Versions Compared

Old Version 9

changes.mady.by.user Former user

Saved on

compared with

New Version 10

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Kantara Initiative Identity Assurance WG Teleconference

...

  1. Administration:
    1. Roll Call
    2. Agenda Confirmation
    3. Minutes approval: IAWG Meeting Minutes 2013-11-21
    4. Action Item Review
    5. Staff reports and updates
    6. LC reports and updates
    7. Call for Tweet-worthy items to feed (@KantaraNews or #kantara)
  2. Discussion
    1. IAF-1400 draft for 45 day public review - see linked document:   Kantara IAF-1400 SAC v3-1.docx    
    2. Disposition of 800-63-2 -> SAC Mapping working documents - where/how to store for future reference?
    3. FICAM TFS Program update comments from IAWG members & consolidation
      Link to review documents and comment template here: https://kantarainitiative.org/confluence/x/fYHwAw 
    4. REMINDER: Ad hoc call to continue FICAM TFS discussion Friday December 6, 2013 10:00 Eastern.
  3. AOB
    1.  
  4. Adjourn

 Attendees

Link to IAWG Roster

...

Info

Meeting achieved quorum

Voting

  • Myisha Frazier-McElveen (C)
  • Rich Furr (V-C)
  • Andrew Hughes (S)
  • Scott Shorter
  • Matt Thompson
  • Richard Wilsher
  • Cathy Tilton

...

FICAM TFS Program update comments from IAWG members - December 6 2013 meeting notes

Myisha Frasier-MacElveen (Chair), Rich Furr (Vice-Chair), Andrew Hughes (Secretary), Peter McDonald (Symantec), Nathan Faut (KPMG), Cathy (Daon), Scott Shorter (Electrosoft), Bill Braithwaite 

 

  • SS: gave overview for 1st eSoft comment 
  • PM: Submitted a question around what 'Verified' means - Verified is probably distinct from Assurance Level 
  • SS: For these Verified Attributes - is there any difference between 
  • PM: Scenario: At LOA2 and LOA3 if a person gives a fingerprint and zip code -> this uniquely identifies an individual. So is the zip code a Verified Attribute or not?
    • There's not enough clarity on how this is intended
  • SS: Identity Proofing only establishes that the identity is a real person - it does not actually say anything about the person being the person claiming the identity
    • Need to either include gradations of 'proof' so that this is not an absolute
    • Need to work out how post-registration identity changes should be used to maintain the integrity of the initial proofed identity
  • RF: CSPs do a pretty thorough process to establish that the identity information relates to the actual person - either by in person or using antecedent information
    • Never 100% perfect but it is well-understood process
  • SS: maybe the RPs would be served better by having ID Proofing process metadata -> that gives hints about provenance -> so the RP can assess risks properly
  • BB: the 'real person' establishment has been subsumed into the process of 'identity resolution'/ 'identification of an individual'
  • SS: general comments on use of more standardized requirements language e.g. 'shall', 'should', etc
  • MF: ATOS document p4 discussion - the reference to Financial Institutions exemption. The identity vetting processes depends on the type of account - so hard to deal with LOA equivalence
  • PM: Definition of verification - e.g. Name - what is needed for name variants? For some attributes variants might need to be allowable.
  • PM: Concern that if CSPs need to become full-blown attribute providers will require significant resources and investment
  • PM: discussed Symantec's comment re verified attribute sources
  • PM: if a CSP has to go to additional sources to verify attributes then the CSP's financial model changes

Logistics: 

  • Andrew to consolidate
  • Scott to update his comments
  • Myisha to send comments to Andrew
  • Andrew to send consolidated sheet to Joni for integration into the ARB document

AOB

 

Carry-forward Items

 

Attachments

...