...
- Richard provided substantive comments to the document, so a new draft would be provided soon.
- Ken went through the various sections, starting with the Abstract. He stressed some definitions of the terms, Relying Party (org that is running the online services), End User (client of online services) and Credential Service Provider (that the RP would rely on for authentication of the end user).
- Richard highlighted that we need to describe the Kantara´s IAF and suggested to look the terminology within the KI IAF scope. He suggested including the Glossary in the Overview, and using terms that have been defined. He added that there are some cases where the End user directly contact the KI CSP, and the RP may get involved later once the End user have a credential. Also, he suggested avoiding a definition for End user.
- Martin asked if the IoT would be included or it would refer to humans only. Richard responded that there are no criteria that allow to recognize non-human entities. Colin commented that someone has reached out Kantara for IoT Assurance, so at same point, if there is a business proposition this would be included within the IAF scope.
DHS CISA Emergency Directive ED 19-01 on the topic of securing DNS infrastructure.
...