Kantara Initiative Identity Assurance WG Teleconference
Meeting Minutes - IAWG approval 2013-Oct-10
Date and Time
- Roll Call
- Agenda Confirmation
- Minutes approval: IAWG Meeting Minutes 2013-09-26
- Action Item Review
- Staff reports and updates
- LC reports and updates
- Call for Tweet-worthy items to feed (@KantaraNews or #kantara)
- IAWG Charter endorsement
- November 10-11 F2F Plenary in Vancouver - IAWG work?
- Review latest draft material on 800-63-2 v SAC mapping
- IAF Publication Schedule / numbering
Link to IAWG Roster
As of 1 July 2013, quorum is 5 of 9
- Myisha Frazier-McElveen (C)
- Rich Furr (V-C)
- Andrew Hughes (S)
- Scott Shorter
- Richard Wilsher
- Cathy Tilton
- Kenneth Myers
- Matt Woodhill
- Patricia Hammar
- Matt Thompson
- Ken Dagg
Notes & Minutes
IAWG Meeting Minutes 2013-09-26
Motion to approve minutes of 2013-09-26: Rich Furr
Seconded: Scott Shorter
Action Item Review
See the Action Items Log wiki page
Agenda was sidetracked to discussion of a specific issue with CO_ISM#090 which consumed the meeting time.
Discussion of 800-63-2 v SAC Mapping drafts
- Question of why 800-63-2 is the only mapping being considered? Should include 800-53 and also requirements of TFPAP.
- If this is not done, then there might be future issues with the SAC - because 800-63 only refers to Identity Proofing topics, it refers to 800-53 directly. This might result in conflicts between IAF and TFPAP.
- Concern that this would result in a US-Centric IAF
- Example given is the requirement for (CO_ISM#090) External Audit bi-annually.
- This is not required in 800-63. tScheme requires it. Currently this requirement is scheduled for removal in SAC v4.0 - view is that this will put Kantara's assessment program at risk. It should remain in the SAC.
- The AAS covers the 3rd Party nature of Kantara Assessments - this was what was approved by TFPAP originally.
- The argument for removal: the Kantara Assessment itself is by definition an independent audit - so having it as a criteria is redundant and potentially confusing.
- Note made that it is helpful to include criteria like this even if they appear to be redundant - because of the complex inter-dependencies between the SAC and several other documents. It is very complex if the Assessor/Assessed need to jump between many documents - could easily cause important criteria and requirements to be missed.
- Discussion about alignment with 27001 relative to frequency of 3rd party audits - it is unclear what the resolution is.
- FICAM gives the example of a 3 year independent audit cycle, but 27001 is annual for certification.
- ACTION: Richard Wilsher will submit a ticket for CO_ISM#090 removal. Richard & Rich will prepare discussion points on CO_ISM#090 for a vote on next IAWG call.
- ACTION: Discuss timetable for moving the IAF v4 to Public Review stage at next call
IAWG Draft Charter endorsement
The 2013 IAWG Charter Final Draft is here: 2013 IAWG Charter Refresh - Final Draft September 30 2013
November 10-11 Plenary Planning
IAF Publication Schedule