Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 15 Next »

Attendees:

Voting Participants: Mark King, Mark Hapner, Martin Smith, Ken Dagg.

Non-voting participants: Jimmy Jung, Roger Quint, Pete Palmer

Guests: Jeff Tackes, USPS

Staff: Colin Wallis, Ruth Puente

Apologies from Eric Thompson and Richard Wilsher. 

Quorum: 3 out of 5. There was quorum.


Agenda


1.Administration:
a.Roll Call
b.Agenda Confirmation
c.Minutes Approval 2021-04-15 DRAFT Minutes

2. Discussion

a. Draft responses to the UK questions. 

b. Heads up on UK DCMS certification documents 
c. NIST open discussion issues in light of SP 800-63 rev.4.

d. Heads up on RFI about mDL. 


3. Any Other Business


Minutes Approval

Martin suggested an edit and the minutes were amended accordingly. 2021-04-15 Minutes were approved by motion. Moved: Mark K.  Seconded: Mark Hapner. Unanimous Approval. 


Response to UK DCMS questions 

  • Ken walked the group through the final comments available HERE 
  • Deadline to provide responses: April 30th. 
  • It was agreed that the Trust Mark should allow variations that are easily distinguishable.  
  • It was added that a Trust Mark is a mark of conformity according to IS17065 4.1.3 which says "The certification body shall exercise the control as specified by the certification scheme over ownership, use and display of licenses, certificates, marks of conformity, and any other mechanisms for indicating a product is certified".
  • Ken will finalise the comments and Ruth will submit the comments to UK DCMS team.

Heads Up: UK DCMS draft certification documents

  • Ruth pointed out that in light of 17065 allow certification of the services and auditors and certification schemes, certification bodies should be separate of the certification scheme development. 
  • Mark K. stressed that two significant documents are missing and there is very little to comment on.  He also shared the concern that due to the confidential nature of the documents it is difficult to provide comprehensive feedback. 


Review and Comment: NIST open discussion issues in light of SP 800-63 rev.4

  • Draft Comments here: GDoc rev.4 
  • Deadline to submit comments: May 15th


Heads Up: TSA RFI re mDL 

https://www.govinfo.gov/content/pkg/FR-2021-04-19/pdf/2021-07957.pdf


Others 


Supervised remote identity proofing. 

  • It was shared the link to NIST FAQ where it provides the difference between supervised and unsupervised remote identity proofing https://pages.nist.gov/800-63-FAQ/#q-a2
  • Jimmy added that "formal 63A supervised definition identifies 7 criteria. For us it is 63A#0520-0580 and comes down to: The Applicant can't leave. The registrar can't leave, needs to see everything and needs to be trained. If you use any scanners or sensors, they must be integrated into a terminal owned by the CSP with physical tamper detection and resistance. It needs to happen over a mutually authenticated protected channels. Asking around with folks that work closer to NIST, it seems apparent that they imagined a kiosk; but I'm not sure that the requirements demand that. Its sketchy, but it seems like a laptop with a good integrated camera might work - with tamper being the biggest issue; and how does the applicant log in if they don't have credentials ( dedicated "hardened" laptop that gets sent back and forth seems kind of bonkers). 
  • Mark H. asked who are using kiosks. It was answered that Australian Government, British Postal Office, Ontario Government (driver license and health card).
  • No labels