...
- Comments on 800-63-3
- Working with IDESG on the CSP Registry.
- IAWG has a new Confluence wiki space.
- Consent information group released Consent Receipt version 1.
- IRM is close to release the public report.
- Federation Interoperability Group has updated SAML2 INT profile.
Open Mic
FICAM Update
- Working on certification and updating procedures for the trust services program. They merged PKI and TFS Programs in the documentation.
- The SoP is under final internal review and it may be ready for community feedback by middle of July. They are incorporating the changes suggested by OMB and NIST.
NIST Update
- 800-63-3 is in final internal review process and extremely close to final release. The implementation of the new guidelines is one year after its publication date.
Open mic
- It was commented that in 800-63-A it does not list what would be fair evidence, such as credit card or other items that will constitute acceptable evidence. It was pointed out that we also should consider what the solution is capable of validating.
- TFPs should work on the list of acceptable evidence to comply with FICAM requirements.
- NIST commented that agencies should be doing the necessary to balance minimization of data. Definition of attributes is not NIST responsibility as FICAM may define those bundles. It was stressed that NIST role is to provide characteristics of acceptable types of evidence but not state them.
- FICAM clarified that they would not define those bundles; they will revise and evaluate the TFPs proposals on how and why certain artifacts will ensure compliance with 800-63-3.