Kantara Initiative Identity Assurance WG Teleconference
Meeting Minutes - approved December 5 2013
Date and Time
- Roll Call
- Agenda Confirmation
- Minutes approval: IAWG Meeting Minutes 2013-11-07
- Action Item Review
- Staff reports and updates
- LC reports and updates
- Call for Tweet-worthy items to feed (@KantaraNews or #kantara)
- Review, analysis and comments to be solicited from Kantara members regarding FICAM TFS draft updates. Kantara ARB is also composing comments.
Material is here: http://info.idmanagement.gov/2013/11/ficam-trust-framework-solutions-tfs.html
- Report out of November 13, 2013 F2F meeting in DC.
- Review latest SAC updates resulting from Antecedent Process discussions
Link to IAWG Roster
As of 1 July 2013, quorum is 5 of 9
- Myisha Frazier-McElveen (C)
- Andrew Hughes (S)
- Rich Furr (V-C)
- Scott Shorter
- Richard Wilsher
- Kenneth Myers
- Colin Wallis
Notes & Minutes
IAWG Meeting Minutes 2013-11-07
Motion to approve minutes of 2013-11-07: Rich Furr
Seconded: Scott Shorter
Action Item Review
See the Action Items Log wiki page
- Director's Corner Link - October 2013 has been posted
- Event Radar 2013 Link
- Several conferences attended/participated over the last several weeks.
- Kantara producing NSTIC Pilot Day January 30 2014 in Washington DC - hosted at Dept of Commerce - all pilots that Kantara has a role primarily, then all remaining pilots will be invited depending on space
- Avocco Identity has joined Kantara
- Meeting held this week
- Several refreshed charters were approved: IAWG, HIAWG, UMA, FIWG
IAWG Page for aggregation of comments is here: FICAM TFS v2.0 (2013) Draft Documents Comments From IAWG
- ARB will be submitting comments on the documents
- IAWG has been asked to provide comments to ARB
- Noted that the ATOS and RP Guidelines are new, and have impacts on all Approveds going forward
- The NASPO ID Proofing standards are now referenced & may be including additional attributes required for an authentication
- Line 165++ : this section needs a closer reading because the docs seem to indicate that validated attributes should be provided, but it is unclear if this is a critical factor in FICAM approval.
- It is anticipated that these documents will have impact on SAC in several places
- Noted that Financial Institutions do not have to go through the TFS processes - question is: are the Financial institutions asserting ALs in the form of 800-63? There is confusion about how the Regulated Industries need to or actually do comply with 800-63-2 - in particular the non-ID Proofing criteria/requirements. This needs to be clarified for certainty.
- R. Furr suggests that the current SAC revision includes changes resulting from the TFS drafts.
- R. Wilsher disagrees, as the timeline for the TFS documents is not firm
- Kantara should indicate timeline preferences to FICAM
- The HealthCare.gov situation might have increased sensitivity to interoperability and certification issues, which might be increasing pressure to implement.
- Two sub-team have been created: the Approved and Accredited organizations; they have been asked to return comments to ARB by December 2; joint feedback response to be consolidated by December 12; comments due to FICAM TFS on December 14. IAWG to follow the same schedule.
- Myisha to forward the comment spreadsheet to IAWG.
- The privacy guidance - looks like the RP has to indicate to the TFP(? ) the need for specific attributes - this might cause complications for the assessments - might end up in custom approvals
- These requirements are specific to FICAM - caution urged to examine proposed SAC changes to ensure that IAF remains independent from FICAM requirements
- Question: re privacy requirements - if these documents are written in the context of FCCX, then why should there be interactions directly between Federal RP and FICAM CSP?
- Question for FICAM: should there be an FCCX-specific profile process? that is separate from use cases where the RP has a direct relationship with the CSP?
- Due to time constraints, please forward comments directly to
- IAWG to meet in the week of December 2-6 to discuss comments submitted by IAWG.
- Regular IAWG meeting December 5. Extra working session for IAWG on December 6, 10:00am EST.
Review latest SAC updates resulting from Antecedent Process discussions
- R. Wilsher suggests that the 800-63-2 related changes should be moved forward independent of anything that comes out of the new FICAM drafts
- The material presented is an isolation of the SAC related to the Antecedent Process - so that they can be considered easily
- SCO#10 - Secure remote communications - adjusted to de-reference the need for hardware crypto devices
- SCO#16 - Verification of remote credential - clarified and moved into revocation criteria
- IDV#10 - NEW - ID Proofing and Verification - CSP to describe verification measures and justify how they meet the requirement
- CTR#025 - Authentication Protocols - broader references
- CRM#60 - typo corrected
- Motion to include these changes into the current SAC version and put them out for 45 day public review: R. Wilsher.
- Seconded: R. Furr
- Discussion: none
- Motion carries