Attendees:
...
Martin suggested an edit and the minutes were amended accordingly. 2021-04-15 Minutes were approved by motion. Moved: Mark K. Seconded: Mark Hapner. Unanimous Approval.
Response to UK DCMS questions
- Draft Response HERE
- Deadline to provide responses: April 30th.
Heads Up: UK DCMS draft certification documents
Review and Comment: NIST open discussion issues in light of SP 800-63 rev.4
- Draft Comments here: GDoc rev.4
- Deadline to submit comments: May 15th
Heads Up: TSA RFI re mDL
https://www.govinfo.gov/content/pkg/FR-2021-04-19/pdf/2021-07957.pdf
Others
Supervised remote identity proofing.
- It was shared the link to NIST FAQ where it provides the difference between supervised and unsupervised remote identity proofing https://pages.nist.gov/800-63-FAQ/#q-a2
- It was asked about a specific supervised remote identity proofing case.
- Mark H. asked who are using Kiosks. It was answered that Australian Government, British Postal Office, Ontario Government (driver license and health card).
- Jimmy added that "formal 63A supervised definition identifies 7 criteria. For us it is 63A#0520-0580 and comes down to:
...
- The Applicant can't leave. The registrar can't leave, needs to see everything and needs to be trained. If you use any scanners or sensors, they must be integrated into a terminal owned by the CSP with physical tamper detection and resistance. It needs to happen over a mutually authenticated protected channels.
...
- Asking around with folks that work closer to NIST, it seems apparent that they imagined a kiosk; but I'm not sure that the requirements demand that. Its sketchy, but it seems like a laptop with a good integrated camera might work - with tamper being the biggest issue; and how does the applicant log in if they don't have credentials. ( dedicated "hardened" laptop that gets sent back and forth seems kind of bonkers).
- Mark H. asked who are using Kiosks. It was answered that Australian Government, British Postal Office, Ontario Government (driver license and health card).