Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 13 Next »

Attendees:

Voting Participants: Mark King, Mark Hapner, Martin Smith, Ken Dagg.

Non-voting participants: Jimmy Jung, Roger Quint, Pete Palmer

Guests: Jeff Tackes, USPS

Staff: Colin Wallis, Ruth Puente

Apologies from Eric Thompson and Richard Wilsher. 

Quorum: 3 out of 5. There was quorum.


Agenda


1.Administration:
a.Roll Call
b.Agenda Confirmation
c.Minutes Approval 2021-04-15 DRAFT Minutes

2. Discussion

a. Draft responses to the UK questions. 

b. Heads up on UK DCMS certification documents 
c. NIST open discussion issues in light of SP 800-63 rev.4.

d. Heads up on RFI about mDL. 


3. Any Other Business


Minutes Approval

Martin suggested an edit and the minutes were amended accordingly. 2021-04-15 Minutes were approved by motion. Moved: Mark K.  Seconded: Mark Hapner. Unanimous Approval. 


Response to UK DCMS questions 

  • Draft Response HERE 
  • Deadline to provide responses: April 30th. 

Heads Up: UK DCMS draft certification documents


Review and Comment: NIST open discussion issues in light of SP 800-63 rev.4

  • Draft Comments here: GDoc rev.4 
  • Deadline to submit comments: May 15th


Heads Up: TSA RFI re mDL 

https://www.govinfo.gov/content/pkg/FR-2021-04-19/pdf/2021-07957.pdf


Others 


Supervised remote identity proofing. 

  • It was shared the link to NIST FAQ where it provides the difference between supervised and unsupervised remote identity proofing https://pages.nist.gov/800-63-FAQ/#q-a2
  • Jimmy added that "formal 63A supervised definition identifies 7 criteria. For us it is 63A#0520-0580 and comes down to: The Applicant can't leave. The registrar can't leave, needs to see everything and needs to be trained. If you use any scanners or sensors, they must be integrated into a terminal owned by the CSP with physical tamper detection and resistance. It needs to happen over a mutually authenticated protected channels. Asking around with folks that work closer to NIST, it seems apparent that they imagined a kiosk; but I'm not sure that the requirements demand that. Its sketchy, but it seems like a laptop with a good integrated camera might work - with tamper being the biggest issue; and how does the applicant log in if they don't have credentials ( dedicated "hardened" laptop that gets sent back and forth seems kind of bonkers). 
  • Mark H. asked who are using kiosks. It was answered that Australian Government, British Postal Office, Ontario Government (driver license and health card).
  • No labels