Link to IAWG Roster
As of 2015-01-22, quorum is 6 of 11
Use the Info box below to record the meeting quorum status
To be done next call.
Action Item Review
Joni Brennan update - we have a number of approvals that have come through recently, a number of announcements in the next weeks. Quite busy - speaks to the growth of the program and progress around connect.gov regarding higher levels of assurance.
Challenge - given that the program has become more active and more "real", we're finding areas for clarification and optimization. Kantara has been working with FICAM and their request for infomation - we're hoping to find ways to work with FICAM more effectively and optimize the progress in the future. A challenge but also signs of progress.
Kantara did send in feedback compiled from IAWG.
Ruth did not receive word of a formal response incoming.
Joni said they will follow up on that. Moving on from the program - the board of trustees is very interested in understanding the IAWG's understanding of where the SAC can use improvement. High interest - Joni is working to put together a straw man plan for this to bring to the IAWG.
Joni mentioned Identity ecosystem published ID Ecosystem framework, looking for a place for Kantara framework to be recognized as a component. We need to understand that in more quantifiable details.
The Oxford BioChronometrics presentation was well received. Remote identity proofing challenges from the government side, the FICAM program is interested in informal findings and what's possible.
Andrew introduces, reminds us he's serving as Vice Chair of the Plenary for the IDESG. Congrats to all for the publication. The framework is out, it's pretty good. There's a framework for C&A, self attestation scheme underway for organizations to sign up. Current topic of discussion is how to relate to and support trust framework providers that exist out there.
Scott asks about the absence of identity proofing in the doc.
Joni asks are there initial thoughts about how KI requirements line up with the IDEF requirements.
Andrew says the TFTM committee is creating a subgroup to discuss what it means to relate to other trust framework providers. Right now there are two main paths - unclear which will be selected. One would be doing cross comparability study, looking at equivalency of IDEF to other frameworks, other major option is to do a scoring of trust frameworks to determine if they cover which requirements of an IDEF.
Joni - understood that the IDESG has that work to do. In our domain - how does the IAF relate to their framework.
Adam would add to Joni's question, would support helping to move forward the answering. Have been and will be working to list Symantec on the self asserted listing service (SALS: http://www.idesg.org/The-ID-Ecosystem/SALS-Registry).
Andrew asks Christine if there's any insight into the SALS process and their participation within the IDESG. Is there a sense if anyone is interested in bringing their certifications to the table.
Christine responds that the pilot programs did comment on the IDEF requirements among others in the process. Next step could be to map the requirements between the frameworks to see about overlaps and gaps.
Joni agrees that such a mapping would bring value.
Andrew notes that an easy action for now would be to remind the Kantara approved CSPs that IAWG would like to hear if they are going through the IDEF process, do they find gaps in the work they have to do anyway. Adam Madlin agrees with that strategy.
Scott mentioned pseudonymity being in the framework but not currently supported in Kantara. Should plan to address that on all sides.
Joni drops out again with additional congratulations to the IDESG.
Comments to FICAM have been provided, we don't know what follow on steps FICAM is providing.
One observation is that the survey was very informal, not a survey at all. Something triggered the interest in remote proofing, IRS breach or OPM breach or whatever. The closer we work with the trust framework authority to shape things up the better we're all be. Hopefully they will provide more insight.
Cross walk between ISO 29115 and the Kantara SAC. There's an outstanding discussion item for what we do with it. Do we have to do deeper analysis of the mapping.