Date
2019-01-30
...
- Call to order
- Roll Call & Determination of quorum status
- Reminder about the Group Participation Agreement
- Agenda bashing
- Introductions
Standing Agenda Items - Schedule status updates
- Contributions status updates
- Writing teams status updates
- All Other Business (AOB)
- Adjourn
...
Joe Andrieu, Terry McBride, Colin Wallis,
Discussion Items
Time | Item | Who | Notes |
---|
5 min | - Call to order
- GPA reminder
- Roll call
- Agenda bashing
| Chair |
|
| Introductions | All | Welcome!
|
| New Business | All | - Discuss terminology emails
|
| Schedule updates - Status
- Issues
- Next period plan
| Chair | calendar |
---|
id | 308e504f-b7f1-4b7c-90ae-ac5684fb7c65 |
---|
|
|
| Contributions updates - Status
- Issues
- Next period plan
| Chair | - JJ - Experian Remote ID proofing to NIST IAL2
- Stuart - UK Housing
- Joe - W3C
- John - Aadhaar
- Aasim - end next week estimate
- John - Peru
- John - Mexico
- Andrew - Alipay
- Andrew to use Chinese financial regulator rules to create a use case; Alipay folks are looking for best path to contribute their use cases
- Peter - Airside Mobile
- Others?
- Terry - USPS x 5
- Has mapped the use case steps back to requirements of NIST SP 800-63-3A
- Comment: is it possible to reach IAL2 without using a photo?
- Walked through In Person Proofing As A Service use case
- Q: Is it always necessary to check with an issuer/authoritative source? Or is an examination of the security features of the credential sufficient?
- A: 63-3A there's an issue that an 'Authoritative Source' must have access to the data at the 'Issuing Source' - this is not practical in many/most cases - so compensating controls are required.
- 63-3A says 'published by an issuing source' - technically, for example, a drivers license is 'published' so does that count?
- Walked through Device ID and Reputation case
- explores what is meant as 'evidence' and how risk-based insights about the person/browser agent could be folded into recognition processes (e.g. device fingerprinting)
- Comments: Look into valididy to see if they have material for this DG
- Comments: taking ongoing relationship with RP into account to elevate IAL over time - e.g. ongoing use of financial services
|
| Writing teams updates - Status
- Issues
- Next period plan
| Chair |
|
| AOB | Chair | Terminology discussion - Joe - email looking at the terminology 'replacement rule' - boils down to comparison between two 'entities' that are actually different - this should be resolved somehow
- Terry - https://plato.stanford.edu/entries/qt-idind - a paper on what makes an entity the 'same' entity?
- Richard - might be useful to qualify the term 'entity' with adjectives describing what stage of 'proofing-ness' it has attained so far (paraphrased)
- Joe - the objective is to compare the information about the applicant to the identity information records held at the authoritative sources to determine if the applicant is the expected entity (paraphrased)
- Richard - describe this a 'presented profile' from the applicant versus the 'recorded profile' held at the authoritative source (paraphrased)
- This needs more analysis - on the list
|
| Adjourn | Chair | Next DG meeting Wednesday, January 30February 06, 2019 11:00 Pacific Standard Time / 14:00 Eastern Standard Time / 19:00 GMT https://global.gotomeeting.com/join/132339365 |
...