Versions Compared

Old Version 3

changes.mady.by.user Lynzie Adams

Saved on

compared with

New Version Current

changes.mady.by.user Lynzie Adams

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

NOTICE: Public review for comments and IPR review for Kantara Initiative xAL3 SACsCO_SAC


Dear Kantara Initiative Members and Community,

This is a formal notification that the Identity Assurance Work Group (IAWG) has approved the following documents document as IAWG-Approved Draft Recommendations and their distribution for public comment and IPR Review: 


Document: KIAF-1430 SP 800-63A Service Assessment Criteria & Statement of Criteria Applicability1410 CO_SAC

Version:  4.0.6

Document Date: 2021-08-26

Document URL: Download Document

Document: KIAF-1440 SP 800-63B Service Assessment Criteria & Statement of Criteria Applicability

Version: 4.0.33.2.0

Document Date: 2021 2022-0804-2614

Document URL: Download Document


These documents have entered a 45-day public comment and IPR review period in preparation for an all-member ballot to consider their approval as Kantara Initiative Recommendations. 

...

Public Review and IPR Review Period Opens: 2021 2022-09-07, 3:00PM ET04-20; 18:00 UTC

Review Period Closes: 2021 2022-10-21, 3:00PM ET06-05; 18:00 UTC


Overview of DocumentsDocument:

Two years ago, Kantara developed This specification sets forth KI's Service Assessment Criteria (SAC) to be used in SP 800-63 rev.3 conformity assessments for identity proofing and authentication services at Assurance Level (AL) 2. These SAC were derived from the strictly normative requirements (i.e. criteria were only developed from guidance expressed using ‘SHALL’) of SP 800-63A and ’63B at IAL2 and AAL2’ respectively, as they applied to Credential Service providers (CSP)for assessments whose scope includes the good standing of the organization which provides the service which is subject to assessment, generally referred to as the CO_SAC.  Since their publication Kantara has granted a number of Approvals based on these criteria and anticipates growing interest in these Approvals in the short to medium term.  The sponsor of that work, ID.me, generously provided to Kantara additional sponsorship to develop SAC focused on SP 800-63C, i.e. addressing federations, at FAL2.

ID.me has now extended their generous support to enable Kantara Initiative to develop level 3 criteria, i.e. IAL3, AAL3 and FAL3.

A contracted editor has developed draft criteria for the three SACs and these

A contracted editor reviewed the current version and proposed revisions for clarification.  These have been reviewed by a sub-group of the Identity Assurance Work Group (IAWG).   In addition to this, the IAL2 and AAL2 criteria have been reviewed and some additional criteria, previously excluded because they did not apply directly to CSPs, have been introduced to provide the same scope of coverage as was developed for FAL2. There  There have also been some consequential changes to align criteria. The IAWG has now reviewed and approved each of these xAL3 extensions this revision and Kantara is now releasing these criteria for a 45-day Public Review.

Accordingly, attached are three XLS is a XLS documents (KIAF-1430 63A1410 CO_SAC v3.1.10, KIAF-1440 63B_SAC v3.0.7, KIAF-1450 63C_SAC v0.17.0).  Each document includes a control tab which we are seeking to have reviewed, namely the tabs labelled ‘63A/B/C_SAC’.In each of the subject tabs you 2.0). You need only review those criteria which are, in part or whole, in red text.  The subject tabs include:

  • the source 800-63C texts on which have been based the derived Kantara
  • the entities towards whom each criterion is directed 
  • a unique tag for each criterion, some with sub-parts - note that for 63A and
  • 63B_SACs the criteria are being amended to achieve greater consistency and
  • sequencing   
  • the criterion itself 
  • the applicable AL
  • provision for commenting

Kantara invites your review of these documents and asks that you submit any comments and proposed revisions on or before 2020before 2022-0906-2105. As this deadline will be strictly adhered to, late submissions will not be taken into account.

When commenting, please provide a three/four letter identifier in the column headed ‘Initials’ (e.g. your own initials or something to identify the entity on whose behalf you are commenting, and a #<sequence number>, to ensure easy unique identification of your comments) and your review comment in the adjacent right-hand column.  We will especially appreciate and respond to comments which offer some kind of solution (e.g. revised wording) in addition to a statement describing the problem which is being addressed.

This is an open invitation to comment. Kantara Initiative solicits feedback from potential users, developers and, other interested parties, whether Kantara Initiative members or not, for the sake of improving the interoperability and quality of its technical work.

...