear if this is a critical factor in FICAM approval. 
  • It is anticipated that these documents will have impact on SAC in several places
  • Noted that Financial Institutions do not have to go through the TFS processes - question is: are the Financial institutions asserting ALs in the form of 800-63? There is confusion about how the Regulated Industries need to or actually do comply with 800-63-2 - in particular the non-ID Proofing criteria/requirements. This needs to be clarified for certainty.
  • R. Furr suggests that the current SAC revision includes changes resulting from the TFS drafts.
  • R. Wilsher disagrees, as the timeline for the TFS documents is not firm
  • Kantara should indicate timeline preferences to FICAM
  • The situation might have increased sensitivity to interoperability and certification issues, which might be increasing pressure to implement.
  • Two sub-team have been created: the Approved and Accredited organizations; they have been asked to return comments to ARB by December 2; joint feedback response to be consolidated by December 12; comments due to FICAM TFS on December 14. IAWG to follow the same schedule.
  • Myisha to forward the comment spreadsheet to IAWG.
  • The privacy guidance - looks like the RP has to indicate to the TFP(? ) the need for specific attributes - this might cause complications for the assessments - might end up in custom approvals
  • These requirements are specific to FICAM - caution urged to examine proposed SAC changes to ensure that IAF remains independent from FICAM requirements
  • Question: re privacy requirements - if these documents are written in the context of FCCX, then why should there be interactions directly between Federal RP and FICAM CSP?
  • Question for FICAM: should there be an FCCX-specific profile process? that is separate from use cases where the RP has a direct relationship with the CSP?
  • Due to time constraints, please forward comments directly to 
  • IAWG to meet in the week of December 2-6 to discuss comments submitted by IAWG. 
  • Regular IAWG meeting December 5. Extra working session for IAWG on December 6, 10:00am EST.


Review latest SAC updates resulting from Antecedent Process discussions
  • R. Wilsher suggests that the 800-63-2 related changes should be moved forward independent of anything that comes out of the new FICAM drafts
  • The material presented is an isolation of the SAC related to the Antecedent Process - so that they can be considered easily
  • SCO#10 - Secure remote communications - adjusted to de-reference the need for hardware crypto devices
  • SCO#16 - Verification of remote credential - clarified and moved into revocation criteria
  • IDV#10 - NEW - ID Proofing and Verification - CSP to describe verification measures and justify how they meet the requirement
  • CTR#025 - Authentication Protocols - broader references
  • CRM#60 - typo corrected 
  • Motion to include these changes into the current SAC version and put them out for 45 day public review: R. Wilsher. 
    • Seconded: R. Furr
    • Discussion: none
    • Motion carries




Next Meeting


  • No labels