Page Comparison

...

Presentation of RGW Documents

• RGW presents presented the 63-3 criteria architecture.pdf and document KIAF-1430 63A_SAC v0.05.pdf
• Scott asks why asksedwhy a word document is this to show the work?
• RGW defers defered answering – looked at a few ways to present the information.

...

• Mark liked what Richard was showing – the insertion of appropriate identifiers into the original document so that the requirements can be referred to. Not a lot of crap in the document. Need identifiers, like in the spreadsheet shows you can begin to turn them into the criteria.

• Scott agreesagreed, he liked the spreadsheet and the DocBook approach for different reasons.

...

Review methodology and Work Product format

• Scott nominates nominated spreadsheet for comment discussion process.

...

• Mark – sent out statement question – semantic concern will be brief- 800-63-3 has requirements for CSPs, which are organizations that are enrolling applicants for some purpose. If I’m a CSP I use a mix of product from the identity industry.  Proofing from one vendor and another vendor for credentials.  If we are producing the criteria for CSPs, the end user being some federal agency or other end user.  Identity provider suppliers service, saying “I will handle a subset of your requirements for you”.  Might have to do with how CSP validates evidence like a DL during enrollment process, may not have anything to do with notification. CSP may take it on, RP may take it on.  Marks understanding is the assessment criteria is whether CSPs deliver on their assurance levels correctly, it is their problem to get identity vendor services to meet those criteria. As an identity service provider, I will look at a subset of the requirements and make a claim to a CSP that I’m providing the service that the subset is covered.  Kantara isn’t in the business of saying which subset a service must provide.

• Don agrees agreed that the loose definition of relying party is intentional.  Trying to address the needs of a broad based of RPs.

• Mark – definition of CSP says it may be an independent third party or issue creds for its own use.  When you look at the requir4ements, the CSP has to provide notice, other requirements. Someone who has a use for the identities.

• Ken Crowl mentions mentioned that Experian has just gone through the validation process for their own parts.

• Mark confirms confirmed that we’re just doing CSP requirements for now, we will sort out later how they may get applied to subcomponent services.

...