All Documents
...
Item 1
We suggest that inclusion of the document hierarchy
...
or derived material, along with the commentary similar to the Kantara response of 8 December 2009 to the Open Identity Framework Joint Steering Committee (OIF JSC), would greatly enhance the distribution and communication of the document set for broader adoption. In particular, the hierarchical nature of the document set is described very well in the response to OIF JSC, and the various documents comprising the primary base reference set and the secondary set, and their purpose, relative to Assessors and Providers, is discussed. We believe that a clearer explanation of the document set in a more self-consistent manner would aid in the readability and communication of the document set, and would help to define a structure similar to an ISO/IEC multi-part standard or the like (e.g., ISO/IEC 15408, Common Criteria for Information Technology Security Evaluation). Furthermore, we believe that such an explanation of the segregation of responsibilities, as defined by the complete document set would help readers and implementers to understand the various responsibilities and accountability within the Accreditation process - for example, it is not clear that the Assurance Assessment Scheme should be part of the primary base reference document set, but instead could potentially be in the secondary document set, and/or administered outside of the IAWG.
...
Item 2
It would be instructive to observe that some initiatives, such as TSCP (Transglobal Secure Collaboration Program - http://www.tscp.org/), apply more rigorous infrastructure requirements and rules for participants than are generally set forth, due to the business rules and needs of the participants. This would illustrate the goal of defining a full range of requirements, starting at a minimum set of infrastructure at lower levels of assurance which can be graduated to meet more stringent, higher levels of assurance to meet specific business requirements. In particular, the specific differences in identity proofing in various initiatives could be further described to discuss the relationship with Identity Assurance, and, similarly, some discussion of how the the varying privacy regulations define instantiation-specific privacy profiles would help, as was recently discussed relative to the ICAM submission.
...
Item 3
We believe that additional discussion of related identity initiatives that have developed over the last couple of years would greatly help to provide context for the Kantara Initiative IAF, as well as resolve (or mitigate, at least) definition ambiguities. Some examples include:
...
Identity Assurance Framework - Overview
...
Item 1
There is a gap between the IAF and the SAC regards Identity Proofing. There is no policy framework to overlay SAC IdProofing such as found in the NZ EOI standard draft V2 e.g. on what constitutes 'a government issued ID'.
Identity Assurance Framework - Glossary
...
Item 1
Suggest the definition of assurance levels carry context; a statement such as "Very high confidence in the asserted identity