Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Info

Meeting achieved quorum

 

 

Voting

  •  

Lee Aber
Ken Dagg (C)
Scott Shorter
Colin Wallis

Non-Voting

 Angela Rey

Steve Skordinski 

 

Staff

...

Joni Brennan

Regrets

  • Andrew Hughes (VC)
  • Rich Furr

Info
titleVoting Members for Cut/Paste
  • Ken Dagg (C)
  • Andrew Hughes (VC)
  • Scott Shorter (S)
  • Rich Furr
  • Paul Calatayud (VC)
  • Devin Kusek
  • Adam Madlin
  • Kenneth Myers
  • Cathy Tilton
  • Richard Wilsher
  • Lee Aber

...

Notes & Minutes

Administration 

Minutes Approval

Motion to approve minutes of ...
Seconded: 
Discussion: 
Motion Carried | Carried with amendments | Defeated

Action Item Review

See the Action Items Log wiki page

Staff Updates

Leadership Council (LC) Updates
  •  
Participant updates

Discussion

...

Discussion

 

Ken: a scheme comes to mind for NIST's first question, based on discussions at identity north, separation of three functions, identification, authentication, and authorization. Scott agrees, will expand on comment about A&I to cover this.

CW Oasis trust elevation discussion - some transactions where people won't ask for authentication, by we leak so much data that low risk transactions are supported without clear authentication step.

UMA developing binding obligations and controls.

Contact Eve Mahler, ask for her comments?

Scott to ping Pete Palmer.

Ken will mention at leadership council.

Examples of authentication, identification and authorization system does it that way. Those three functions take place. Age authorization for old age security. Length of time in country during twelve month calendar. Employement status. Visa, work status.

Ken in terms of privacy, like the comment with respect to the triple blind being part of the privacy spectrum. Additional spect, PIA is focused on client and end user and protecting their privacy. Conducting a PIA gets the questions asked, and if a privacy commissioner exists in a jurisdiction they can say whether privacy is being respected.

When out to RFP for privacy solution the privacy commission, who can adjust the text of that.

Colin says should be a risk assessment is applied up front, it is not that clear what risk is being assessed and for what reason. Do an identity related risk assessment on the service, need approaches for doing the identity related risk assessment.

Ken, sent a link to Canadian govt assurance and guidance. Risk assessment to identity assurance. Scott to review.

CSPs are coming out and saying we have a level three system. The identity risk assessment rather than the system compromise risk assessment.

Scott to put the links in the minutes...

Joni to talk to UMA and CSPs.
Ken speak to LC.

Scott to distribute comments, ask for a COB Monday deadline. Get to Joni next Tuesday, joni will create cover letter and send to NIST.

Suggest to meet next week to discuss what was submitted, catch up on administrative stuff and decide on whether to meet biweekly again.

 

Carry-forward Items

 

Attachments

...