Kantara Initiative Identity Assurance WG Teleconference
DRAFT Meeting Minutes - IAWG approval required
Date and Time
- Roll Call
- Agenda Confirmation
- Minutes approval: IAWG Meeting Minutes 2014-05-15
- Action Item Review
- Staff reports and updates
- LC reports and updates
- Call for Tweet-worthy items to feed (@KantaraNews or #kantara)
- Updated S3A document from R. Wilsher et al.
- FICAM TFPAP Mapping update
- Attributes thread discussion if time permits
Link to IAWG Roster
As of 2014 May 6, quorum is 7 of 11
- Rich Furr ( C)
- Andrew Hughes (S)
- Scott Shorter
- Kenneth Myers
- Bill Braithwaite
- Cathy Tilton
- Richard Wilsher
- Paul Calatayud (V-C)
- Adam Madlin
Notes & Minutes
IAWG Meeting Minutes 2014-05-15
Motion to approve minutes of 2014-05-15: Shorter
- Discussion of Attributes thread - Rich and Sal D. will talk about how to fire up the AIMWG to work on this
- Focus on ATOS issues and Assurance issues
- LC will take this to Trustees for confirmation that effort is needed
- ACTION: ACH to summarize the thread on Attributes
- The Trustees have indicated that they are considering project funding requests from working groups - LC is preparing the forms needed to describe project requests. Stay tuned.
- Discussion on Draft S3A document
- FICAM TFS is based on comparability of TFs to what FICAM has (processes)
- Concern is that the comparability is more the exception rather than the rule in the document - true?
- Bjorn - pretty close - if an alternative approach is implemented, then it should be evaluated to determine if it is comparable to the original intention
- RGW - the document is looking at comparability to the Kantara Framework criteria
- Rich - the question is more a question of comparability between what things
- RGW - caution that FICAM is not the totality of Kantara's role - if a service provider is not concerned about FICAM then they should not necessarily be evaluated against the original FICAM comparability rules
- Scott - the IAF criteria are comparable to FICAM requirements. They should be met - but should be allowed to meet the criteria using 'comparable' ways.
- The word 'exception' is causing grief.
- Intent is that the risks are evaluated and mitigated appropriately if the criteria are not met exactly as described, but using a different way.
- Bjorn - this is more a question of 'comparable controls' not 'comparable conformity'
- RGW - sees it the other way around
- Maybe: the criteria are based on requirements to mitigate risks; the criteria often describe ways to mitigate that risk; if the controls are the same as the criteria then no issue; if the controls do not match but meet the underlying requirements then they are 'comparable controls'
- Carry over to May 29 to allow for document to be read.
- FICAM Mapping work
- Work continues on the 'core' criteria
- Spreadsheet has been developed by Furr and Alterman
- Mapping of threat vectors to requirements and FICAM element
- In a review cycle right now
- Discussion on S3A updates