Board of Trustees Minutes - 2011 Berlin F2F

These minutes have been APPROVED by the Board of Trustees.

Action Summary

MONDAY

Events Planning Review and Target Events and Marketing

• Dervla provided an update regarding the 2011 KI Event Summary including Cross Sponsorships and
  KI Events. Matthew suggested adding the Cloud Security Alliance event in November as a cross
  sponsorship opportunity. Privacy and Usability (June 28) event should be added per Lucy.
• Dervla, Joni, John in talks with Catalyst representatives for a possible BoF (vs. Interop or Workshop).
• Location is being decided for the Oct 26-28 Kantara F2F seeking Washington, DC

Action - Peter and Dervla to look into Computer Society (IEEE) options in DC

Calendar:

• OIX (Open Identity Exchange) events should be included for the opportunities to cross promote and/or support the white paper (Colin suggestion). In addition the Japan WG June event should be added.
• April conference should be added (Colin) – Name of Conf?
• W3C conference should be added for 2012
• OASIS meeting in Slough should be added
• E-Challenges – European Commission Sponsored Event – Nat suggested having some exposure at the event.
• OECD Meeting
• Kantara/Summit meeting for next year in Munich?
• Idea about having a board/WG meeting then solely Board update.

Action – Dervla to develop Centralized Identity Community Calendar – there is no calendar for identity
related events to be hosted for Kantara.
Action – Doc, Kaliya, Phil conversation to discuss planning for events.

• IIW educational session ; with coordinated Kantara Working Sessions prior to or after.

MARKETING UPDATE

• For IDDY Awards in 2012 to collaborate with Identity Commons vs. RSA.
• Interop –
  o OpenID is developing an interop-type event.
  o Kantara should continue to evolve its strategy with Interop
• PR – Assessor/Accreditors of assurance programs should be pursued with a press release.
• Kantara blog and contributed articles on identity.
• Learning center is being pursued for the Wiki and public website content – video
• Public website overhaul is needed – Anna and Dervla are working on this.
• Mark Lazar could possibly be contacted for a contributed article.

Challenges/Opportunities

• Assurance program is a challenge

Recruiting additional paid memberships in the organization Limited resources/bandwidth

Opportunities

• Membership Development Activities

Dervla reviewed the Marketing Strategy noting

OpenID Foundation – IP discussion

• There is a desire to clarify the intent of Kantara as it relates to IP assertions.

Motion --Authorize Executive Director on behalf of Kantara Initiative to join the OpenID AB WG.
John moved / Lucy second. Motion approved unanimously.

Motion – John - moved / Lucy second – Issue a communication to IRB - Intend that the IRB
and the necessary subcommittee to participate in the development of a program to support
the work product of the OpenID AB WG for the purpose of developing a Kantara certification
program for their specification. Motion was approved unanimously.

Action - The IRB webpage needs to be updated

Colin report from last week

• OIX and Kantara meeting last week. Purpose of the meeting was to position the work and
  objectives of the respective organizations. OIX endorsed the direction and scope of the Trust
  Framework and wanted to support its normalization/internationalization. To demonstrate
  their support OIX wants to release a new version of the Trust Framework White Paper (v2)
  to introduce the metamodel. OIX to contract a resource to write the white paper, with the
  resulting work be contributed back to Kantara. Goal is to have an update to the Open Identity
  Trust Framework for 8 June.

PM Break

Interoperability Review Board (IRB)

Leif provided an update on the IRB. IRB adopted Liberty framework for testing rebranded as Kantara. Ad Hoc interop group has been chartered to facilitate documentation development.

• 4 vendors / 5 products
• Need to increase interest in the testing activity
• Concerns – getting the appropriate resources for IOP testing is difficult.
• Testing needs to be approached differently moving forward.
• Implementation dynamics is quite different for the specs today.
• Kantara would need to manage and administer the program.

Next Steps:

• Writing tests, project mgmt, managing results.
• IRB should make a preliminary proposal to the OpenID Foundation regarding the collaboration on testing, automated tests, and development of debug test tools.
• The effort will require a contracted resource to develop.
• Service should be cost recovery / neutral ; subscription service
• Not a requirement to support SAML though there may be an opportunity to support it.

Assurance Review Board (ARB)

Leif provided an update on ARB.
Current activities – ongoing discussion btw FICAM privacy group around guidance for TSB assessors and auditors, working with the three trust framework providers. Activity is currently
stuck and need to move away from prescriptive language.

Trust Mark art and fee matrix is being worked.

Large Auditor (Big 4) and CSP (IdP)

• First in a long pipeline of potential programs
• Anna has been keeping the line open with Rae from Delloite. Delloite doesn’t need a telecom to follow-up after docs.

Three items need to be closed:

• MOU with OIX
• Use of Mark not tied to Fees
• Inclusion of profiling in the application

Application form is waiting to be published.

Motion - approve – Lucy moved ; John Seconded a motion to approve the update to the application form to include Profile Selection for the CSP. Motion was passed unanimously.

Action – Need to clean-up the language on the website in order to align with the intent of the TMLA – sign agreement at beginning, get two invoices. Fees are not tied to the use of the mark.  IAWG manages IAF not ARB – Board should raise it to Leadership Council and then forward.

MoU with ICAM

• Action - Business process needs to be updated and incorporated into the MoU with OIX.
• Action – need to alert US Gov regarding OIX listing.
• Action – Kantara recognize OIX for ICAM ; roles ; notify FICAM when certified;
• Action – Develop MoU between OIX and Kantara
  o Can’t fill out current agreement
  o Lightweight document to capture roles and business processes.
  o Anna to create the terms of the MoU between OIX and Kantara for OIX review. With input from OIX Kantara will incorporate comments along with legal language to complete the MoU.

§ Lightweight draft to be submitted/drafted this week for submission to OIX.

ARB / IRB Business Model

KI ARB – creates assessors – assessors legitimize CSPs
Contract between KI and Assessors
Contract between CSPs and KI

TUESDAY

Membership

• Footprint is bigger than OIX that is focused on NSTIC.
• OpenID and OAuth are “hot” technologies
• Presence in Europe ; European address
• Cultivate members through the assessment / certification
• Debug service could be a potential draw.
• IIW – world moves on…
• Need the focus
  o Diffuse
  o Identity space is diverse – Kantara not necessarily tied to one particular approach.

Action - Encourage focus for WGs to schedule interim meetings around related Identity events.

eGov Discussion

Action - John - Commerce Identity Assurance – discussion could be had with OIX, Verizon, Google, etc. – joint work group – Discussion as to how it can be pursued together with Kantara work.

Break

Post-Break – Organizational Strategy – requested Peter leave to discuss Org strategy.

WEDNESDAY

Organizational Strategy

• Kantara is designated a 501©(6) organization as a part of the ISTO federation of Programs.

Action – Peter To develop a brief overview/faq of the relationship between Kantara regarding the ISTO/Kantara and the certification program and insurance.

EC Funding

• Seeking an official European presence in Europe.

Action – Peter to review EC Funding requirements and possible IEEE assistance, partner.

Initiate support on certification

• Nature of the certification. Operating a federation on behalf of the US government. Is the nature of the insurance appropriate for being a federation. ISTO to analyze the program from a risk perspective now that Kantara is running the trust framework (operations – FICAM) – proof of concept. Legal responsibility for trust framework. ARB related program and docs publicly available and legal agreement with US Govt. Being responsible for receiving notices of IDps complaint (dealt with within 24 hours).

Certifying InCommon ; Expect Kantara to have a Federation…is this something for OIX?

Action – MoU is the place to review the roles and responsibilities item.
• OIX – listing service
• Kantara – Federation Operator

Points – Lucy / Anna primary – John to assist with someone on ARB.
Action – Peter to provide Kantara with insurance information/certificate

ISTO/Kantara -

• Membership fee revenue is in flux – controlling costs ;
• Needs
  o Reality of getting the real-time numbers.

Action – Peter/Joni/Lucy to get together on real-time needs for Kantara.