...
- Zygma is a co-signer of the memos, recommendations.
- The 3 memos are findings found in the course of recent work that all the signers were involved with.
- First memo is around Guidance on Permitting “Commodity” Hardware for Unsupervised Remote Identity Proofing (“Commodity” word from 800-63-3 FAQ that came our recently).
- Second memo how to select and evaluate Authoritative Sources. Geolocation is presented as an additional barrier against international fraud. No id identity proofing method is perfect and Compensating compensating controls are not perfect either, Geolocation is easy to assert but and hard to prove, but it´s an additional barrier for catching the fraud.
- Third one derived from the other 2, recommendation to on additional info for the CSPs in the Trust Status List, using the Public Service Description of the S3A for RPs and other potential consumer of the services to understand what´s involved. SS stressed that the Trust Status should have: the name of the service, contact info, Assurance Levels, authoritative sources and Identity proofing methods that are supported.
- RW pointed out that the last statement of memo 3 is different from memo 2. He added that there are 2 solutions, S3A is not the absolute path for the additional information.
...