You are viewing an old version of this page. View the current version.
Compare with Current
View Page History
« Previous
Version 2
Next »
\uD83D\uDDD3 Date
Dec 20, 2022
\uD83D\uDC65 Participants
Voting Participants
Quorum: Yes
Non-Voting Participants
Jeff Brennan and Simone Alcorn also present: Need to verify member status.
Mike McGrath will join the next call. He is a new board member.
Goals
\uD83D\uDDE3 Discussion topics
Meeting convened at 1:08pmEDT
Time | Item | Presenter | Notes |
---|
70min | Community Bank Model | Jim Kragh | Agenda: From Jim’s Email: Will have a few comments regarding the Community Bank Model that was discussed at our last meeting (a community based network infrastructure model) that CMS supports and which incorporates HL7 FHIR and surely will embrace the Digital Identity Guidelines (Draft 800-63-4) in 2023. I would like to set the stage and develop an outline for our January and February meeting so our WG can respond to NIST’s call for comments due March 24, 2023. |
| Upcoming NIST Meetings | | Upcoming meetings: NIST meeting on Jan 12 to introduce the new version 800.63.4 Jan 24 is with NIST, CARIN alliance and Kantara Then will have a closed 1:1 session with Kantara
|
| Discuss new draft 80-63-4 ABC | | Discuss new draft 80-63-4 ABC New noted in exec summary: SDOH, vulnerable population Tom: would be nice to have a 3rd party summary Jim: look at end of section 5 Tom J: does it mention smartphones? Jim is. Even without facial recognition. Bev: can we do collaborative research and community banking ethics? Jon: connected community network, banking is part of it to help normalize community around helping the underserved. Tom J: we should focus on where NIST asked for help. Pick one or two things. Suggested unattended, remote. Need to define underserved Persona (persona). The how can that person be helped. (may be unsolvable if IAl2 is required). May need biometric presence. Web authentication lets person carry a private key (smartphone or digital fob). Tom A agrees TomS: IMEI (A?) device identifier of phone has to be registered, proofed and authenticated to make a transaction. Bev: IMEI architecture is flawed, would submit that as a concern. Jeff agrees. TomS: helpful to have at least one biometric. Bev: would be hard to enforce. TomS: that’s why it needs to be more than one, not necessarily required. Bev has experience with biometrics for IRC and has had noted issues with vulnerable parties. Just be a choice by identified party which to use. TomJ: It’s not a choice by IAl2. Need to prove you have “secrets” and that you are who you are. TomS: Is phone number enough for evidence of live person? Common in banking to use phone 2FA (Tom: those are known to be weak). Mobile carriers have their own agenda and their own identity software, may be uncooperative. TomS: if feds involved they will fall in line. Tom J: like they did with JimK: we will invite telcos to get involved but won’t exactly left them to be.
Jim: without IAl2 (biometric facial) we may need two other identifiers. TomS: Mike mgcgrath may be helpful since he has experience.
|
| Resources | | |
Adjourned at 2:00pmEDT
✅ Action items
- All: Review the NIST 800.63.4 draft and pick one or two items to address from 800.63.4 beginning from line 170
- All: Review HL7 for Community Bank Discussion.
- Dr Tom: to connect with Mike McGrath
⤴ Decisions