Page tree
Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

Kantara Initiative Identity Assurance WG Teleconference


DRAFT Meeting Minutes - IAWG approval required

Date and Time


  1. Administration:
    1. Roll Call
    2. Agenda Confirmation
    3. Minutes Approval: 
    4. Action Item Review
    5. Organization Updates - Director's Corner
    6. Staff reports and updates
    7. LC reports and updates
    8. Call for Tweet-worthy items to feed (@KantaraNews or #kantara)
  2. Discussion
    1. Kantara IAF-1401 (Excel SAC) - ready for a vote?
    2. Review statement of requirements for SAC update task
    3. Reminder of presentation from Hannah Short of CERN
    4. Review of IAWG Charter
    5. Report out on TFS sync meeting
  3. AOB
  4. Adjourn


Link to IAWG Roster

As of 2015-11-05, quorum is 5 of 9


Meeting achieved quorum




  • Scott Shorter (S)
  • Ken Dagg (C)
  • Andrew Hughes (VC)
  • Richard Wilsher 
  • Lee Aber
  • Paul Kaskey


  •  Christine Abruzzi




  • Ruth Puente


Voting Members for Cut/Paste

  • Ken Dagg (C)
  • Andrew Hughes (VC)
  • Scott Shorter (S)
  • Rich Furr
  • Paul Caskey
  • Devin Kusek
  • Adam Madlin
  • Richard Wilsher
  • Lee Aber

Selected Non-Voting members for Cut/Paste

  • Bill Braithwaite
  • Björn Sjöholm
  • Susan Schreiner
  • Jeff Stollman


Notes & Minutes


Minutes Approval

<<put link to minutes here>>

Motion to approve minutes of yyyy-mm-dd
Motion Carried | Carried with amendments | Defeated

Action Item Review


Staff Updates

LC Updates
Participant updates


1. Excel service assessment criteria - any new comments? Ken Proposes that we as IAWG approve the work tool and put it out for 45 day review. Scott seconds. Action item - Scott Shorter to follow up with Ruth on getting it out for 45 day review.
2. Statement of requirements update forthcoming, Ken apologizes for delay. Thanks for the comments thus far.
3. Presentation from Hannah Short from CERN April 7th 10am PST 1PM EST. Authentication and authorization for research security and incident response. Don't forget clocks change.

4. Take a look at IAWG charter and bring discussion forward with that. If no changes to make, please let us know. AI: link to IAWG charter for review
 Scott Shorter to provide link to IAWG charter for review.

5. TFS solutions synch meeting. Frustration expressed that government people were not attending the meeting. KI and InCommon and SBP will be sending note to FICAM and NIST. If not the monthly meetings will be put on hold.


Privacy Criteria

Discussion of the privacy audit criteria. OECD has privacy criteria, eight principles, collection limitation , data quality purpose specification, use limitation, security safeguards, openness participation, accountability. AI: Ken to send the text and the link to the test. "The privacy of the subject is respected" - high level mission statement.

RGW: we should keep an open mind whether existing criteria can simply be used as is, many existing criteria can be used for privacy when viewed correctly.

Andrew: a quick survey of what's out there, gap analysis, begin work.

Ken: what others do we know of?

Andrew mentions privacy by designengineering principles, FIPPS, FICAM, FCC's privacy rules.

Scott: is this worth trying to get KI funding for?

Andrew: do we need a scope or charter for this? Ken: will undertake to do that.

RGW: doesn't see the need for it. IS there a call from the marketplace for such a thing?

RGW: do agree that there needs to ba focus on how to interpret generic controls when you have privacy as a focus. Maybe approach is not to have privacy criteria per se, but to profile the criteria. Did the FIPPS principles, repurpose of existing SAC criteria. There's a gap in KI's ability to meet FICAM requirements,

Ken cites the reference to privacy requirements in TFPAP 2.0.2, 2014:

Andrew: controlling documents - ICAM approved submission page: ICAM Approved Submission

Scott and RGW mention that privacy criteria are part of CSPs responsibility to cover compliance since that is not covered by the SAC. RGW creating a profile, to apply criteria in a specific context. Doesn't diminish criteria, shows how to use them In a particular context. Maximizes reuse.

Christine: IDESG is looking at complementary programs such as KI, for each program, come up with a way of on boarding the participants that are certified at a certain level.



Next Meeting

  • Date: Thursday, 2016-03-24
  • Time: 12:00 PT | 15:00 ET
  • Time: 12:00 PDT | 15:00 EDT
  • United States Toll +1 (805) 309-2350
  • Alternate Toll +1 (714) 551-9842
    Skype: +99051000000481
    • Conference ID: 613-2898
  • International Dial-In Numbers


  • No labels