Attendees:
...
2021-04-15 Minutes were approved by motion. Moved: Mark K. Seconded: Mark Hapner. Unanimous Approval.
Response to UK DCMS questions
- Draft Response HERE
- Deadline to provide responses: April 30th.
Heads Up: UK DCMS draft certification documents
Review and Comment: NIST open discussion issues in light of SP 800-63 rev.4
- Draft Comments here: GDoc rev.4
- Deadline to submit comments: May 15th
Heads Up: TSA RFI re mDL
https://www.govinfo.gov/content/pkg/FR-2021-04-19/pdf/2021-07957.pdf
Others
https://pages.nist.gov/800-63-FAQ/#q-a2
"formal 63A supervised definition identifies 7 criteria. For us it is 63A#0520-0580 and comes down to:
The Applicant can't leave. The registrar can't leave, needs to see everything and needs to be trained. If you use any scanners or sensors, they must be integrated into a terminal owned by the CSP with physical tamper detection and resistance. It needs to happen over a mutually authenticated protected channels.
Asking around with folks that work closer to NIST, it seems apparent that they imagined a kiosk; but I'm not sure that the requirements demand that. Its sketchy, but it seems like a laptop with a good integrated camera might work - with tamper being the biggest issue; and how does the applicant log in if they don't have credentials. ( dedicated "hardened" laptop that gets sent back and forth seems kind of bonkers)