Versions Compared

Old Version 19

changes.mady.by.user Former user

Saved on

compared with

New Version 20

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • The xAL3 SACs will go as a package for 45-day Public Comment and IPR Review.
  • Mark Hapner asked if in terms of the overall impact there are improvements or extensions; What was the actual objective for the changes in general? Richard responded that we have to go back to the NIST requirement for that. He thinks it's a question of demanding greater rigor or in some cases denying some of the authentication techniques that might be allowed at level 2 because they were not considered to be strong enough for level 3. As you move from one assurance level to the next stronger higher level, it's all a question of removing weak solutions and increasing the rigor. Richard pointed out that it was made an extension to the user guide in that document, in order to make the point that these criteria are simply Kantara's way of interpreting the normative statements which NIST have made and we don't offer an explanation of why those criteria should be. So to understand that you have to go back to NIST SP 800-63-3 appropriate volume. 

    Mark Hapner: What do you think the impact on RPs and CSPs will be too actually conform to these changes? Richard responded that it depends on the individuals, they may have already gone ahead read the NIST specs and implemented something which they believe to be IAL 3 conformant. They have to review these criteria that we've produced and consider whether they can fulfill them if they were to go through an assessment process. It's a question of the maturity with regard to this standard of the any particular organization.


Review and approve the Revised Glossary & Overview

  • Richard commented that 4 comments were received from Mark King, so Richard and Ken provided a disposition of comments on the glossary Kantara IAF-1050 v1.0.7 DoC v1.0.xlsx
  • He stressed that we’re not defining for the World but only for Kantara.
  • Further review and approval was deferred for next week. 


Kantara comments on how SP 800-63-3 could be revised for NIST’s consideration in developing Revision 4 

  • Ken walked the group through the comments and suggestions that have been received to date.
  • Tom Barton provided a set of comments on 63C, see Comments on 800-63c TomB-2.docx

...

  • Ken commented that the Digital Identification and Authentication Council of Canada (DIACC) have just released another two components of the Pan Canadian Trust Framework (PCTF) for review. The PCTF Assessment component establishes the certification scheme that verifies that a process, service, or product conforms with PCTF criteria. The PCTF Infrastructure (Technology and Operations) component identifies the policies, plans, technology and technology operations required to implement the principles of the PCTF Profiles in the context of a Digital Identity Ecosystem. It also identifies the criteria that will be used assess that a service’s technology and operations meet those requirements. At the 2020-07-30 meeting, Ken will ask IAWG if we wish to develop comments to submit to DIACC. 
  • It was agreed to start reviewing and generating comments on the next IAWG meeting.
  • Link to DIACC request for comments: https://diacc.ca/2020/07/20/assessment-infrastructure-technology-operations-draft-recommendations/

Review and approve the revised Glossary & Overview

  • Richard commented that 4 comments were received from Mark King, so Richard and Ken provided a disposition of comments on the glossary. 

...