...
2.Discussion:
a. UK DCMS May Update Certification Questions & UK Trust Framework Certification Scheme
cb. RFI re mDL
Staff reports and updates
- Upcoming events: 1. Think Digital Identity for Government panel, Kantara, DTA, GSA and Swedish government. 2. IdentityNORTH - Aligning DIACC Standards with International Standards panel, Kantara, DIACC, Better Identity Coalition and DTA. 3 Kantara-DIACC-NIST panel about collaboration, similarities and differences of international and national industry associations. 3. Identiverse - Driving digital trust panel, Kantara panel. See more details here: https://kantarainitiative.org/events/
- 1Kosmos BlockID service has been approved by Kantara as a Full Service at IAL2 and AAL2, see PR here: https://kantarainitiative.org/1kosmos-blockid-digital-identity-solution-approved-as-nist-800-63-3-conformant-fido2-certified-powered-by-advanced-biometrics-private-blockchain/
- Colin and Mark attended the Stakeholders meeting for Digital Identity Scotland. They shared lessons learned, still early days. It's similar to RealMe, login.gov, gov.uk accounts, single sign on, centralisation with attributes.
Minutes approval
2021-05-13 Minutes were approved by motion. Moved: Mark King Seconded: Mark Hapner. Unanimous approval.
...
- Ken walked the group through the UK DCMS questions and draft edited the responses during the discussion:
"Q6) We are working on the principle that organisations will be able to be certified:
Directly against the trust framework, with possible ‘add-on’ certifications or signing of t&cs to join particular schemes
Certified against a set of requirements set by the scheme operator (which includes the trust framework requirements), and the scheme operator will be certified against the trust framework
...
Kantara Response: Kantara suggests that internationally recognized schemes be accommodated.
"Q8) Is it more attractive to certify directly under the Trust Framework?""Q9) If schemes do have certification available, would you have confidence that it creates an ‘even playing field’?"
...
- The group agreed with the responses.
- Ruth will submit them to UK DCMS on May 21st.
Assessment of RPs
- In light of the discussion of UK DCMS certification questions and documents, a question on the RP assessment was raised.
- Richard said that "RP" in the context of proofing and credential management is an entity that relies upon an affirmative authentication of a claim of identity. "User" is what Kantara calls subject of that credential. The RP will receive an authentication and some collection of PII.
- Mark K. stressed that there is no requirement under Europe for RPs to be certified under the scheme.
- Richard remarked that 63A stipulates that the collection of PII is allowed only for the identity proofing purposes.
- It was agreed that it's complex to assess and certify RPs.
RFI re mDL
- Ken said that IAWG plans to comment on question 15 "Obstacles to acceptance".
- Colin commented that Kantara has released a request of technical editor to work on the Kantara combined response to the RFI. He added that the WGs that are interested in providing inputs are FIRE, IAWG and mDL DG.
AoB
- Martin shared a NIST/NCCOE release and call for comments until June 21st. Link to document: https://www.nccoe.nist.gov/sites/default/files/library/project-descriptions/data-classification-project-description-draft.pdf