Time | Item | Presenter | Notes |
---|
| Kantara Updates | Kay Chopard | Board of Directors Planning Session - The focus was on maturity of the organization and strategic business planning regarding Kantara’s direction. Questions included “Where is the market going?” “ What is the need?” “What are the things we could be doing?” BoD elections - Changes: Maria Vachino stepped down. Eve Maler and Mike Magrath are new board members. Governance - Bylaw changes approved in December 2023.
|
| Assurance Program Updates | Lynzie Adams | |
| 2024 Leadership Election | Andrew Hughes | |
| 2024 Charter | Andrew Hughes | |
| Address of Record | Yehoshua Silberstein | Discussion: Yehoshua’s initial focus was to establish the address of record as an address of communication, which should not necessarily require the same level of validation and verification as an inherent attribute. It’s an attribute of a person’s identity as a possessive attribute - it should be established through the person proving that they possess (as opposed to a name or DOB, which are inherent and have to be proven more significantly with real records). The use of an enrollment code and separate validation of the address is not needed, because if a person can respond to the enrollment code, they have proven they can communicate through that address. The address is not necessarily used to establish identity. NIST standards use it as a method of communication so it should be validated and verified as a method of communication lens versus an integral identity attribute lens. Question: Do we verify and validate the address? Is anyone checking that the address exists? If the enrollment code is used successfully, existence is proven. Jimmy:With identity evidence-verification/validation is conducted, however, this is not identity evidence. Yehoshua: This is validated and verified (validated real address, verified it belongs to this individual) in the context of communication method. Mark: Prefers alternative phrasing as implication of validation/verification with proofing process. Clarity needed from NIST in rev 3- rev 4 standards that this address of record is only being used as an accurate and appropriate way to communicate with the applicant.
|
| EU-US TTC WG-1 Digital Identity Mapping Exercise Report | Andrew Hughes | |
| Interpretation of criteria (2 topics) | Richard Wilsher | If a service provider says authentication protocol uses 2 single factors and they explicitly say we don’t use multi-factor authentication, does this criteria apply? Can we say in scope - not applicable? Why/why not? False argument with multi-factor authentication (2 single factors makes for multi-factor). Discussion to be continued February 8th, 2024.
Table 5-3: Superior has two requirements, but Kantara criteria offers proofing with only one form of SUPERIOR evidence. Does this proofing process conform to both Kantara criteria and to 63A? Discussion to be continued February 8th, 2024.
|