Versions Compared

Old Version 4

changes.mady.by.user Lynzie Adams

Saved on

compared with

New Version Current

changes.mady.by.user Lynzie Adams

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Attendees:

...

  1. Administration:

  2.  Discussion:  800-63-3 Criteria Issues to Resolve 

    • T5-1 notification

    • supervised remote proofing proposal

    • OPD#0010

    • S3A

  3. Any Other Business

Meeting Notes 

Administration:

IAWG Chair Andrew Hughes called the meeting to order.  Roll was called. Meeting was quorate.

...

Kay reported it’s still a full pipeline in the U.S. - but much slower in the U.K. She’s hoping that changes and hopes to hire on a Program Manager over there that can run the program similarly to how Lynzie runs the U.S. program. There have been lots of conversations with several agencies - including GSA - about our program and the need to have a Kantara Trust Mark to be on their schedule.

Discussion:

T5-1 notification

Andrew shared the drafted notification and provided background information for anyone not aware. Richard moved to accept the notification as-is and published. Andrew seconded the motion. Motion carries with no objections. Notice will be sent out to relevant parties next week.

Supervised Remote Proofing Proposal

A small group discussed the criteria and developed the following proposal for #0490-#0580

View file
namesupervised remote identity proofing criteria.docx
. Jimmy walked the group through the proposal - the discussion was around how strictly do we want to follow 63-3 and are some of these things good ideas regardless of what identity level they are directed towards. #0490-#0510 are staying in as more general requirements. #0520-#0550 were removed as the group agreed there was some risk for an IAL2 person to take those criteria on. Same goes for #0570 - too difficult at IAL2. The group suggests leaving the training (#0560) and communications (#0580) criteria applicable at IAL2 because they are covered in other places within the SAC at IAL2 (referenced in the guidance).

...

Richard suggested striking the line “Physical comparison performed remotely SHALL adhere to all requirements as specified in 63B, Section 5.2.3.” for STRONG evidence. Andrew & Yehoshua were agreeable. The updates will be made into the over updates of 63A.

OPD#0010

Andrew raised the concern. Richard noted there is no source text to the criteria - that it begins with the subparts of the criteria. Richard reviewed the original Word version of the OP_SAC and determined there was never a header for it. He suggested inserting one. Andrew believes the revocation stuff should be in the credential policy - it just needs stated. Suggested header: “The CSP must in its CrP…”.

Richard noted that a reference back to OPA#0020 f) would also work. Richard will propose guidance to be included in the update.

S3A

Andrew shared the reasoning for the updates to the S3A, including the need for more detailed information being provided to the ARB. Richard believes the level of detail in the S3A was never intended to be aligned with all criteria in the SAC. Jimmy agreed. The assessor gets some scoping out of the S3A, but not what they need to complete the assessment. But, this is all the ARB gets beside the SAC to explain what the system does. And that’s why it needs to be comprehensive - at least at a data flow level. Without that, the ARB doesn’t always know what they are looking at. The other option, is the ARB just trusts the assessor and asks the questions needed. Richard prefers that option but acknowledges there needs to be a degree of detail in the S3A for the ARB to understand the full process.

...