Interoperability Review Board Charter

Group: Interoperability Review Board (IRB)
Date BoT Approved: February 25th, 2010

Description & Constitution

The Interoperability Review Board (IRB) is responsible for monitoring the conduct of the entire Kantara Initiative Interoperable Testing program. The Kantara Initiative Board of Trustees (BoT) will receive the current Liberty Alliance Interoperable certification program, which provided coverage of SAML 2.0 & WSF protocol. In addition to the a forenamed protocols, the Kantara Initiative will also cultivate and manage new certification programs covering a spectrum of developing protocols.

The Interoperability Review Board is chartered to:

Define, in collaboration with the KI BoT & Leadership Council (LC), the scope of technologies to be certified.
Monitor testing events.
Arbitrate and resolve testing issues if possible.
Present unresolved testing issues to the KI BoT as necessary.
Maintain strict confidentiality throughout the Conformance Testing process – before, during and after conformance testing.
Maintain high level oversight of Test Procedures and the supporting documentation hierarchy for all testing modalities. See Annex A for a full list of the testing modalities.
Provide business and policy oversight to the Kantara Initiative staff and other 3rd-parties hired to operate the Kantara Initiative Interoperable program.

Membership

Voting Membership of the IRB is by appointment of the Kantara Initiative Board of Trustees and should consist of implementer and deployer members representing the needs of the Identity technology-based community:

See Annex A at the end of this charter.

IRB members must have at least participant status within the Kantara Initiative.

Membership may include a non-voting Subject Matter Expert, as deemed necessary, to advise the Board and support the assessment, interpretation and understanding of the Interoperability Testing procedures and Static Conformance Requirements for each of the protocols tested.
Selection of a Chairman

The chairs of the IRB shall be selected by the voting members of the IRB by a simple majority vote.

Duties

The IRB will be expected to:

Determine which new technology certifications will be pursued by the organization with input from the BoT and LC
Initiate one or more Kantara Initiative Work Groups to act as oversight groups to accept maintenance responsibilities for any testing procedures and documentation contributed by another organization
Recommend to the KI BoT the business arrangement necessary to operate the certification program including, but not limited to, 3rd parties hired to conduct the testing and the fees to be charged
Review applications to participate in Conformance Test events to ensure that applicants are reasonably qualified
Discuss, as necessary, the qualifications and test requirements with interoperability testing applicants to ensure that applicants are fully informed of the requirements and performance expectations
Manage the non-disclosure (NDA) process to ensure that only NDA signatories are admitted to the event
Review the documented testing procedures and monitor the testing process to ensure the completeness and integrity of the event.
Ensure that vendor confidentiality is maintained at all times.
Properly identify successful test participants.
Ensure that all test results (both successful and unsuccessful) are securely recorded and stored in a confidential repository accessible only to authorized individuals.

Criteria for Success

The IRB shall be deemed to be effective in its operations when each of these goals is consistently achieved:

Credible testing of products
Marketplace recognition of the value of the Kantara Initiative Interoperable™ Trademark
Market adoption of Kantara Initiative Interoperable™ Logos
Professional and reasonable resolution of testing issues
Maintenance of confidentiality throughout the process
Operation of the program is financially neutral or positive for the Kantara Initiative

Duration

The IRB exists at the discretion of the KI BoT. In the event that IRB members need to resign their seats, they shall submit their resignation sixty (60) days prior to ceasing the performance of their responsibilities.

Schedule and Deliverables

The IRB will monitor ongoing conformance activities and the overall conformance program. Activities, output and deliverables will be on-going.

The group will monitor at least one event per year – distributing the events globally or via the Internet as needed to facilitate global participation.
IRB representative participation at more or fewer events may be required, depending on demand.
A minimum of one (1) IRB member is required to attend and monitor each testing event.

Resource Requirements

The IRB requires the following support from the Kantara Initiative:

Access to the KI BoT for its receipt of conformance recommendations and their timely processing.
Secure, restricted and segregated access storage of certification applications, supporting documentation, and correspondence with applicants that is isolated from the general member area.
Access to the web-based applications as well as associated applications and IAF documentation. Potentially one 3rd party Subject Matter Expert to facilitate face--to-face testing events and provide input to the IRB.
Conference call facilities
Program Management Office logistics and administrative support.

Coordination with External Activities

The Kantara Initiative Interoperable program will test implementations (executable computer code built in accordance to a specification) where there is a significant interest in the technical specifications being tested in the program.

The IRB will oversee and coordinate the activities of the Interoperability Work Group. The Interoperability Work Group (IOPWG) will be comprised of Members and Participants to write and maintain various Testing Procedures on behalf of the Interoperability Program. In the case that sufficient Test Plans or documentations do not exist the IOPWG will coordinate with the originating body of such a protocol to communicate the need for documentation and, in some cases, the IOPWG may liaise with external organizations to assist in such needed Test Plan development.

For a list of protocols currently included in the testing program, please see Annex A at the end of this document.

Coordination with other Kantara Initiative Activities

The IRB depends on the WGs to maintain all Kantara Initiative published testing procedures and for technical clarification of disputed interpretations of the Kantara Initiative developing specifications. The IRB will co-ordinate with the Interoperability Work Group which is chartered to develop and maintain testing procedures as required by email and conference call.

Document Dependencies

The IRB has an explicit dependency on the following:

Current version of Logo TMKI
Current version of Kantara Initiative Interoperable Testing NDA
Current versions of IOPWG approved Testing Procedures

Group Meetings

Members will communicate mainly through electronic mail utilizing the mailing list and regular conference calls as necessitated. Face-to-face meetings will take place in conjunction with regularly scheduled Kantara Initiative meetings as required. Telephone conference calls will also be arranged as needed. If there is no need, both conference calls and face-to-face meetings may be cancelled with the support of a majority of the Interoperability Review Board.

IRB members shall:

Participate in meetings, teleconferences, and e-mail discussions;
Cover their own costs incurred as a result of participation; and
Attend and monitor any on-site review visits as required to confirm conformance as declared in applications.

Voting Requirements

The following voting rules shall apply to decisions of the IRB:

Recommendations for conformance, etc, shall require a Supermajority of all IRB voting members.
Other types of decisions shall use Simple Majority quorum rules.

Communication Policy in Group

Communication is conducted mainly through electronic mail using the mailing lists and through conference calls. IRB voting may be conducted through email or through telephone communications whichever is most appropriate.

IRB members will be required to attend conference calls before, during and after certification program reviews as needed. IRB members will be required to respond within a reasonable time via email and/or telephone during certification testing events.

ANNEX A

IRB Membership Coverage

Voting Membership of the IRB is by appointment of the Kantara Initiative Board of Trustees and should consist of implementer and deployer members, as described in the list below, representing the needs of the Identity technology based community. Where two members are referenced, ideally one would be an implementer and one would be a deployer.

2 SAML / ID-WSF
2 Web Services
2 Oauth XRD
2 Government Policy Makers
1 Standards Development Organization

Protocol Coverage

The Kantara Initiative Interoperable program will test implementations (executable computer code built in accordance to a specification) where there is a significant interest in the technical specifications being tested in the program. The following standards are the initial targets for the program:

SAML
Web Services: ID-WSF, WS-Security & WS-Trust
OAuth
XRD
OpenID

Testing Modalities

Full Matrix – Testing requires each vendor to test with every other participant to ensure testing mirrors real word identity federation interoperability requirements. Full certification would be granted at these events.
In the Queue - testing is performed one-to-one (versus Full Matrix where all potential matches are required). Testing occurs on line remotely 3 to 4 months prior to a Full Matrix test. Candidates who test In the Queue are required to commit to participation in the next Full Matrix testing event. Pre-certification would be granted at these events.
Face-to-Face - testing is performed in the same physical location at Face-to-Face Interoperability events. Full and/or Partial certification may be granted at these events.