From joni at ieee-isto.org  Thu Nov 13 08:06:58 2008
From: joni at ieee-isto.org (Joni Brennan)
Date: Fri, 14 Nov 2008 01:06:58 +0900
Subject: [Sig-ia] Liberty accreditation scheme: request for support
In-Reply-To: <0KAA004HW3GD4UC2@vms044.mailsrvcs.net>
References: <0KAA004HW3GD4UC2@vms044.mailsrvcs.net>
Message-ID: <947ea3330811130806y2945cbf5w341ca048b3de95c3@mail.gmail.com>

This message is forwarded on the behalf of Richard Wilsher.

---------- Forwarded message ----------
From: Richard G. WILSHER (Zygma) <RGW at zygma.biz>
Date: Fri, Nov 14, 2008 at 12:38 AM
Subject: [iaeg] Liberty accreditation scheme: request for support
To: iaeg at projectliberty.org, ia-sig at lists.projectliberty.org


 Dear colleagues,



Firstly, as a brief 'intro' of myself to the SIG list, my business, Zygma,
has been contracted to assist Liberty with the review, scoping and
specification of an accreditation scheme and I would like Members to provide
input to me to validate the initial choice of reference standards, schemes,
etc. against which Members are presently assessed for their IdM / ID
credential usage services.



I would like to know what present assessors Members are using and which
specific assessment methods (assessor's trade/service name ? e.g. WebTrust,
reference standard against which they are assessed ? e.g. ISO/IEC 27001,
reference assessment standard or framework/schema against which the assessor
is 'qualified' for the performance of the assessment ? e.g. AICPA, ISO/IEC
17021/27006) they are subject to?  Specific urls , document titles (inc.
date/version) would be helpful so that I can review any applicable texts.



In the expectation that this information should require relatively little
'mining' to establish these answers, please provide me with your responses
within two or three days by replying directly and only to me (this will
avoid your responses being seen by other Members and potentially being in
the public domain (SIG list members) ? Zygma has established an NDA with
Liberty which includes Members within its scope and so your information will
be treated in confidence and will be used only to build a list of used
assessment processes from which those to be considered within his assignment
will be determined.  Zygma will not keep any record of who responded with
what information after the close of the assignment and probably no longer
than to support any individual queries / clarifications at the time of
receipt).



My purpose is to ensure that any appropriate characteristics / attributes of
these frameworks / schema etc. are taken into consideration when determining
the basic 'open' requirements which the Liberty scheme should include.  That
is not to say that the resultant Liberty accreditation scheme will be
necessarily aligned or harmonized with any other specific scheme, although
that will obviously be a consideration in development of the scheme.



To date I have identified the following references:

AICPA (WebTrust, SysTrust, SAS-70);  FSC PKI Audit Guidelines;  existing
IAF;  ISO/IEC 17021 & 27006;  PCI QSA;  ISACA quals (CGEIT, CISx).

If you are using any of these there is no need to respond, unless you have
any quirky circumstances of use.



Please address your responses only to:  RGW at Zygma.biz ? do not reply all.



Regards,

RGW



*Richard G. WILSHER
CEO
the Zygma partnership LLC
**Office:                 +1 714 965 99 42
Mobile (USA):    +1 714 797 99 42
Mobile (Eur):     +44 77 68 05 41 58
**RGW at Zygma.biz
www.Zygma.biz ***





-- 
Joni Brennan
IEEE-ISTO
Liberty Alliance Project
Operations Manager
voice:+1 732-226-4223
email: joni @ projectliberty.org
email: joni @ ieee-isto.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.projectliberty.org/pipermail/sig-ia_lists.projectliberty.org/attachments/20081114/cdb8a949/attachment-0001.html>