IAWG Issue Tracker 2020
The version of the browser you are using is no longer supported. Please upgrade to a supported browser.Dismiss

View only
SubjectStatus (Planned/Ongoing/Closed)Information and Action required Lead/CoordinatorWork Plan Production timelines Reference MaterialNotes/CommentsBackground 
Annual Charter Review Ongoing Confirm if the Charter needs a revision - https://kantarainitiative.org/confluence/display/IAWG/IAWG+CharterKen Dagg2020-12-10
Consider Reviewing New Zealand's latest Digital Identity StandardsPlanned https://www.digital.govt.nz/standards-and-guidance/identification-management/TBCTBC
12-month review of all the criteria Planned12 month review of KI SACsRichard Wilsher TBC
Initial Inputs on UK digital identity and attributes trust framework (UK DCMS) Completed Sub-group developing comments on the drafts 2020-12-10
Consultation about proposed Australian Digital Identity legislationCompleted Prepare response to the Consultation about proposed Australian Digital Identity legislation, see https://haveyoursay.digitalidentity.gov.au/Ken2020-12-18
IAWG Leadership ElectionClosed Nominees were appointed by acclamation. Staff2020-12-03Operating Procedures
Overview of the Foster Bill with Jeremy Grant, Better Identity Coalition ClosedRecording Available at: https://kantarainitiative.org/download/overview-of-the-foster-bill-with-jeremy-grant-better-identity-coalition-november-11th-2020/ Colin Wallis2020-11-11https://foster.house.gov/media/press-releases/foster-introduces-bipartisan-digital-identity-legislation
Province of Ontario (Canada) TBS Market Consultation for Digital Identity Ecosystem.Closed https://kantarainitiative.org/confluence/display/IAWG/Kantara+responses+to+the+Province+of+Ontario+Market+ConsultationKen DaggNovember 16th
Comment and Review Scottish Government Digital Identity Scotland - Beta StageClosed Kantara Response for DIS SAPS https://kantarainitiative.org/confluence/display/IAWG/Kantara+response+to+the+Scottish+Government+Engagement+Day+questions Colin Wallis2020-10-26https://kantarainitiative.org/confluence/display/IAWG/Scottish+Government+digital+identity+strategy+and+requirements+-+Call+for+Comments
UK GDS draftsOpen - waiting for draftsIdentity and Attributes Exchange (IAX) drafts KenTBChttps://kantarainitiative.org/confluence/display/IAWG/UK+GDS
UK DCMS Digital identity policy development Closed DCMS Digital Identity policy development - See Kantara Response: https://kantarainitiative.org/confluence/display/IAWG/Kantara+response+to+UK+DMCS+questionnaire+on+Digital+Identity+policy-+2020 Mark King and Colin October 12th
EU Public Consultation on eIDAS regulation Closed On October 1st, IAWG comments were submitted to the European Commission https://kantarainitiative.org/confluence/display/IAWG/Kantara+Comments+on+eIDAS+regulation+-+20201001 Mark King Deadline for Comments: October 2ndhttps://ec.europa.eu/digital-single-market/en/news/digital-identity-and-trust-commission-launches-public-consultation-eidas-regulation
xAL3 criteria (AAL3, IAL3, FAL3) Closed IAF Major release on Thursday, October 15th Richard Wilsher October 2020
Approve Revised Glossary Closed IAWG approval on 2020-08-13: https://kantarainitiative.org/confluence/pages/viewpage.action?pageId=132743335 Richard Wilsher August 13th
Review SoCA Templates Closed Statement of Criteria Applicability templates: https://kantarainitiative.org/confluence/pages/viewpage.action?pageId=133366169Richard Wilsher TBC
Provide Comments on NIST 800-63-3 Closed See Kantara Comments and proposed changes to SP 800-63-3 to ultimately lead to Revision 4 here: https://kantarainitiative.org/confluence/display/IAWG/Kantara+Initiative+Comments+with+Proposed+Changes+to+SP+800-63+Rev3 Ken Deadline for Comments: August 10th, 2020https://csrc.nist.gov/publications/detail/sp/800-63/4/draft
63C_SAC at FAL2 Public Comment and IPR Review Closed2020-06-03: IAWG Approved KIAF NIST SP 800-63C Service Assessment Criteria at FAL2; KIAF 1450. It was under Public Comment and IPR Review (45 days) until July 24th. No comments were received.Ken and RichardJuly 2020https://kantarainitiative.org/confluence/display/IAWG/KIAF+1450+-+63C_FAL2
xAL3 SAC development SubgroupClosedConclusion of the Work of the XAL3 Sub Group. The subgroup completed the AAL3 and FAL3 review on 2020-07-22. IAWG approved IAL3 on 2020-07-09. Ken and RichardStarted: 2020-06-03 Completion: September 2020 TBChttps://kantarainitiative.org/confluence/display/IAWG/xAL3+SAC+sub-group
Request for Review and Comment: 63A_SAC at IAL2 and IAL3Closed https://kantarainitiative.org/confluence/display/IAWG/Request+for+Review+and+Comment:+63A_SAC+at+IAL2+and+IAL3RichardClosed on 2020-07-02
DIACC request for comment on new PCTF component Closed DIACC request for comment and IPR Review on the Credentials (Relationships & Attributes) Draft Recommendations, which describe requirements for processes related to attributes and relationships and provides criteria to measure compliance with those requirements. IAWG is preparing comments (continue discussion on 2020-06-18).Ken Comments are due by July 2, 2020 at 23:59PT.https://diacc.ca/2020/06/01/credentials-overview-conformance-draft-recommendations/
Review and Comment on PCTF Verified Person, Privacy, and Glossary Draft Recommendations V1.0. Closed IAWG submitted comments to DIACC on April 16th. Ken Closes: April 30, 2020 at 23:59 PSThttps://diacc.ca/interoperability/verified-person-privacy-glossary-draft-recommendations/
ARB findings on OP-SAC related to Classic at LoA3Closed ARB has found that the Classic OP-SAC AL3_CM_CRN#040 (token strength) and AL3_CM_CRN#050 (Onetime password strength) might address insufficient protection against security risks, such as phishing attacks. Therefore, they asked guidance to IAWG on a) if they should recommend to the CSP that in addition to fulfilling all requirements in the SAC, it should closely follow the evolving landscape around phishing-resistant authentication technologies OR b) IAWG will develop guidance on this regard. IAWG discussed the issue on 2020-02-20. IAWG added a phrase to item g) in the list of AL3_CM_CTR#020 Protocol threat risk assessment and controls. Richard sent the new wording to IAWG on March 21st. The IAWG approved the updated text of the OP-SAC on March 26, 2020. Richard Wilsher March 2020IAF 1420 - OP-SAC
Review and Comment on PCTF organization component Closed IAWG Comments on PCTF organization component submitted to DIACC on March 17th, 2020KenDeadline: March 19th https://diacc.ca/interoperability/verified-organization-overview-conformance-draft-recommendations/
Review and Comment on UK GDS document Closed
Provided input to UK Government Digital Services on
their GPG44 (Using authenticators to protect an online
KenEnd of February https://www.gov.uk/government/publications/authentication-credentials-for-online-government-services
Comments on Verified Login Component and Conformance Profile of the Pan Canadian Trust Framework (PCTF) Closed IAWG Comments on the updated PCTF Verified Login Component and Conformance Profile were submitted to DIACC on 2020-01-17 You can see the comments here:
Ken DaggJanuary 16th 2020https://kantarainitiative.org/confluence/display/IAWG/Comments+to+DIACC+on+PCTF+Verified+Login+Component+and+Conformance+Profile+v1.0
IAF 1050 - IAF Overview and GlossaryClosed Approved by AMB on 2019-11-26. Ready to be published Ken Dagg and Richard Wilsher
UK DCMS Call for evidence on Digital Identity Closed https://kantarainitiative.org/confluence/display/IAWG/Kantara+response+to+UK+DCMS%27s+Digital+Identity+CfE+-+2019Ken Dagg and Colin
DIACC request for review and comment: PCTF Privacy Component Overview & Conformance Profile.Closed https://kantarainitiative.org/confluence/display/IAWG/Comments+to+DIACC+on+PCTF+-+2019Ken Dagg
Send feedback to NIST on 800-63-3Closedhttps://kantarainitiative.org/confluence/display/IAWG/Feedback+to+NIST+2019+and+follow+up+process Ken July 2019https://kantarainitiative.org/confluence/display/IAWG/Updated+Reports+for+Submission+to+NIST
DIACC Request for Review & Comment: Verified Login Component & Verified Login Conformance ProfileClosedIAWG comments on DIACC Request for Review & Comment: Verified Login Component & Verified Login Conformance Profile. Ken Dagg Comments submitted on 2019-06-17DIACC Request for Review & Comment: Verified Login Component & Verified Login Conformance Profile
DIACC’s PCTFClosedDIACC Request for Review and Comment: Pan Canadian Trust Framework Model OverviewKen Dagg Comments submitted on 2019-03-15
GSA TFS Program Process and Procedures Docs. Closed KDWIKI PAGE
Developing NIST 800-63-3 Implementation Guidance and Updates to SACClosed
The IAWG has updated the Service Assessment Criteria (SAC) in response to the three memos containing implementation guidance with respect to interpreting the NIST 800-63-3 requirements at AL2 that were issued in the summer. T

After the approval of the changes by All Member Ballot, we have published 3 revisions in the SACs:
KIAF 1410 (CO-SAC) version 2.0;
KIAF 1430 (63A_SAC) version 3.0 and
KIAF 1440 (63B_SAC) version 3.0.

Summary of the changes:

1) KIAF 1410 version 2.0 (CO-SAC). The following changes are included in this revision, mostly in relation to the requirement that the CSP actually demonstrate the availability of the services:
a) ‘AL[2/3/4]_CO_NUI#020 Service Definition inclusions’ has been modified to specifically mention ‘Authentication’ and to accommodate separate availability specification for different components of an overall service, with AL[2/3/4]_CO_SER#020 Demonstrated availability’ being introduced to require that availability be determined and therefore assessable.
b) Additional explanatory material added to §3.3;
You will see the changes with grey background.

2) Regarding KIAF 1430 (63A_SAC) version 3.0 and KIAF 1440 (63B_SAC) version 3.0, we have consolidated the changes by recording the differences between v2.0 and v3.0, please see the 2 pdfs ending in "diffs".

The OP-SAC, KIAF 1420, did not change.
Scott Shorter https://kantarainitiative.org/confluence/display/IAWG/Developing+NIST+800-63-3+implementation+guidance+-+3+memosIn March Scott Shorter proposed the following scope of work for NIST 800-63-3 Implementation Guidance, with participation across the TFS community: To provide a forum for submission, discussion and publications of interpretation guidance with respect to NIST 800-63-3 on topic areas such as:

a) Evaluating real types of evidence and verification/validation methods against 63A Tables 5-1, 5-2 and 5-3

b) Evaluating real types of authenticators, authentication protocols and authenticator lifecycle procedures against 63B requirements

c) Clarification of terminology that the source document leaves undefined or defines unclearly.
Classic SAC - Service availability criterion applicability flawClosed Discuss on Sep.13th: ALn_CM_CSM#040 applicability issue based on Richard Wilsher 8/9 email ScottTBC
IDESG- Kantara amalgamation and IDESG Trust Mark Closed On Jul 26th Colin introduced the process to take on the work artifacts, current workstreams, committees and membership of the IDESG and IAWG discussed possible impacts to the WG and IDESG a Kantara Trust MarkColin and Ken Dagghttps://kantarainitiative.org/7956-2/
DIACC RFP Closed Discuss on July 26th the DIACC Request for Proposal: Development of the Pan-Canadian Trust Framework

Andrew Hughes and Ken Dagg TBChttps://diacc.ca/2018/07/23/rfp-pctf-community/
Release 800-63A Service Assessment Criteria (KIAF-1430 63A_SAC) and Identity Assurance Framework NIST SP 800-63B Service Assessment Criteria (KIAF-1440 63B_SAC). Closed KI SAC for 800-63-3 was approved by All Member Ballot on March 19th; IAF 1430 (63A_SAC) and IAF 1440 (63B_SAC) were published as planned on March 21st. Available for Members Only at https://kantarainitiative.org/confluence/display/LC/Identity+Assurance+FrameworkKenMarch 21sthttps://kantarainitiative.org/confluence/display/IAWG/800-63-3Kantara has historically based its ‘Operational’ Service Assessment Criteria on a broad interpretation of NIST’s SP 800-63 rev.2. With SP 800-63 rev.3 coming into full effect from 2018-06-21, Kantara is gearing-up to extend its Trust Framework Program to also provide for assessments against 800-63 rev.3.

Kantara has developed criteria which will be used for SP 800-63 rev.3 conformity assessments for identity proofing and authentication functions, at the respective AL2, i.e. against the strictly normative requirements of SP 800-63A and ’63B at IAL2 and AAL2 respectively.

One document addresses the NIST requirements in SP 800-63A (KIAF-1430 63A_SAC v1.0) and the other the requirements in SP 800-63B (KIAF-1440 63B_SAC v1.0).
Refinement of CO-SAC IAF-1400 (non-material change) and Repackaging into IAF-1410 and IAF-1420.Closed IAF-1410 and IAF-1420 were approved on March 1st by IAWG and were published with IAF 1430 and IAF 1440 on March 21st. Available at https://kantarainitiative.org/confluence/display/LC/Identity+Assurance+FrameworkScott March 21st
NISTIR 8112 New release January 2018 ClosedIAWG decided they will not provide comments.KenTBDhttps://csrc.nist.gov/publications/detail/nistir/8112/final
List of requirements from ConOps and TF Certification Process drafts and recommendations Planned
Create a List of Requirements from ConOps and TF Certification Process
Analysis of impacts on Kantara’s TFOP.
Identify KI internal procedural amendments and changes to TFOP.
Make recommendations on revision of TFOP process and procedures.
800-63-3 Sub-group Closed Dec. 14th IAWG approved 63A and 63B SACs for Public comment and IPR Review until Jan 29thRichard Wilsher Jan 29WIKI PAGEDec. 15th realease to 45-day Public Comment Period and IPR Review
Initiative to create a structure mapping between the KI IAF and other frameworks towards the improvement of comparability and IAF.next project Planned Meeting at Internet2 Global Summit April 23.
AndrewProposed Meeting Goals:
1) Confirm that the participating organizations and federations wish to continue to use a common structure for specification of rules for identity proofing, credential lifecycle management, identity information lifecycle management, credential verifiers/authentication and federation operations.

2) Discuss/decide on whether defining a common set of requirements that underpins our common IAF is a good objective

3) Analysis of the Kantara SAC. Review the implied requirements structure.

4) Decide on the path forward: resources, funding, organizational timing, other requirements.

5) Establish a Kantara WG to build out the requirements for IAF.next
During the TIIME Meeting in Vienna, February 2017 it was discussed the need to work together and find common ground within the informal profiles based or inspired in KI IAF, such as Incommon, GEANT, eIDAS, etc. The interested parties will meet during Internet2 Global Summit (April 23-26, WDC US) and start creating a straw man for a structure mapping between the frameworks and the KI IAF, including a common catalogue of risks.
Charter review and update ClosedCharter was approved by LCKen https://kantarainitiative.org/confluence/display/idassurance/2014+IAWG+Charter(AH suggested to focus on IAF as main objective, consider all innovations across the Identity space).
800-63-3 Public ReviewClosedComments were submitted to NIST on March 31st. New deadline extension on 800-63-3 (Sections A,B and C are closed). IAWG submitted comments to NIST on May 1st. Andrew and KenMay 1sthttps://pages.nist.gov/800-63-3/IAWG Comment WikipageWorking Plan: 1) Comment Period 2) Impact Analysis on IAF and Assurance program. //ARB was invited to engage on the review and comment period. Gathering comments methodology: general comments and then meetings dedicated to sections A, B and C (Feb 23rd. IAWG made general comments on 800-63-3. Scott will take notes of the discussions and comments during March and Ruth will help to compile them and add the final and approved comments to GitHub. March 2 IAWG reviewed SP 800-63A. On March 9th IAWG reviewed 800-63B. March 16th reviewed 800-63C). To follow up the discussions, please visit the IAWG Comment Wikipage: http://kantarainitiative.org/confluence/display/idassurance/800-63-3+KI+Comments+2017
SAC update project Closed D3 deliveredKen and RichardConsultants have finished D1, D2 and delivered first draft of D3.Service Assessment Criteria project to improve usability and clarity of the criteria, which includes adding statements of risk mitigation objectives
Wiki refresh Closed Overview after NIST 800-63-3 comment periodRuth May 2017
800-63-3 Potential impacts
ClosedKD: Understand the potential gap (task IAWG volunteer or hire consultant). AH. How to approach it instead of getting a list of changes. 2 stages 1) 2-3 days PIR review, focus on "x" sections (someone competent and flexible). 2) Criteria review could take 60 or more days. Then come up with IAF 2.
IDEF Mapping to KI IAF - OperationalizationClosed for IAWGOperationalizationAndrew May 2017
Review of IDESG mapping to the KI IAFClosed Andrew https://kantarainitiative.org/confluence/display/idassurance/IDESG+Mapping+to+KI+IAF?src=contextnavchildmodeFebruary 9th IAWG approved the comments on the Mapping and Colin sent them to IDESG. January 15th: Andrew sent the spreadsheet containing draft comments to IDESG about the mapping of IDEF Baseline Requirements to IAF SAC to determine the amount of coverage an approved entity could expect to receive if applying to be listed on the IDESG Self-attestation Registry. The purpose of the maping spreadsheet is:
- For a Kantara-approved CSP that wants to apply for recognition in the IDESG Registry, the requirements marked "Full" are deemed to be met by the CSP's Kantara Approval.
- For "Partial" requirements, the CSP needs to do additional work to meet the IDESG Requirement.
NISTIR 8149Closed Scott NISTIR 8149*Colin submitted the comments to NIST on February 22nd. *February 9th IAWG approved the comments about NISTIR 8149 including the disenting comments from Zygma. *Scott sent the first round of comments to IAWG on December 16th. *Richard Wilsher has commented the following on December 16th: "I feel compelled to observe that these remarks are far from the opinions I hold about this IR, and they don’t really come very close to those I thought I heard aired when the IR was discussed during an IAWG call some months back...."

IAWG Feb 9th meeting notes
IAWG Elections Closed Ken Early MarchOperating Procedures. Candidates and nominations: Ken as Chair; Scott as Vice-Chair and Denny as SecretaryCall for Nominations