...
Verified Login Component and Conformance Profile of the Pan Canadian Trust Framework (PCTF)
Background
- 2019-12-17 IAWG has decided to comment on the updated version of the Verified Login Component of the Pan Canadian Trust Framework (PCTF) developed by the Digital Identification and Authentication Council of Canada (DIACC).
- The two documents open for comments, PCTF Verified Login Component Overview & Conformance Profile Draft Recommendations V1.0, are available at: https://diacc.ca/2019/11/20/verified-login-overview-conformance-draft-recommendations/
- Ken Dagg has prepared the log indication how DIACC addressed the 12 comments that IAWG submitted on the first version. Please see the Disposition of Comments here: DIACC_Submission-Form_Verified-Login_ENG KI IAWG v1.0 Disposition.xlsx
- DIACC Call for Comments Opens: November 20, 2019 at 23:59 PST | Closes: January 20, 2020 at 23:59 PST
- 2019-12-19 Ken has started the process of generating comments of the second release of the PCTF's Verified Login Component. He has put his comments into the attached DIACC comment sheet: PCTF Verified Login Comments KD.xlsx
During the meeting, Ken has walked the IAWG through the initial comments PCTF Verified Login Comments KD.xlsx; Martin and Mark agreed to the comments and suggested some minor tweakschanges:
- Elaborate on 267-272 and 273-280
- 371 - 378: Suggested changes "Change to “A Session is a persistent interaction between a Subject and an end-point, such as a Credential provider or Relying Party. At some point in a Session a subsesion may be initiated to authenticate a Subject. This Authenticated Session Initiation must begin with an Authenticated Credential. The output of the Authenticated Session Initiation is an Authenticated Session, which is persistent interaction between Subject and end-point. If the authentication process conforms to LOA2, then the Authenticated Session must be considered LOA2. If the authentication process conforms to LOA3, then the Authenticated Session must be considered LOA3. Other separate subsessions may be required, for example, to satisfy federation and single sign-on (SSO) use cases. This Trusted Process is optional.” "
- It was agreed to add the above editions to the final draft and submit the IAWG comments to DIACC.