2022-12-20 Meeting Notes

 Date

Dec 20, 2022

 Participants

Voting Participants 

Name

Attending

Name

Attending

@Noreen Whysel

Y

Bev Corwin

Y

@Salvatore D'Agostino

N

Thomas Sullivan

Y

Catherine Schulten

N

Jim StClair

N

@Jim Kragh

Y

@Tom Jones

Y

Quorum: Yes

Non-Voting Participants 

Name

Attending

Name

Attending

@Simone Alcorn (Unlicensed)

Y

Maria Vechino

N

Guests/Non-Members

Name 

Present 

Jeff Brennan

Y

Jeff Brennan and Simone Alcorn also present: Need to verify member status. (Update 03/09/23: Simone signed GPA but Jeff hasn’t yet)

Mike McGrath will join the next call. He is a new board member.

Goals

  • Community Bank Model heads-up

  • Upcoming NIST meetings

  • Discuss new draft 80-63-4 ABC

 Discussion topics

Meeting convened at 1:08pmEDT

Time

Item

Presenter

Notes

Time

Item

Presenter

Notes

70min

Community Bank Model

@Jim Kragh

Agenda:

From Jim’s Email:  Will have a few comments regarding the Community Bank Model that was discussed at our last meeting (a community based network  infrastructure model) that CMS supports and which incorporates HL7 FHIR and surely will embrace the Digital Identity Guidelines (Draft 800-63-4) in 2023.  I would like to set the stage and develop an outline for our January and February meeting so our WG can respond to NIST’s call for comments due March 24, 2023.

  • Recommends everyone Review HL7 documentation for data

  • Community Bank on 4 year trial - to discuss next time

 

Upcoming NIST Meetings

 

Upcoming meetings:

  • NIST meeting on Jan 12  to introduce the new version 800.63.4

  • Jan 24 is with NIST, CARIN alliance and Kantara

  • Then will have a closed 1:1 session with Kantara

 

Discuss new draft 80-63-4 ABC

 

Discuss new draft 80-63-4 ABC

  • New noted in exec summary: SDOH, vulnerable population

  • Tom: would be nice to have a 3rd party summary

  • Jim: look at end of section 5

  • Tom J: does it mention smartphones? Jim is. Even without facial recognition.

  • Bev: can we do collaborative research and community banking ethics? Jon: connected community network, banking is part of it to help normalize community around helping the underserved.

  • Tom J: we should focus on where NIST asked for help. Pick one or two things. Suggested unattended, remote. Need to define underserved Persona (persona). The how can that person be helped. (may be unsolvable if IAl2 is required). May need biometric presence. Web authentication lets person carry a private key (smartphone or digital fob). Tom A agrees

  • TomS: IMEI (A?) device identifier of phone has to be registered, proofed and authenticated to make a transaction.

  • Bev: IMEI architecture is flawed, would submit that as a concern. Jeff agrees.

  • TomS: helpful to have at least one biometric. Bev: would be hard to enforce. TomS: that’s why it needs to be more than one, not necessarily required. Bev has experience with biometrics for IRC and has had noted issues with vulnerable parties. Just be a choice by identified party which to use.

  • TomJ: It’s not a choice by IAl2. Need to prove you have “secrets” and that you are who you are.

  • TomS: Is phone number enough for evidence of live person? Common in banking to use phone 2FA (Tom: those are known to be weak). Mobile carriers have their own agenda and their own identity software, may be uncooperative. TomS: if feds involved they will fall in line. Tom J: like they did with

  • JimK: we will invite telcos to get involved but won’t exactly left them to be.

  • Jim: without IAl2 (biometric facial) we may need two other identifiers.

  • TomS: Mike mgcgrath may be helpful since he has experience.

 

 

Resources

 

 

 

Adjourned at 2:00pmEDT

 Action items

All: Review the NIST 800.63.4 draft and  pick one or two items to address from 800.63.4 beginning from line 170
All: Review HL7 for Community Bank Discussion.
Dr Tom: to connect with Mike McGrath

 Decisions