...
Voting Participants: Ken Dagg; Richard Wilsher; Mark Hapner; Martin Smith
Non-voting members: Ann R.Racuya-Robbins, World Knowledge Bank
Staff: Colin Wallis and Ruth Puente
Quorum: As of 2019-12-19, quorum is 3 of 5. There was quorum
Agenda
- Administration:
- Roll Call
- Agenda Confirmation
- Action Item Review: action item list
- Minutes approval:
...
- 2020-02-20 Draft Minutes 2020-02-06 Draft Minutes 2020-01-09 Draft Minutes
- Staff reports and updates - Keeping up with Kantara February 2020and February Director's Corner
- LC reports and updates
- Call for Tweet-worthy items to feed (@KantaraNews)
2. Discussion
- Develop comments on PCTF Organization component - Please see initial comments attached.
- Address ARB concerns on OP-SAC with regard to phishing attacks, by adding a phrase to AL3_CM_CTR#020 (See 2020-02-20 Draft Minutes)
3. Any Other Business
Minutes Approval
2020-01-09 Draft Minutes were approved by motion. Martin moved and Ken seconded
2020-02-06 Draft Minutes were approved by motion. Mark moved and Richard seconded
2020-02-20 Draft Minutes were approved by motion. Richard moved and Mark seconded
Updates
- 63C sub-group had its first meeting on March 4th, 2020.
- Comments are being prepared for UK Government Digital Services on their GPG44 (Using authenticators to protect an online service).
Outstanding issue on OP-SAC
- Ruth commented that the IAWG has previously agreed to address ARB concerns on OP-SAC with regard to phishing attacks, by adding a phrase to AL3_CM_CTR#020 (See 2020-02-20 Draft Minutes)
- The action is still open, Richard is working on new wording.
Comments on PCTF Organization Component
- Ken has walked the group through through each of the initial comments he added here DIACC-Comment-Submission-Spreadsheet-Verified-Organization-ENG KD (1).xlsxWhen doing business, it is desirable to be a Verified org
- Ken was disappointed with the amount of editorial mistakes on the text.
It was commented that it's critical that when we are doing business, the organization we are making a transaction with be a verified organization. The main goal is to have process in place to ensure that federation networks are accountable and reliable and that exists and can be collected.
Examples of registering baking account: visit to your establishment. Incorporation in Canada lot of evidence.
-Enabling business to go to a validation process.
-Ask for a use model/case.
-electronic signature
Line 99 Add a termination/dissolution function. List all the things that
Authorized agent = CSP
DUNS Registry – british entity AAuthority
Richard Rely upon your judgement and ship them to DIACC
Ken Is this anything we can include in the IAF.? Richard, yes but Refine and then move to adopt
- Ken said that on the Privacy related ones, they must identify a valid reason for collecting information and get the proper consent. Richard asked if it's exclusively for the purposes of identity proofing. Ken confirmed yes. Richard stated that 63-3 provision on that says that we only should collect only information to uniquely establish the identity.
- Martin asked what aspect DUNS does not cover. Richard added that it's not a guaranteed source. Martin clarified it's a British entity. Ken will investigate about DUNS Registry.
- The participants agreed with the comments and asked Ken to submit them to DIACC.
- Ken asked if some of these PTCF criteria can be included in the Kantara IAF. Richard, answered affirmative but he suggested to wait for DIACC to refine the text and then explore its adoption.
- Ken pointed out that PCTF could be another KI class of approval. Richard added that we could extend the range of criteria in the CO-SAC, which will affect Classic and 800-63 rev.3, but it won't solve the Canadian requirements. Therefore, Richard supports Ken's suggestion that the better path would be to create a new class of approval with the Canadian full set of criteria.