2018-03-14 Draft Meeting Notes

Attendees

Scott Shorter, IAWG Vice-Chair

Colin Wallis, KI

Peter Alterman, SAFE BioPharma

Stuart Levy, TransUnion

Ann West, Incommon

Andrew Hughes, LC Chair

Ken Dagg, IAWG Chair

Matt King, SAFE BioPharma

Ruth Puente, KI


Incommon Report provided by Ann West 

  • Focus on implementing the Baseline Expectations.  Legal agreement and policy documents have changed.
  • Started sending Monthly metadata health checks.

Kantara Identity Assurance Working Group (IAWG) Report provided by Ken Dagg 

  • KI Service Assessment Criteria (SAC) to meet 800-63-3 requirements were approved by IAWG and are under All Member Ballot which closes on March 19th and will be published by March 21st. 
  • IAWG also approved the repackaging of the current SAC that enable part of it to be used with 800-63-3 SAC. 
  • Service Approval Handbook release with updated processes to reflect multiple classes of approval and in the assessment process it was added that minor discrepancies need to be resolved by the next Annual Conformity Review, otherwise they will become major non conformities.

SAFE BioPharma Report provided by Peter Alterman and Matt King

  • Completed 800-63-3 conformance profile and published it; copies of the procedures were sent to all the approved assessors.
  • Integration effort with NH-ISAC continues. 
  • They are promoting the use of their standard through the healthcare community; looking for more use cases in the Healthcare space. 
  • It was raised the 'Patient identity proofing' question, which will be addressed in a future call.

NIST and GSA Report provided by Colin Wallis

  • GSA informed KI that Nandini Diamond has left the FICAM Program area but no new representative was confirmed for the TFS Sync.

  • NIST:  Naomi Lefkovitz will join the next TFS calls replacing Paul Grassi.  She commented to Colin that the contractors are working on the identity evidence table and want to avoid duplication so she shared the work they have done so far,

    NIST 63A Identity evidence spreadsheet. Regarding the scope of work discussed in the previous TFS Sync, she said that they are also doing work in item b and c. 

Open Mic 

Scott Shorter commented that his concerns on 63A are partially satisfied with NIST spreadsheet (63A Identity evidence) and made a quick review as follows:

  • The spreadsheet addresses the evaluation of evidence types and provides strength of evidence and justification. Strength of evidence Table 5.1 is addressed on the file; tables 5.2 and 5.3 should be addressed in the same format. 
  • Smart cards and/or FID cards are called: SUPERIOR
  • School ID and Bank statement:  FAIR
  • Driver license: STRONG
  • Social security and birth certificate: WEAK
  • There is no differentiation among States and one of the gaps identified was that the text should differentiate the States´s driver licenses. 
  • He raised a question about Table 5.3 physical or biometric verification, which references Biometrics section on 63B: What´s applicable?, all the requirements´s set of Biometrics section or only the subset when applies to a photograph? 

Peter Alterman suggested to review the spreadsheet and share our comments and suggestions for revision and provide a common draft to Naomi. Also, he suggested that the file could be circulated in 2 circles, in a reduced group and then in the wider TFS group. 

Action items

1) Review the NIST 63A Identity Evidence spreadsheet, identify gaps, point out what is missing, make comments and concrete recommendations and then send it back to NIST. 

2) Scott Shorter to revise the scope of work according to this meeting discussion. 

3) Colin Wallis to check with Naomi if the spreadsheet can be circulated within a reduced group for a first comment cycle.