...
- Given the amount of comments on IAL2, Richard suggested to address them under the Annual annual review of the criteria.
- Regarding 4.2 (row 3), it was agreed to add as a point of guidance that there is nothing wrong with collecting additional information if the RP is requesting it or the service requires it, but it cannot be used to deny existence of an identity against the basic proofing policy. Martin asked to add this point to the comments for NIST.
- It was clarified that CSP in Kantara means Credential Service Provider, for the performance and provision of services that include, identity proofing, binding identity to credentials, authentication, manage the lifecycle of credential, so we have a boundary on these set of concepts with the interface to RPs. Therefore, a credential would be granted to the person that passes the proofing test against the published proofing policy, and then the RP would decide what it wants to do with that identity and how it wants to treat the claimant.
Update on sub-group:
- 12-month review of all the criteria.
- NIST request for comments on 63-3 deadline is August 10th.
- Blacklist vs Whitelist at 63C SAC: Richard suggested to change those terms by "allow list" and "deny list". Motion to approve the new terms. Moved: Tom Jones moved; Seconded: Richard Wilsher. Ken will add it as suggestion to NIST for Rev.4
...