RGW overview comments – great costs and great expense to comply with certification requirements.
Andrew – their definition of trust framework is actually “federation operator”, very similar to the commonwealth of Virginia definition. Kantara doesn’t offer federation operator services, need to be cautious that we don’t change what Kantara’s program does.
Colin agrees with Andrew’s perspective. Federation operations are not necessarily part of trust framework. tScheme loads liability onto the framework (?)
Colin – would you agree that they are trying to merge PKI with non-PKI governance?
Colin will be reaching out to KI’s approved CSP’s to understand the market and the specifics. KI, for reasons that Andrew mentioned, has kept at arms length. Need to understand what the commercial viability of an offering that delivered authenticated identities at lower assurance levels.
Andrew did skim the documents – do we perceive that the document as written assume that connect.gov is in existence and viable? That could explain why a federated shared risk pool is the way to go?
RGW suggests that if Andrew is correct. Organizations he knows are dealing on a one-to-one basis, there’s no notion of federation going on. This appears to be a replacement for the FICAM program, with forced federation.
Andrew: As connect.gov was being retired, there was desire from FICAM to push certification responsibility towards the industry. This looks like an overcompensation because the federal agencies may not bear the costs of having a fully certified CSP relationship.
RGW – should we respond that we are confused by this and don’t understand what happens to the FICAM program. Need to understand the fundamentals before we comment on the details.
Colin points out that we are very constrained in what we can say since this is in the public domain.
RGW reminds that GSA has been invited to discuss with CSPs and TSFs but they don’t have much to say on the group meetings.
Scott asks if federation and certification are the only issues? What about 800-53?
● Manage liability and legal issues.
Trust Frameworks establish multilateral agreements among all identity federation members enabling the trust and governance of a federation’s operations.”