IAWG Issue Tracker 2019
 Share
The version of the browser you are using is no longer supported. Please upgrade to a supported browser.Dismiss

 
$
%
123
 
 
 
 
 
 
 
 
 
ABCDEFGHIJKLMNOPQRSTUVW
1
SubjectStatus (Planned/Ongoing/Closed)Information and Action required Lead/CoordinatorWork Plan Production timelines Reference MaterialNotes/CommentsBackground 
2
3
IAF 1050 - IAF Overview and GlossaryOngoing Public Comment and IPR review closed on July 5 (45 days). Editors will work on the DoC. Ken Dagg and Richard Wilsher July 2019
4
Send feedback to NIST on 800-63-3Completed IAWG approved the 5 Reports to submit to NIST. Ken submitted the Reports to NIST on Wednesdsay, July 10. Ken July 2019https://kantarainitiative.org/confluence/display/IAWG/Updated+Reports+for+Submission+to+NIST
5
DIACC Request for Review & Comment: Verified Login Component & Verified Login Conformance ProfileCompleted IAWG comments on DIACC Request for Review & Comment: Verified Login Component & Verified Login Conformance Profile. Ken Dagg Comments submitted on 2019-06-17DIACC Request for Review & Comment: Verified Login Component & Verified Login Conformance Profile
6
DIACC’s PCTFCompleted DIACC Request for Review and Comment: Pan Canadian Trust Framework Model OverviewKen Dagg Comments submitted on 2019-03-15
7
GSA TFS Program Process and Procedures Docs. Closed KDWIKI PAGE
8
Developing NIST 800-63-3 Implementation Guidance and Updates to SACClosed
The IAWG has updated the Service Assessment Criteria (SAC) in response to the three memos containing implementation guidance with respect to interpreting the NIST 800-63-3 requirements at AL2 that were issued in the summer. T

After the approval of the changes by All Member Ballot, we have published 3 revisions in the SACs:
KIAF 1410 (CO-SAC) version 2.0;
KIAF 1430 (63A_SAC) version 3.0 and
KIAF 1440 (63B_SAC) version 3.0.

Summary of the changes:

1) KIAF 1410 version 2.0 (CO-SAC). The following changes are included in this revision, mostly in relation to the requirement that the CSP actually demonstrate the availability of the services:
a) ‘AL[2/3/4]_CO_NUI#020 Service Definition inclusions’ has been modified to specifically mention ‘Authentication’ and to accommodate separate availability specification for different components of an overall service, with AL[2/3/4]_CO_SER#020 Demonstrated availability’ being introduced to require that availability be determined and therefore assessable.
b) Additional explanatory material added to §3.3;
You will see the changes with grey background.

2) Regarding KIAF 1430 (63A_SAC) version 3.0 and KIAF 1440 (63B_SAC) version 3.0, we have consolidated the changes by recording the differences between v2.0 and v3.0, please see the 2 pdfs ending in "diffs".

The OP-SAC, KIAF 1420, did not change.
Scott Shorter https://kantarainitiative.org/confluence/display/IAWG/Developing+NIST+800-63-3+implementation+guidance+-+3+memosIn March Scott Shorter proposed the following scope of work for NIST 800-63-3 Implementation Guidance, with participation across the TFS community: To provide a forum for submission, discussion and publications of interpretation guidance with respect to NIST 800-63-3 on topic areas such as:

a) Evaluating real types of evidence and verification/validation methods against 63A Tables 5-1, 5-2 and 5-3

b) Evaluating real types of authenticators, authentication protocols and authenticator lifecycle procedures against 63B requirements

c) Clarification of terminology that the source document leaves undefined or defines unclearly.
9
Classic SAC - Service availability criterion applicability flawClosed Discuss on Sep.13th: ALn_CM_CSM#040 applicability issue based on Richard Wilsher 8/9 email ScottTBC
10
IDESG- Kantara amalgamation and IDESG Trust Mark Closed On Jul 26th Colin introduced the process to take on the work artifacts, current workstreams, committees and membership of the IDESG and IAWG discussed possible impacts to the WG and IDESG a Kantara Trust MarkColin and Ken Dagghttps://kantarainitiative.org/7956-2/
11
DIACC RFP Closed Discuss on July 26th the DIACC Request for Proposal: Development of the Pan-Canadian Trust Framework

Andrew Hughes and Ken Dagg TBChttps://diacc.ca/2018/07/23/rfp-pctf-community/
12
Release 800-63A Service Assessment Criteria (KIAF-1430 63A_SAC) and Identity Assurance Framework NIST SP 800-63B Service Assessment Criteria (KIAF-1440 63B_SAC). Closed KI SAC for 800-63-3 was approved by All Member Ballot on March 19th; IAF 1430 (63A_SAC) and IAF 1440 (63B_SAC) were published as planned on March 21st. Available for Members Only at https://kantarainitiative.org/confluence/display/LC/Identity+Assurance+FrameworkKenMarch 21sthttps://kantarainitiative.org/confluence/display/IAWG/800-63-3Kantara has historically based its ‘Operational’ Service Assessment Criteria on a broad interpretation of NIST’s SP 800-63 rev.2. With SP 800-63 rev.3 coming into full effect from 2018-06-21, Kantara is gearing-up to extend its Trust Framework Program to also provide for assessments against 800-63 rev.3.

Kantara has developed criteria which will be used for SP 800-63 rev.3 conformity assessments for identity proofing and authentication functions, at the respective AL2, i.e. against the strictly normative requirements of SP 800-63A and ’63B at IAL2 and AAL2 respectively.

One document addresses the NIST requirements in SP 800-63A (KIAF-1430 63A_SAC v1.0) and the other the requirements in SP 800-63B (KIAF-1440 63B_SAC v1.0).
13
Refinement of CO-SAC IAF-1400 (non-material change) and Repackaging into IAF-1410 and IAF-1420.Closed IAF-1410 and IAF-1420 were approved on March 1st by IAWG and were published with IAF 1430 and IAF 1440 on March 21st. Available at https://kantarainitiative.org/confluence/display/LC/Identity+Assurance+FrameworkScott March 21st
14
NISTIR 8112 New release January 2018 ClosedIAWG decided they will not provide comments.KenTBDhttps://csrc.nist.gov/publications/detail/nistir/8112/final
15
16
List of requirements from ConOps and TF Certification Process drafts and recommendations Planned
Create a List of Requirements from ConOps and TF Certification Process
Analysis of impacts on Kantara’s TFOP.
Identify KI internal procedural amendments and changes to TFOP.
Make recommendations on revision of TFOP process and procedures.
TBC TBD
17
800-63-3 Sub-group Closed Dec. 14th IAWG approved 63A and 63B SACs for Public comment and IPR Review until Jan 29thRichard Wilsher Jan 29WIKI PAGEDec. 15th realease to 45-day Public Comment Period and IPR Review
18
Initiative to create a structure mapping between the KI IAF and other frameworks towards the improvement of comparability and IAF.next project Planned Meeting at Internet2 Global Summit April 23.
AndrewProposed Meeting Goals:
1) Confirm that the participating organizations and federations wish to continue to use a common structure for specification of rules for identity proofing, credential lifecycle management, identity information lifecycle management, credential verifiers/authentication and federation operations.

2) Discuss/decide on whether defining a common set of requirements that underpins our common IAF is a good objective

3) Analysis of the Kantara SAC. Review the implied requirements structure.

4) Decide on the path forward: resources, funding, organizational timing, other requirements.

5) Establish a Kantara WG to build out the requirements for IAF.next
During the TIIME Meeting in Vienna, February 2017 it was discussed the need to work together and find common ground within the informal profiles based or inspired in KI IAF, such as Incommon, GEANT, eIDAS, etc. The interested parties will meet during Internet2 Global Summit (April 23-26, WDC US) and start creating a straw man for a structure mapping between the frameworks and the KI IAF, including a common catalogue of risks.
19
Charter review and update ClosedCharter was approved by LCKen https://kantarainitiative.org/confluence/display/idassurance/2014+IAWG+Charter(AH suggested to focus on IAF as main objective, consider all innovations across the Identity space).
20
800-63-3 Public ReviewClosedComments were submitted to NIST on March 31st. New deadline extension on 800-63-3 (Sections A,B and C are closed). IAWG submitted comments to NIST on May 1st. Andrew and KenMay 1sthttps://pages.nist.gov/800-63-3/IAWG Comment WikipageWorking Plan: 1) Comment Period 2) Impact Analysis on IAF and Assurance program. //ARB was invited to engage on the review and comment period. Gathering comments methodology: general comments and then meetings dedicated to sections A, B and C (Feb 23rd. IAWG made general comments on 800-63-3. Scott will take notes of the discussions and comments during March and Ruth will help to compile them and add the final and approved comments to GitHub. March 2 IAWG reviewed SP 800-63A. On March 9th IAWG reviewed 800-63B. March 16th reviewed 800-63C). To follow up the discussions, please visit the IAWG Comment Wikipage: http://kantarainitiative.org/confluence/display/idassurance/800-63-3+KI+Comments+2017
21
SAC update project Closed D3 deliveredKen and RichardConsultants have finished D1, D2 and delivered first draft of D3.Service Assessment Criteria project to improve usability and clarity of the criteria, which includes adding statements of risk mitigation objectives
22
Wiki refresh Closed Overview after NIST 800-63-3 comment periodRuth May 2017
23
24
800-63-3 Potential impacts
Planned KD: Understand the potential gap (task IAWG volunteer or hire consultant). AH. How to approach it instead of getting a list of changes. 2 stages 1) 2-3 days PIR review, focus on "x" sections (someone competent and flexible). 2) Criteria review could take 60 or more days. Then come up with IAF 2.
25
IDEF Mapping to KI IAF - OperationalizationClosed for IAWGOperationalizationAndrew May 2017
26
Review of IDESG mapping to the KI IAFClosed Andrew https://kantarainitiative.org/confluence/display/idassurance/IDESG+Mapping+to+KI+IAF?src=contextnavchildmodeFebruary 9th IAWG approved the comments on the Mapping and Colin sent them to IDESG. January 15th: Andrew sent the spreadsheet containing draft comments to IDESG about the mapping of IDEF Baseline Requirements to IAF SAC to determine the amount of coverage an approved entity could expect to receive if applying to be listed on the IDESG Self-attestation Registry. The purpose of the maping spreadsheet is:
- For a Kantara-approved CSP that wants to apply for recognition in the IDESG Registry, the requirements marked "Full" are deemed to be met by the CSP's Kantara Approval.
- For "Partial" requirements, the CSP needs to do additional work to meet the IDESG Requirement.
27
NISTIR 8149Closed Scott NISTIR 8149*Colin submitted the comments to NIST on February 22nd. *February 9th IAWG approved the comments about NISTIR 8149 including the disenting comments from Zygma. *Scott sent the first round of comments to IAWG on December 16th. *Richard Wilsher has commented the following on December 16th: "I feel compelled to observe that these remarks are far from the opinions I hold about this IR, and they don’t really come very close to those I thought I heard aired when the IR was discussed during an IAWG call some months back...."

IAWG Feb 9th meeting notes
28
IAWG Elections Closed Ken Early MarchOperating Procedures. Candidates and nominations: Ken as Chair; Scott as Vice-Chair and Denny as SecretaryCall for Nominations
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
Loading...