Link to IAWG Roster
As of 2015-01-22, quorum is 6 of 11
Use the Info box below to record the meeting quorum status
Meeting achieved quorum
Motion to approve minutes: Cathy Tilton moves to approve the 11-06, 11-20, 12-11, 01-08, 01-15, 01-22 minutes
Seconded: Lee Aber
Discussion: Motion Carried
Andrew Hughes reported from the plenary, last week was the 12th plenary in Atlanta at the GTRU facility. Developing requirements that will feed to a self-attestation approval program for joining the NSTIC ecosystem. OASIS worked to prepare a number of drafts that were positively accepted. Mentioned Marc-Anthony Signorino as new executive director of IDESG. InfoTrust has an electronic credential based service based on DMV data for access to state e-gov services. Cathy noted that there isi work to be done on the developing the components in the functional model. Overall positive plenary. Also, IDESG is looking for donors.
Joni has a question - could we think of this report in the Kantara Initiative context? How do we frame that in terms of this group and what we do next? Andrew - biggest intersection point is at the point of recognizing entities that wish to be included in the NSTIC identity ecosystem. It's a fairly straightforward qualification process so far for organizations to support NSTIC principles. Jack Seuss and Andrew are chair and vice chair of the trust framework committee, working to ensure a faster path for federation operators to come on board. Andrew suggests that may be a point of interface between IDESG and Kantara, this work will be over the next 4 months or so.
Joni reports from International Identity Summit in Mexico, government to government communications on identity management and identity assurance. US, UK, CA, NZ, Mexico, Denmark, Japan. Industry day allows connection between industry and government representatives, so that was well attended. Presentation on the work of the IAWG and the trust framework program, interest from governments including Australia who has been studying the framework for some time. Presentations from a number of KI members, including SecureKey Experian and ForgeRock.
Ken asked if RP principles were discussed. Unofficial responses from CA, UK, Denmark and US were all supportive of the concept. Joni will work to connect IAWG to other group going on.
Joni updated on the Health Identity WG, strong interest from the healthcare space, from organizations working around e-prescribing and Federal rules in that area. Strong interest in the program as a baseline from NIST. Discussions with GSA & SAFE-BioPharma, and ICAM program and Kantara IAF are well positioned to take advantage of the opportunity. Will look for ways that ICAM and ONC can collaborate on attributes and other interoperability concerns. Will kick off in the next week or two, Pete Palmer and Peter Alterman. This will be taking place in the health working group call. Announcement should be imminent.
Ken asks if other meetings were attended to report on?
Ken reports that the ARB did meet, we can discuss that item during any other bus
Discussion of the attached spreadsheet.
Andrew Hughes volunteered to organize how IAWG approaches the NIST 800-63 RFI response. The question becomes how far is Kantara willing to go in suggesting changes. We're expecting the RFI to be a set of questions around the use of levels of assurance (whether to keep or not), and whether NIST be should the organization authoring 800-63 going forward.
Ken Dagg noted that the active review cycle and privacy are also highly prioritized items.
RGW notes that the review cycle, the SAC was broken into sections, and some criteria appear multiple times, suggests removing that inefficiency. Whether all criteria are really justified - why do we ask it and how does it improve with improved identity assurance and confidence. For example criteria regarding suspension of inactive accounts may not actually add to identity assurance. Ken asks if RGW is asking for a process for identifying anomalies and dealing with them. RGW agreed.
Ken suggests we revisit active review and update cycle and privacy considerations next week.
Ken was asked by ARB whether the 1600 assessor qualifications document could be moved from IAWG to ARB responsibility for the document. RGW adds that ARB also requested 1800 rules for assurance assessments. Justification is that they are ARB operational documents rather than being trust framework provider related criteria.
Richard Wilsher moved that IAF-1600 and IAF-1800 be put under the authority of the ARB. Scott Shorter seconded it. Chair asked for objections, hearing none the motion carried. Ken noted that he will inform the ARB that they have authorship of those documents.
To be clear, the documents will remain within the Kantara IAF, but authorship will pass to the ARB.