Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Attendees:

Voting Participants: Ken Dagg, Martin Smith, Mark Hapner, Jimmy Jung, Richard Wilsher, Mark King

Non-voting participants: Andrew Hughes, Eric Thompson

Staff: Lynzie Adams

Proposed Agenda

  • Administration:
    • Roll call, determination of quorum
    • Agenda confirmation
    • Minutes approval - 2022-01-13 DRAFT Minutes
    • Staff reports and updates
    • International liaisons updates
    • LC reports and updates
    • Call for Tweet-worthy items to feed (@KantaraNews)
  •  Discussion: 
    • Component services language update/review
    • Brainstorm/compile list of 800-63 rev. 4 revision suggestions
  • Any Other Business and Next Meeting Date
    • Next meeting - February 3

Meeting Notes 

Administrative Items:

IAWG Chair Ken Dagg called the meeting to order.  Roll was called. Meeting was quorate. Distributed agenda was confirmed. 

Minutes approval:  Mark Hapner motioned to approve the draft minutes from the January 6 IAWG meeting. Martin Smith seconded the motion. The minutes, as distributed, were approved unanimously.

Staff Reports and Updates:

Kay is unable to join today. As mentioned, the Assurance Program is extremely busy. ZenKey was fully ratified by the Board last week. One CSP was just recommended by the ARB for Board approval. Another will be going to an eBallot today for the ARB to vote. 

International Liaisons Updates: N/A

LC Reports and Updates:

LC is putting together a pre-conference workshop for EIC in Berlin this May. Look for more details if you're heading to the conference in May. 

Discussion:

Component Services Language 

Lynzie identified specific criteria the ARB continually addresses as needing to be modified to include component services. The ARB has now motioned to approve two CSPs under the condition that their first ACR will need to meet this new criteria, if available by that time. 

63A criteria includes - #0040 - Privacy Policy, #0060, #0062, #0070 - Redress, and #0100 Credentialing Practices Statement. 

The ARB does not feel that component services should get a pass from these requirements due to the fact that they do not engage with the end user (applicant). One assessor provided feedback regarding use of the word applicant: "use of the word ‘applicant’ in some of the requirements makes it nearly impossible for some component providers to agree to those requirements and get them passed through their legal review – in cases where they are more focused on the B2B experience for example."

IAWG members

NIST Rev. 4 Suggestions

Possible areas to comment on Rev. 4:

  • 5.3.3.2 - Requirements for Supervised Remote In-Person Proofing - The CSP SHALL employ physical tamper detection and resistance features appropriate for the environment in which it is located. For example, a kiosk located in a restricted area or one where it is monitored by a trusted individual requires less tamper detection than one that is located in a semi-public area such as a shopping mall concourse. - Send guidance on what we consider appropriate for an environment. 
  • Comparable Alternative Controls – how they will be addressed?
  • Federation Agreements

Less content/ more clerical:

  • Document structure.
  • Consistency in use of terms.
  • Inclusiveness suggestions (increasing)

Other Business:

The next IAWG meeting will be Thursday, February 3 at 1pm EST. We will continue with today's agenda items. 

  • No labels