...
- Ken walked the group through the comments and suggestions that have been received to date.
- Tom Barton provided a set of comments on 63C, see Comments on 800-63c TomB-2.docx
Tom Barton general comments:
-a. 63c does not seem to deal with B2B, it seems completely addressing C2B use cases. GDPR recognizes the distinction between B2B and C2B and he believes that 63C should also. His suggestion is that they should recognize it, possibly by adding separate editions of 63C, one for consumers and one for businesses. Mark King added that if we're making distinction between C2B, we might also need to make a distinction with C2G. Tom Jones suggested that 'B' is not the right term here and this term would be 'Enterprise' rather than 'Business' so that you would cover both government and business. Ken said that this TB comment should be applicable for the 3 volumes not only 63C. Tom Jones also suggested to use 'Trust Federation'. Ken requested to Tom and Mark to provide him with some suggested text to use in these and he will incorporate that into the response.
b. Add Vvry stringent security requirements on IdPs, but none are specifically placed on RPs and 63c. He's just basically saying that there should be relevant operational security requirements placed on RPs as well as the idps.