Page tree
Skip to end of metadata
Go to start of metadata

Kantara Initiative Identity Assurance WG Teleconference

 

Minutes approved 2014-10-23

 

Date and Time

Agenda

  1. Administration:
    1. Roll Call
    2. Agenda Confirmation
    3. Minutes approval: IAWG Meeting Minutes 2014-10-02
    4. Staff reports and updates
    5. LC reports and updates
    6. Call for Tweet-worthy items to feed (@KantaraNews or #kantara)
  2. Discussion
    1. Continue discussion of Andrew's US Profile
    2. Out-brief from FICAM TFP meeting (see attached file)
    3. Identify and re-prioritize on-going projects
  3. AOB
    1.  
  4. Adjourn

 Attendees

Link to IAWG Roster

As of 2014-09-29, quorum is 7 of 13

 

Meeting achieved quorum

 

Voting

  • Rich Furr ( C)
  • Andrew Hughes (S)
  • Scott Shorter
  • Ken Dagg
  • Devin Kusek
  • Bill Braithwaite
  • Adam Madlin

Non-Voting

  •  

Staff

  •  Joni Brennan

Regrets

  • None

 

 

Notes & Minutes

Administration 

Minutes Approval

IAWG Meeting Minutes 2014-10-02

Motion to approve minutes of 2014-10-09: Braithwaite
Seconded: Shorter
Discussion: None
Motion Carried

Staff Updates

Skipped due to time constraints

Discussion

  • ACTION: Andrew to Doodle a meeting time change to 3pm Eastern Thursdays or some times on Wednesdays
US Profile Update
  • Andrew provided an overview of the proposal to do a SWOT analysis of the current IAF and how it might result in decisions to adjust/restructure the IAF
  • Joni pointed the group to the 'Vectors of Trust' discussion on the IETF list - a useful approach to consider & gaining momentum
  • Andrew suggested the concept of using a general controls framework such as COBIT as the scaffolding for TFs
  • Rich: should we look to ISO and eIDAS? Scott: ISO may be tilted in particular directions that may not suit our purposes
  • Ken: continue with the US Profile work
  • ACTION: Andrew to complete the proposal to conduct a comparative analysis of approaches
FICAM TFS program updates
  • Tuesday October 7 2014: regular TFP meeting with FICAM TFS
    • Much discussion about componentization and the current restriction about combining Service Components which have approval from different TFPs
    • Discussion about where the liability should be assigned
    • Joni and Peter Alterman distributed a slide deck for discussion - will send to IAWG
  • Rich: IAWG assigned to look at the program and defining the assessment requirements (esp. connectivity and interoperability) to make it possible for FICAM TFS to remove the restriction
  • The 'Binding Service' and 'Identity Manager' need better definition
    • Roles and responsibilities
  • Andrew: recounted that the original IAWG white paper draft about componentization and "late binding" concepts still is around
    • ACTION: Andrew: needs some updating - Andrew to send to IAWG for comment and progression
    • Government of Canada and FICAM TFS have discussed the componentization approach to attempt alignment
  • Peter Alterman's Global Framework material
    • Draws on Threats as a foundation for controls/criteria structure and coverage - draws back closer to first principles to look for comparability
  • Draw on global community for further discussion: national bodies, other TFPs, Assessors, NIST
    • NIST is preparing to release an RFI on the topic of Assurance Levels and SP800-63 future
  • Question raised about State-level requirements
    • American Bar Association IDM thread on how to engage the States
  • NASCIO/SICAM, NIEF, Canada IDMSC, others - would be useful to engage them or coordinate connections
  • There may be an opportunity in January to connect with international governments

 

Next Meeting