Page tree
Skip to end of metadata
Go to start of metadata

Kantara Initiative Identity Assurance WG Teleconference

 

Date and Time

Agenda

  1. Administration:
    1. Roll Call
    2. Agenda Confirmation
    3. Minutes approval: IAWG Meeting Minutes 2012-12-13, IAWG Meeting Minutes 2013-01-24
    4. Nominations and ballots
  2. Discussion
    1. IAF Process and Errata - update
    2. IAF document discussio
  3. AOB
  4. Adjourn

Attendees

  • Myisha Frazier-McElveen
  • Scott Shorter

As of 14 January 2013, quorum is 4 of 7

Non-Voting

  • Ken Dagg
  • Andrew Hughes
  • Jeff Stollman
  • Linda Goettler
  • Rich Furr

Staff

  • Heather Flanagan (scribe)

Apologies

Notes & Minutes

  • Minute approval postponed to next week
  • Nominations and ballots
    • Vice Chair nomination = Rich Furr; Heather to send out e-ballot
IAF Process and Errata - see current diagrams
IAF document discussion
  • Rich has gotten through the AAS and part way through the revised SAC; on the AAS document the biggest difficulty is "are we opening at least the potential impression of a conflict of interest when we have a currently Kantara assessor assessing the applications of other potential Kantara assessors?"  or if there is an app from a new assessor that maybe it should go through the IAWG for review before it goes through the Secretariat, and then go through the ARB?  The concern is that certified assessors are assessing their competitors; if someone applied and failed, it could get unpleasant
    • Rich will send the appropriate pieces and send to the list (section 7.1)
  • Also has concerns with the SAC and is highlighting those; they relate to the fact that the SAC do not track back to NIST 800-63 including the retention of information
IAF restructuring
  • discrepencies between Canadian assurance levels and 800-63; one in particular is a remote L4 identity proofing in the Canadian scheme
  • could we restructure the SAC to make it easier to taylor the documents towards regional requirements with profiles?
  • Verizon is working quite a bit overseas and have to take these different regional definitions of LoA
  • the difference between requirements and specifications = the requirement is for different LoA to be defined, and the specification is the translation regarding what those definition means per jurisdiction; but are we digging a deeper hole by adding another layer? At what point does that become so weak that everything significant becomes a profile and the base is just organizational? 

AOB

  • Next week is the IDESG plenary; our attendance will be compromised here and so will cancel next week's call; next call on 14 February
  • Reminder to read through the Gov't of Canada doc that Ken Dagg sent to the list

Next Meeting

 

  • No labels