Versions Compared

Old Version 1

changes.mady.by.user Former user

Saved on

compared with

New Version Current

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Info

This is an off-cycle call and as such individual attendance is does not counting count towards quorum. As such these notes will not be approved formally to minutes Minutes but will remain as informal notes.

SCOPE – The framework is for international and non-government use as well as government use. Therefore cannot be driven solely by Federal government requirements but should take them into consideration.

  • GOAL: Focus on what is NOT being covered
    • Not defining the standard for breeder documents but rather a mapping.
    • Not doing cross jurisdiction mapping
  • We are attempting to establish proof of what?
    • 800-63 Identity proofing simply to prevent the theft of the credential
      • Value of having a name and address – to have a way (at least a starting point) to investigate that person in the event the person does something bad.
    • Attributes to provide to RP as part of registration process
  • We have to define the problem then define the scope.
    • The identity proofing tends to be CSP centric as opposed to RP centric
    • How identity proofing occurs at a specific level of assurance.
    • What’s currently in IAF is too 800-63 centric
    • Give that requirement a more concrete direction.
    • How do you define a trusted entity:
      • Notary public?
      • Utility bill?
  • Focus on the goals of 800-63 and not the details and define our goals and ensure they align with 800-63.
  • 800-63 drivers around identity proofing.
    • Someone in the world exists with that specific name (as verified by a picture document)
    • Some hope of trying to find that person if something goes wrong

Jurisdictions

  • What is sufficient to prove an identity at a particular assurance level across jurisdictions?
    • What we have today has a jurisdiction implied because we have government issued IDs however should it be?
  • Better to discuss the steps and processes to verify the individual’s identity instead of the credibility of the jurisdiction or documents.

Credibility

  • In addition to levels of assurance we’ll end up having levels of credibility of the documents used to generate the identity.
    • The acceptance of that will be dependent upon the Relying Party.
  • The CSP publishes the criteria that they use for issuance of credentials and the RP determines if they would choose to accept that.
  • Keep to a broad level and not specific to a jurisdiction.
  • What we’re looking to do in the identity proofing is to define with more clarity the trust characteristics of a document that a CSP uses to provide credentials at specific assurance levels.
  • Might be helpful to develop jurisdiction based profiles.