TFS Sync – 10 February 2016
Draft Meeting Notes
Ken Dagg, KI
Leif Johansson, ARB Chair
Brian Lipsky, Kimble and Associates
Paul Caskey, Incommon
Kevin Morooney, Incommon
Ruth Puente, KI
David Dewey, GSA
Jonathan Prisby, GSA
Lee Aber, ID.me
Stephen Skordinski, Electrosoft
Adam Madlin, Symantec
Brian Dilley, Verizon
Nandini Diamond, FICAM
Paul Grassi, NIST
Russ Weizer, Verizon
1. Roll Call and Welcome.
2. FICAM Workshop in WDC (January 14th)
3. IAWG Update
-Kantara Mapping Reports.
-KIAF-1401 SAC Spreadsheet.
4. Open space
5. Next steps
Key discussion items
- It was stressed that the purpose of the Sync is to get the stakeholders together in the TF process and an opportunity to talk to each other. The discussion is based on the Chatham House rules, anyone who comes to the meeting is free to use information from the discussion, but is not allowed to reveal who made any comment.
FICAM Workshop in DC – January 2016
- Industry comment: the notion of re-stating requirements in form of control objectives, it helps improve the way to innovate.
- The meeting notes are in the Google doc., which was circulated to the attendees and some KI WGs. KI will circulated the document in pdf version and the link to the Sync wiki with the meeting notes.
- Regarding the formation of the FICAM charter, it was highlighted that the development would need the involvement and contribution of all the stakeholders.
- KI stressed that just want to create the venue and help to get the work done.
- FICAM commented that the charter would inform how the interaction of the different TFP shall be with FICAM as the facilitator.
- The FICAM workshops will be organized quarterly and the next workshop will include RPs.
- FICAM is analyzing the UK and Canada processes.
- Regarding the comparison of FICAM and the UK, KI has published a document which is available at: https://kantarainitiative.org/road-to-multilateral-recognition/
- It was informed that 2 new mapping reports were released:
IAF 5415 provides a mapping between IAF -1400 SAC and ISO/IEC 29115 (ITU-T X.1254).
IAF 5463 provides a mapping between IAF-1400 SAC and NIST 800-63-2. The mapping is based on a re-expression and re-structuring of ’63-2, so as to make each discrete requirement uniquely referenceable.
The Mapping Reports are available at: https://kantarainitiative.org/confluence/display/LC/Identity+Assurance+Framework
-KIAF-1401 SAC Spreadsheet is being developed to pursue transition of the SAC to objective oriented and facilitate cross federation mapping.
-Privacy criteria will be discussed in the upcoming IAWG calls. Attendees were invited to participate in the discussion.
- The TFS Stakeholder Sync will be set Monthly.
- Incommon has 5 certified CSPs, one LoA2 and the others LoA1.
- The Assurance Advisory Committee is moving from assurance focus to trust focus practices. Incommon is a TFP but also a federation provider so they have the infrastructure as well.
- Organizations that participate in the Assurance Program are looking to broaden the agenda from specific FICAM Program to also including other communities such as being able to assert multifactor in a very light weight way.
- They are exploring an interesting use case, there are universities that have the RP in the cloud and want the cloud provider to be able to, upon or by policy dictated by the University, trigger MSA based on a transaction policy, so the campus requests the RP to request back MSA authentication.
- As part of the practices upgrade, they are working on 5 practice statements for IdPs, SPs and RPs, which Incommon will share shortly with the TFS group.
- There is a real market for basic identity verification but strong authentication on the top of it. Multifactor, trusted devices and trusted networks, notion of stronger authentication.
- Certified work, is a Trust Framework focused on participants willing to participate in incident response for federated identity. It is an international effort that was headed by EU research. The concern in Identity Assurance is the need to be a corresponding communication mechanism when an Identity Assurance is compromised. In Higher Education there is a disconnection between those that run the Id management system and those responsible for the security. There is an interesting discussion about messaging mechanism that could be run by the federation as a way of handling the security issues, a component of security that affects the Identity Assurance.
It was recommended the following IETF discussion mailing list: https://www.ietf.org/mailman/listinfo/id-event