Kantara Initiative Identity Assurance WG Teleconference

 

DRAFT Meeting Minutes - IAWG approval required

NOTE: These meeting minutes also contain notes from December 6 2013 - a continuation of this meeting for discussion of the FICAM TFS update material.

Date and Time

Agenda

  1. Administration:
    1. Roll Call
    2. Agenda Confirmation
    3. Minutes approval: IAWG Meeting Minutes 2013-11-21
    4. Action Item Review
    5. Staff reports and updates
    6. LC reports and updates
    7. Call for Tweet-worthy items to feed (@KantaraNews or #kantara)
  2. Discussion
    1. IAF-1400 draft for 45 day public review - see linked document:   Kantara IAF-1400 SAC v3-1.docx    
    2. Disposition of 800-63-2 -> SAC Mapping working documents - where/how to store for future reference?
    3. FICAM TFS Program update comments from IAWG members & consolidation
      Link to review documents and comment template here: https://kantarainitiative.org/confluence/x/fYHwAw 
    4. REMINDER: Ad hoc call to continue FICAM TFS discussion Friday December 6, 2013 10:00 Eastern.
  3. AOB
    1.  
  4. Adjourn

 Attendees

Link to IAWG Roster

As of 2013 November 21, quorum is 5 of 8

 

Meeting achieved quorum

Voting

Non-Voting

Staff

Apologies

 

Notes & Minutes

Administration 

Minutes Approval

IAWG Meeting Minutes 2013-11-21

Motion to approve minutes of 2013-11-21: Furr
Seconded: Shorter
Discussion: None
Motion Carried 

Action Item Review

See the Action Items Log wiki page

Staff Updates

LC Updates
Participant updates

Discussion

IAF-1400 for 45 day Public Review
Disposition of 800-63-2 -> IAF mapping documentation

Email from Richard Wilsher 2013-12-05 - The referenced document is attached to this page


Colleagues,

I attach a draft Working Group Report for IAWG Members’ review, with the purpose of adopting this document within the Kantara IAF document suite.

As explained in the Abstract, this report was produced for Kantara as a product of an undertaking sponsored by two Kantara members, to bring the Service Assessment Criteria (KI-IAF 1400) into full alignment with NIST’s SP 800-63-2. It was a specific output of the Statement of Work under which the SAC alignment was performed and is a partial re-structuring of NIST’s SP 800-63-2 with mappings into the SAC v4.0 (as the aligned SAC will be identified), performed under certain self-imposed restrictions (which are described in the Apologia, which appears on the second page of the document).

This report serves a number of valuable and distinct purposes:
i) it renders the essential parts of SP 800‑63‑2 as a much clearer set of requirements than in their original form;
ii) it provides a reference work which underpins and justifies the majority of the revisions made to the SAC v4.0 in order to achieve the alignment (a small number of other identified changes have been opportunistically introduced);
iii) it has enabled clarification of parts of the original NIST document which were ambiguous, unclear or otherwise doubtful, and records those clarifications;
iv) it facilitates service providers wishing to demonstrate their compliance with SP 800-63-2 by providing a set of discretely-referenceable requirements which the original document cannot support;
v) in addition to the above, it provides clear guidance where a US-specific profile for meeting both Kantara SAC requirements and SP 800-63 compliance should be developed (which would serve the same purpose for any other jurisdiction wishing to adopt SP 800-63);
vi) by virtue of the two points above, this WG report facilitates both internal and third-party review and assessment of services which are intended to specifically comply with 800-63-2’s provisions;
vii) finally, this report has the potential to act as a future, structurally-improved, revision to SP 800-63, as has been previously discussed with NIST personnel and was an intention of the original tasking. It will therefore be offered to NIST as a potential basis or stimulant for a future revision to 800-63.

This document has been previously circulated and reviewed a number of times by the IAWG during discussions concerning the mapping of the SAC to SP 800-63-2, at those times being identified as EZP-63-2, so its content should be no surprise to you – there’s been no material change there.

I am therefore recommending this report for adoption into the IAF doc suite, for which reason it has been given a fitting IAF reference / identity. I hope we can consider this during the meeting of Dec 12th. On its hopeful adoption I will render as a formal doc at v1.0 and submit to the Secretariat in PDF from for publication and Word form for archiving.

Best regards,
Richard.


 

 

FICAM TFS Program update comments from IAWG members - December 5 2013 meeting notes

FICAM TFS Program update comments from IAWG members - December 6 2013 meeting notes

Myisha Frasier-MacElveen (Chair), Rich Furr (Vice-Chair), Andrew Hughes (Secretary), Peter McDonald (Symantec), Nathan Faut (KPMG), Cathy (Daon), Scott Shorter (Electrosoft), Bill Braithwaite 

 

Logistics: 

AOB

 

Carry-forward Items

 

Attachments

 

 

Next Meeting