Versions Compared

Old Version 4

changes.mady.by.user Martin Smith

Saved on

compared with

New Version 5

changes.mady.by.user Martin Smith

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Attendees:

Voting Participants: Ken Dagg, Martin Smith, Mark Hapner, Mark King, Richard Wilsher

...

Staff reports and updates: ED Kay Chopard–today talked with UK contact, who said they had a good relationship with former Kantara ED Colin Wallis , but that "Kantara is a mystery organization."  It seems we need to get them a clear picture of the scope of Kantara's activities. The UK contact said they welcome participation in their stakeholders groups, but don't want to overburden anyone with keeping up with multiple stakeholder sub-groups. Kay assured her Kantara had the resources and interest to participate wherever we could be relevant. They are planning to have a certification process, and Kay recommends we respond to the current call for comment to stay engaged. She said they encourage are encouraging responses from identity-focused organizations to balance against lots of comments they are receiving from individuals opposed to any government involvement in identity. Ken D. asked if our contact had indicated any knowledge of past Kantara comment contributions. Kay said no, but that maybe they did not count input received from Colin as having come from Kantara as an organization.

...

In the OPSAC, there was one minor item with respect to which group agreed with Richard's characterization as a "non-material" change  (i.e., not requiring full public review for Kantara approval.) 

The WG then reviewed the recommended text changes to the current 63A criteria --

#80 – ok

#177  (CACs) – OK

#460, 480 – if KBV . . .

#630-50 – PAD changes – KD:  calls for comment. This text approved. Agree these are material. 

relevance of "material" :  might send only material via full review and just pub all.   Will be first digit on version # is incremented. 63A , B will go to 5.0. 

Explanatory note at end of 63A:  NO NEW MATERIAL

63B – 

#350  – cross-ref not material

#790 – clarity, not material

#1505 - 20.  material 

RW: 63C – no changes. 

JJ: re clarity of applicability of PAD. ARB thinks not clear. RW says clean and ARB oversteps. 

RQ: when and if PAD required, how will that read out. MS: NIST will have to create text first. 

JJ: unclear if any bio collection is done, then PAD. Or not.  No questions were raised on the recommended change to criterion item #80.

Ken D. noted that the changes to item #177, regarding "comparable alternative controls", had been reviewed at the previous IAWG, and participants offered no further questions or suggestions. 

Items #460 and 480, relating to knowledge-based verification (KBV) were characterized as non-substantive and participants had no comment.

Items #630-50 clarified provisions relating to used of presentation-attack detection (PAD changes.) The recommended changes were based on the discussion of PAD at the WG's meeting last week. Ken D. invited any further comments, but there were none, so Ken considered the changes approved.  It was agreed these changes are material and will therefore be subject to the full Kantara review process.

The WG briefly discussed the mechanics of the Kantara review process, and concluded that only the "material" changes will be highlighted for review, though the entire document set will be provided to reviewers.  Ken D. said it is possible, though not too likely, that substantive comment might be received on any text in the documents, even those where no change at all has been proposed. In that case the IAWG would review and propose a disposition of those comments, as well as any comments received on the highlighted "material" changes.  

Richard W. noted that in the event of a "material" change to any document, the first digit of the version number for that document would be incremented, but that each document is versioned independently. In the present case, for example, the version numbers for the 63A and 63B criteria would be incremented to 5.0, but there would be no change to the COSAC version number as no changes have been proposed.  

The WG then moved on to review recommended changes to 63B criteria:

Richard W. suggested that for items #350 and #790 the changes are not material. Participants offered no further comment. 

He suggested that items #1505 - 20, dealing with PAD. are material. No other changes to 63B criteria are being recommended.

Richard W. also noted that no changes are proposed for 63C criteria.

Jimmy J. Mentioned that the Assurance Review Board (ARB) had recently said to him that the applicability of PAD is unclear.  Does it require PAD if any biometric data is collected, whether or not remote proofing is being used? Richard W. expressed the view that our criteria language is in fact unambiguous. . 

Roger Q. asked how--when and if PAD is made mandatory by NIST in their next revision of 800-63–Kantara would handle that in our criteria. Martin S. suggested that the first move is NIST's: to draft any PAD-related requirements in 800-63-4.  

Ken D. invited a motion to approve the package of criterion changes as discussed today for submission to the Kantara review process. Mark H. so moved; Jimmy J. seconded. The motion was approved unanimously.  

Richard W. said he would do a final clean-up of the documents and send them to the IAWG Chair and Vice-Chair, and to Assurance PM Adams for submission for Kantara review.


Other Business:

Ken D. announced that the IAWG would meet again next week (September 2) to begin developing comments on the latest UK framework draft.  

He then adjourned the meeting at about 2:05PM US Eastern. 

NOTE:  The following was placed into the GTM Chat during the meeting: 

Mark King to Everyone

Are Kay and Lynzie taking over the collaboration with NGI_Trust in Horizon 2020 programme (EU plus UK), where both Colin and Ruth are/were mentors/board members?

...

from Chat

...

Kay Chopard to Everyone

...

Colin and Ruth have told me that they were doing that as part of their work with Kantara Europe. I did not have the understanding from them that it was something Lynzie and I would be permitted to take over

...

2:03:  KD – Mark H; JJ second. Approved unanimously. as recorded. 

RW: will submit the final to KD MS and LA. 

Finalize proposed criterion language regarding "comparable alternative controls (CACs)."  

Finalize proposed text regarding use of "presentation attack detection" (PAD.) 

Confirmation of other non-substantive changes to criteria to be included in the package to be submitted.

Other Business:

Next meeting  next week for UK stuff. 

...

.

...