Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

Attendees:

Voting Participants: Andrew Hughes [Ping], Jimmy Jung [Slandala], Richard Wilsher [Zygma], Mark King, Mark Hapner, Chris LaBarbera [Verizon], Denny Prvu [RBC]
Non-voting Participants: Mike Magrath [Easy Dynamics], Yehoshua Silberstein [Notarize], Tim Anderson [ID.me], Tim Reiniger
Staff: Amanda Gay, Kay Chopard

Proposed Agenda

  1. Administration:

  2.  Discussion:  800-63-3 Criteria Issues to Resolve 

    • T5-1 notification

    • supervised remote proofing proposal

    • OPD#0010

    • S3A

  3. Any Other Business

Meeting Notes 

Administration:

IAWG Chair Andrew Hughes called the meeting to order.  Roll was called. Meeting was quorate.

Minutes Approval 

Jimmy Jung moved to approve the draft minutes from the August 10th IAWG meeting. Mark Hapner seconded the motion. Motion carried with no objections.

Kantara Updates

Kay shared upcoming conferences she’ll be attending - FedID, Identity Week, and others in London and potentially Singapore.

Assurance Updates

Kay reported it’s still a full pipeline in the U.S. - but much slower in the U.K. She’s hoping that changes and hopes to hire on a Program Manager over there that can run the program similarly to how Lynzie runs the U.S. program. There have been lots of conversations with several agencies - including GSA - about our program and the need to have a Kantara Trust Mark to be on their schedule.

Discussion:

T5-1 notification

Andrew shared the drafted notification and provided background information for anyone not aware. Richard moved to accept the notification as-is and published. Andrew seconded the motion. Motion carries with no objections. Notice will be sent out to relevant parties next week.

Supervised Remote Proofing Proposal

A small group discussed the criteria and developed the following proposal for #0490-#0580 . Jimmy walked the group through the proposal - the discussion was around how strictly do we want to follow 63-3 and are some of these things good ideas regardless of what identity level they are directed towards. #0490-#0510 are staying in as more general requirements. #0520-#0550 were removed as the group agreed there was some risk for an IAL2 person to take those criteria on. Same goes for #0570 - too difficult at IAL2. The group suggests leaving the training (#0560) and communications (#0580) criteria applicable at IAL2 because they are covered in other places within the SAC at IAL2 (referenced in the guidance).

Andrew believes after reviewing the proposal that it does reflect the previous conversations the larger group has had regarding these criteria. Yehoshua questioned leaving #0490-#0510 applicable to IAL2. His concern is if a provider is using a proofing supervisor who is not responsible for evaluating the biometrics - it’s an automated system - then the supervisor would not be trained in this and a provider could not fulfill these criteria. Jimmy believes the requirement needs to be there - if you are using biometrics, then you need to deal with 63B (#0620-#0680).

Jimmy suggested a criteria edit that could address the concern of moving the focus from the supervisor to the performance - “If the CSP provides Supervised (Remote or In-person) proofing it SHALL ensure that the technologies and procedures fulfill the biometric performance requirements expressed in 63A#0620 to 63A#0680 inclusive.

Richard pointed to the source text - 5.3.3.1 part 1 refers to the operator but part 2 does not. So perhaps the reference to the proofing supervisor in #0500 and #0510 is a little bit too much. Tim asked why we use the term biometric in #0500. Biometric is the result of running the computation on the selfie image, etc. You don’t need the biometric to do the remote physical comparison. Richard cited the source text on 5.3.3.1. Yehoshua mentioned it’s a bit contradictory and circular. The group reviewed and discussed Table 5-3 in the source text. After the discussion, Richard suggested striking the reference to 63A#0620 to 63A#0680.

OPD#0010

S3A

Any Other Business

Andrew shared that Ping Identity doubled in size - Ping’s owner purchased ForgeRock and they will be rolled into Ping. Hopefully this will allow Andrew to bring more people into the Kantara space with this acquisition.

  • No labels