[WG-IDAssurance] Working Group Report for IAWG's consideration and approval

Richard G. WILSHER (Zygma CEO) RGW at Zygma.biz
Wed Dec 4 22:57:54 CST 2013


Colleagues,



I attach a draft Working Group Report for IAWG Members’ review, with the purpose of adopting this document within the Kantara IAF document suite.  



As explained in the Abstract, this report was produced for Kantara as a product of an undertaking sponsored by two Kantara members, to bring the Service Assessment Criteria (KI-IAF 1400) into full alignment with NIST’s SP 800-63-2.  It was a specific output of the Statement of Work under which the SAC alignment was performed and is a partial re-structuring of NIST’s SP 800-63-2 with mappings into the SAC v4.0 (as the aligned SAC will be identified), performed under certain self-imposed restrictions (which are described in the Apologia, which appears on the second page of the document).

 

This report serves a number of valuable and distinct purposes:

i)               it renders the essential parts of SP 800‑63‑2 as a much clearer set of requirements than in their original form;

ii)              it provides a reference work which underpins and justifies the majority of the revisions made to the SAC v4.0 in order to achieve the alignment (a small number of other identified changes have been opportunistically introduced);

iii)            it has enabled clarification of parts of the original NIST document which were ambiguous, unclear or otherwise doubtful, and records those clarifications;

iv)            it facilitates service providers wishing to demonstrate their compliance with SP 800-63-2 by providing a set of discretely-referenceable requirements which the original document cannot support;

v)             in addition to the above, it provides clear guidance where a US-specific profile for meeting both Kantara SAC requirements and SP 800-63 compliance should be developed (which would serve the same purpose for any other jurisdiction wishing to adopt SP 800-63);

vi)            by virtue of the two points above, this WG report facilitates both internal and third-party review and assessment of services which are intended to specifically comply with 800-63-2’s provisions;

vii)          finally, this report has the potential to act as a future, structurally-improved, revision to SP 800-63, as has been previously discussed with NIST personnel and was an intention of the original tasking.  It will therefore be offered to NIST as a potential basis or stimulant for a future revision to 800-63.


This document has been previously circulated and reviewed a number of times by the IAWG during discussions concerning the mapping of the SAC to SP 800-63-2, at those times being identified as EZP-63-2, so its content should be no surprise to you – there’s been no material change there.

 

I am therefore recommending this report for adoption into the IAF doc suite, for which reason it has been given a fitting IAF reference / identity.  I hope we can consider this during the meeting of Dec 12th.  On its hopeful adoption I will render as a formal doc at v1.0 and submit to the Secretariat in PDF from for publication and Word form for archiving.

Best regards,
Richard.

 

Richard G. WILSHER
Founder & CEO
cid:image001.jpg at 01CEC9E9.E9D38700
O:  +1 714 965 99 42
M: +1 714 797 99 42
E:    <mailto:RGW at Zygma.biz> RGW at Zygma.biz
W:   <http://www.zygma.biz/> www.Zygma.biz

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kantarainitiative.org/pipermail/wg-idassurance/attachments/20131205/bf6ae2fb/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 2113 bytes
Desc: not available
URL: <http://kantarainitiative.org/pipermail/wg-idassurance/attachments/20131205/bf6ae2fb/attachment-0001.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Kantara IAF-1463 SEAG (WG Report) v0-2.docx
Type: application/vnd.openxmlformats-officedocument.wordprocessingml.document
Size: 866556 bytes
Desc: not available
URL: <http://kantarainitiative.org/pipermail/wg-idassurance/attachments/20131205/bf6ae2fb/attachment-0001.docx>


More information about the WG-IDAssurance mailing list