Attendees:
Voting Participants: Mark King, Mark Hapner, Martin Smith, Ken Dagg.
Non-voting participants: Jimmy Jung, Roger Quint, Pete Palmer
Guests: Jeff Tackes, USPS
Staff: Colin Wallis, Ruth Puente
Quorum: 3 out of 5. There was quorum.
Agenda
1.Administration:
a.Roll Call
b.Agenda Confirmation
c.Minutes Approval 2021-04-15 DRAFT Minutes
2. Discussion
a. Draft responses to the UK questions.
b. Heads up on UK DCMS certification documents
c. NIST open discussion issues in light of SP 800-63 rev.4.
d. Heads up on RFI about mDL.
3. Any Other Business
Minutes Approval
2021-04-15 Minutes were approved by motion. Moved: Mark K. Seconded: Mark Hapner. Unanimous Approval.
Response to UK DCMS questions
- Draft Response HERE
- Deadline to provide responses: April 30th.
Heads Up: UK DCMS draft certification documents
Review and Comment: NIST open discussion issues in light of SP 800-63 rev.4
- Draft Comments here: GDoc rev.4
- Deadline to submit comments: May 15th
Heads Up: TSA RFI re mDL
https://www.govinfo.gov/content/pkg/FR-2021-04-19/pdf/2021-07957.pdf
Others
https://pages.nist.gov/800-63-FAQ/#q-a2
"formal 63A supervised definition identifies 7 criteria. For us it is 63A#0520-0580 and comes down to:
The Applicant can't leave. The registrar can't leave, needs to see everything and needs to be trained. If you use any scanners or sensors, they must be integrated into a terminal owned by the CSP with physical tamper detection and resistance. It needs to happen over a mutually authenticated protected channels.
Asking around with folks that work closer to NIST, it seems apparent that they imagined a kiosk; but I'm not sure that the requirements demand that. Its sketchy, but it seems like a laptop with a good integrated camera might work - with tamper being the biggest issue; and how does the applicant log in if they don't have credentials. ( dedicated "hardened" laptop that gets sent back and forth seems kind of bonkers)