Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 18 Next »

Attendees:

Voting Participants: Mark King, Mark Hapner, Martin Smith, Ken Dagg.

Non-voting participants: Jimmy Jung, Roger Quint, Pete Palmer

Guests: Jeff Tackes, USPS

Staff: Colin Wallis, Ruth Puente

Apologies from Eric Thompson and Richard Wilsher. 

Quorum: 3 out of 5. There was quorum.


Agenda


1.Administration:
a.Roll Call
b.Agenda Confirmation
c.Minutes Approval 2021-04-15 DRAFT Minutes

2. Discussion

a. Draft responses to the UK questions. 

b. Heads up on UK DCMS certification documents 
c. NIST open discussion issues in light of SP 800-63 rev.4.

d. Heads up on RFI about mDL. 


3. Any Other Business


Minutes Approval

Martin suggested an edit and the minutes were amended accordingly. 2021-04-15 Minutes were approved by motion. Moved: Mark K.  Seconded: Mark Hapner. Unanimous Approval. 


Response to UK DCMS questions 

  • Ken walked the group through the final comments available HERE 
  • Deadline to provide responses: April 30th. 
  • It was agreed that the Trust Mark should allow variations that are easily distinguishable.  
  • It was added that a Trust Mark is a mark of conformity according to IS17065 4.1.3 which says "The certification body shall exercise the control as specified by the certification scheme over ownership, use and display of licenses, certificates, marks of conformity, and any other mechanisms for indicating a product is certified".
  • Ken will finalise the comments and Ruth will submit the comments to UK DCMS team.

Heads Up: UK DCMS draft certification documents

  • Deadline to comment is May 7th. 
  • Ruth pointed out that in light of 17065 allow certification of the services and auditors and certification schemes, certification bodies should be separate of the certification scheme development. 
  • Mark K. stressed that two significant documents are missing and there is very little to comment on.  He also shared the concern that due to the confidential nature of the documents it is difficult to provide comprehensive feedback. 


Review and Comment: NIST open discussion issues in light of SP 800-63 rev.4


Heads Up: TSA RFI re mDL 

  • Colin commented that TSA released an RFI on mDL https://www.govinfo.gov/content/pkg/FR-2021-04-19/pdf/2021-07957.pdf
  • He added that TSA seeks input on mobile driver’s licenses to inform REAL ID rule making. DHS and TSA are interested in mobile driver’s licenses because, compared to physical driver’s licenses, mobile driver’s licenses could provide greater security to TSA and all federal agencies verifying an individual’s identity, stronger privacy protections to individuals, and health and safety benefits to all users by enabling touchless identity verification. The Request for Information, solicits comments and input regarding technical approaches, applicable industry standards and best practices to ensure that mobile driver’s licenses can be issued and authenticated with features that ensure security, privacy and identity fraud detection.
  • Comments may be submitted until June 18, 2021.
  • The group agreed that there are specific categories it can comment on. 



Others 

Supervised remote identity proofing. 

  • It was shared the link to NIST FAQ where it provides the difference between supervised and unsupervised remote identity proofing https://pages.nist.gov/800-63-FAQ/#q-a2
  • Jimmy added that "formal 63A supervised definition identifies 7 criteria. For us it is 63A#0520-0580 and comes down to: The Applicant can't leave. The registrar can't leave, needs to see everything and needs to be trained. If you use any scanners or sensors, they must be integrated into a terminal owned by the CSP with physical tamper detection and resistance. It needs to happen over a mutually authenticated protected channels. Asking around with folks that work closer to NIST, it seems apparent that they imagined a kiosk; but I'm not sure that the requirements demand that. Its sketchy, but it seems like a laptop with a good integrated camera might work - with tamper being the biggest issue; and how does the applicant log in if they don't have credentials ( dedicated "hardened" laptop that gets sent back and forth seems kind of bonkers). 
  • Mark H. asked who are using kiosks. It was answered that Australian Government, British Postal Office, Ontario Government (driver license and health card).
  • No labels