Page Comparison

Kantara Updates

Andrew/Kay

Kay was approached by an Australian company, a small-start up with constrained resources, that is interested in working with Kantara/IAWG to write-up a trust framework for digital identity.  Calls are getting set-up and if all is well, we will invite them to present to IAWG.

IAWG Actions/Reminders/Updates

Andrew Hughes

• Address of Record Position:

  • Reviewed final adjustments and sentences, in preparation to send to ARB.

  • ACTION:  Amanda to finalize edits/adjustments,  add to ARB’s February 12th agenda, and circulate the AoR Position with meeting reminders.

• EU-US TTC WG-1 Digital Identity Mapping Exercise Report; feedback due 11:59PM ET, February 29, 2024

  • Reminder: Gather comments/feedback by 2.15.2024 for a discussion before final consolidation of comments on 2.22.2024 prior to deadline

Interpretation of Criteria

Richard

• Interpretation of criteria 

  • Primary Q: Do we agree that multifactor authentication is authentication where there is more than 1 single factor, irrespective of whether the authentication factors are single or multi-types?

    1. Andrew/Yehoshua offered some criteria adjustments, which is generally accepted with some language tweaking in order to provide clarity regarding the factors, binding, and consistency with other documentation.  General agreement that if there are 2+ factors, it is multi-factor authentication, irrespective of how they are packaged.

    2. ACTION: Yehoshua to draft proposed text for February 15 discussion.

  • Primary Q: Can a CSP offer superior evidence as long as it is verified or validated to a superior level in an unsupervised proofing flow??

    1. NIST tables imply supervision, Richard’s thinking is that you then can not use superior evidence in an unsupervised proofing flow.

    2. Eric offers an example regarding a chipped passport (used to get superior evidence) and the appropriate technology determines it is genuine.  No supervision is involved, as images are used.

    3. Key questions around “supervision”: Does trained personnel mean onsite supervision?  Do trained personnel review the evidence AND make independent judgments? Can it be asynchronous?

       1. Review August 24th Minutes (Discussion and suggestions, but no actual changes made)

       2. Yehoshua: It seems that both technologies and people are needed, so you can’t have a fully automated superior validation (irrespective of “trained personnel”).  This concurs with Richard’s perspective that it’s not an unsupervised process simply because “unsupervised” means there are no personnel involved on the part of the service provider. Because a person needs to be involved, it isn’t possible to have a fully automated process approved.

       3. 2 options in “Strong” are similar, the third one is different.  Provider tried to combine these in an attempt to enhance rigor, but it doesn’t fully work.

       4. No decision or conclusion, continue next meeting.