- KI drafting MoU
- IDESG working on the
Updated mapping docs.
April 13th Ben Wilson sent to KI the following docs and information:
- updated version of the IDEF-IAF FICAM Federal Privacy Profile Mapping - IDESG marked “Confirmed” for the rows titled INTEROP-4: STANDARDIZED DATA EXCHANGES and INTEROP-7: USER REDRESS.
- IDEF-IAF Mapping Overview.
TFTM discussed these two weeks ago, and everyone seems to be in accord.
the need to include Kantara onboarding in the Statement of Work for the next version of the IDEF Registry web site. The form that recognition of Kantara-approved CSPs during the IDEF registration process still needs to be decided. If it can’t be an interactive experience (due to site-development budget issues), I was thinking it could at least be a static presentation in HTML or PDF. Once we get this going, part of the process would be that Kantara-approved CSPs initiate registration and get a “pass” on the “Fully Compliant” items, then they will attest to the remaining IDEF Baseline criteria. Finally, they will need to accept the standard terms and conditions and submit a complete package (attestation form).
April 3rd Meeting Notes:
- We discussed that once a CSP is approved at Kantara, in essence they will be offered the opportunity to self attest at IDESG.
- They will choose one of 2 URLs. One URL is pre-filled with boxes ticked if they have done Kantara's 1400 SACs approval.
- The other URL is pre-filled with boxes ticked if they have done Kantara's 1400 SACs approval AND the FICAM Privacy Profile.
- IDESG will queue up the URL/web work on its upcoming work order.
- The URLs will be hosted by IDESG. If required by IDESG, they will ask Kantara to validate that a CSP has been approved.
Ben will fill in the last remaining empty boxes on the compare tool to complete the mapping.
Colin will use a Kantara MOU template to strawman up the broad approach.
IDESG and KI call to discuss the IDEF-SAC mapping March 10th.
- Andrew and David recounted the approaches used by each team to analyse, review and comment on the mapping
- We looked at each item that TFTM had further questions about, notes on each one follow:
1) INTEROP-2 - Kantara should indicate in the S3A that if the CSP intends to apply for IDEF Registry listing that they include an answer to INTEROP-2 in their S3A
2) INTEROP-3 - this is a trigger on IDESG side - if an applicant to the Registry is using a non-listed standard this should trigger IDESG to put the standard through the normal evaluation process
3) PRIVACY-3 - Kantara should review data minimization criteria to see where this is handled - “Partial” might be possible instead of N/A
4) PRIVACY-15 - The IDEF requirements is relevant to the transaction. David explained the context that he expects -> Data Minimization. Andrew requested that IDESG review and update their requirement and supplemental guidance for P15. David noted that there is no supplemental guidance for the Privacy requirements.
- ACH asked David to send info to Kantara about how other CSPs have done this and Kantara can recommend to CSPs.