Voting participants: Ken Dagg; Scott Shorter; Mark Hapner
...
a. IAWG Comments on the Pan Canadian Trust Framework Model Overview (Attached).
b. Criteria Guidance (Any participant suggestions for adding or enhancing guidance for understanding assessment criteria)
...
- Ken walked the IAWG through the spreadsheet with the comments on PCTF Model Overview, where there are 32 comments: DIACC-Submission-Form-PCTF-Model-Overview-Discussion-Draft-V0.02-1-1 Ken Dagg 20190304.xlsx
- Ken said that the individual names will be changed to "IAWG" in Column C.
- Ken will send the agreed IAWG comments to DIACC by March 15th.
Any Other Business
- Colin commented that he will speak at the KNOW identity conference at the panel called "Myth busters".
- He presented the list of myths* (below) and asked the IAWG participants to choose their favorites, or add their favorite and a brief explanation to justify that choice/addition, and he would try to accommodate them in part of the panel.
*What myths are we trying to bust?
Terminology
- Eligibility and Identity are interchangeable
- Authentication is the same as identity assurance
- Provision of biometric credentials is identity assurance
- Certification and assurance are the same thing
- Verification and Validation are the same things
- Businesses have identities not identifiers (attributes)
- KBVs are useless
Standards
- Standards are not needed
- Standards are too difficult
- Specific elements not required (e.g. Activity history)
- Standards need to define methods (biometric etc.) as opposed to outcomes
- Standards only apply to public sector
- Interoperability is not important
Schemes and regulations
- The UK scheme (Verify) and the standards are the same thing
- Verify is a failure (certification, assurance, standards are a success)
- Standards are not helpful for AML and KYC at all
Relying Parties
- Digital Identity sells itself (ignores RP requirements for efficiencies, channel shift, risk mitigation etc)
- RPs need all the evidence attributes from the proofing
- RP’s always need a high levels of assurance/having a lower level of assurance isn’t always a bad thing
- The identity attributes cause matching issues in the RP
- IDP success is unrelated to RP service design