...
- The xAL3 SACs will go as a package for 45-day Public Comment and IPR Review.
- Mark Hapner asked if in terms of the overall impact there are improvements or extensions; What was the actual objective for the changes in general? Richard responded that we have to go back to the NIST requirement for that. He thinks it's a question of demanding greater rigor or in some cases denying some of the authentication techniques that might be allowed at level 2 because they were not considered to be strong enough for level 3. As you move from one assurance level to the next stronger higher level, it's all a question of removing weak solutions and increasing the rigor. Richard pointed out that it was made an extension to the user guide in that document, in order to make the point that these criteria are simply Kantara's way of interpreting the normative statements which NIST have made and we don't offer an explanation of why those criteria should be. So to understand that you have to go back to NIST SP 800-63-3 appropriate volume.
Mark Hapner: What do you think the impact on RPs and CSPs will be too actually conform to these changes? Richard responded that it depends on the individuals, they may have already gone ahead read the NIST specs and implemented something which they believe to be IAL 3 conformant. They have to review these criteria that we've produced and consider whether they can fulfill them if they were to go through an assessment process.
Kantara comments on how SP 800-63-3 could be revised for NIST’s consideration in developing Revision 4
...