PCIPR20200609

NOTICE: Public review for comments and IPR review for Kantara Initiative 63C_SAC (FAL2)

Dear Kantara Initiative Members and Community,

This is formal notification that the Identity Assurance Work Group (IAWG) has approved the following document as an IAWG-Approved Draft Recommendation and its distribution for public comment and IPR Review: 

Document: KIAF 1450 “Identity Assurance Framework:  NIST SP 800-63C Service Assessment Criteria (at FAL2)”. 

Version: 0.15.0

Document Date: 2020-06-04

Document URL: KIAF 1450 - 63C_FAL2 

This document now enters a 45-day public comment and IPR review period in preparation for an all-member ballot to consider its approval as a Kantara Initiative Recommendation. 

Public Review and IPR Review Period Opens: 2020-06-09, 5:00PM ET

Review Period Closes: 2020-07-24, 5:00PM ET

Overview of Document:

Two years ago, Kantara developed Service Assessment Criteria (SAC) to be used in SP 800-63 rev.3 conformity assessments for identity proofing and authentication services at Assurance Level (AL) 2.  These SAC were derived from the strictly normative requirements (i.e. criteria were only developed from guidance expressed using ‘SHALL’) of SP 800-63A and ’63B at IAL2 and AAL2 respectively, as they applied to Credential Service providers (CSP).  Since their publication Kantara has granted a number of Approvals based on these criteria and anticipates growing interest in these Approvals in the short to medium term.  The sponsor of that work, ID.me, has generously provided to Kantara additional sponsorship to develop SAC focused on SP 800-63C, i.e. addressing federations, at FAL2.

After a contracted editor developed draft FAL2 SAC, a sub-group of the Identity Assurance Working Group (IAWG) was assembled to review and provide recommended enhancements to these draft FAL2 criteria.  The participants of this sub-group are recognized within the attached draft SAC document.  Kantara is now releasing these criteria for a 45-day Public Review.

Accordingly, attached is an XLS document (KIAF-1450 63C_SAC v0.15.0).  This document includes two document control tabs, one tab of notes helping reviewers to understand the context in which the criteria have been drafted, and two tabs which we are specifically asking you to review, labelled ‘63C_FAL2’ and ‘Definitions’.  The 63C_FAL2 tab includes:   

• the source 800-63C texts on which have been based the derived Kantara criteria (cols. A – H); 
• the entities towards whom the criterion is directed (cols. I – L.  Note that -63C addresses four types of entity); 
• a unique tag for each criterion, some with sub-parts (cols. M – P);   
• the criterion itself (col. Q);   
• the applicable AL (cols. R & S – note that all are AL2 but these columns allow or future expansion to include criteria addressing FAL3);   
• provision for commenting (cols. T & U) - see below).

Kantara invites your review of these documents and asks that you submit any comments and proposed revisions on or before 2020-07-24.  As this deadline will be strictly adhered to, late submissions will not be taken into account.

When commenting, please provide a three/four letter identifier in the column headed ‘Initials’ (e.g. your own initials or something to identify the entity on whose behalf you are commenting - we will ensure it is unique amongst all submissions) and your review comment in the adjacent right-hand column.  We will especially appreciate and respond to comments which offer some kind of solution (e.g. revised wording) in addition to a statement describing the problem which is being addressed.  Under the definitions tab these commenting columns are D & E.

This is an open invitation to comment. Kantara Initiative solicits feedback from potential users, developers and, other interested parties, whether Kantara Initiative members or not, for the sake of improving the interoperability and quality of its technical work.

To Comment on the Recommendation:

To comment please use the form located at: https://kantarainitiative.org/comment/   

______________

Intellectual Property Rights Notice:

Note that any submissions are deemed to be contributed under the IPR Option of the WG: Patent & Copyright: Reciprocal Royalty Free with Opt-Out to Reasonable And Non-discriminatory (RAND).

Intellectual Property Rights Notice: In accordance with the Kantara Initiative IPR Policy Appendix B Article 5 and the Kantara Initiative Operating Procedures Section 7.5, you have a period of 45 days to review the criteria for any Necessary Claims that may be implicated by the criteria.

While there is no requirement to review your patent portfolio for Necessary Claims, please be advised that unless you provide a licensing objection in accordance with the Kantara Initiative IPR Policy Article 5 or a notice of withdrawal in accordance with Kantara Initiative IPR Policy Article 6 on or before 2020-07-24 you will have committed to the licensing provisions as set forth by the Patent & Copyright: Reciprocal Royalty Free with Opt-Out to Reasonable And Non-Discriminatory (RAND) IPR Policy with respect to any Necessary Claims implicated by the final approved criteria.

Having signed the Group Participation Agreement (GPA) all members of the IAWG should be familiar with these documents, which may create obligations regarding the disclosure and availability of a member’s patent, copyright, trademark and license rights that read on an approved Kantara Initiative Recommendation.

Kantara Initiative invites any persons who know of any part of this Group output that would infringe on third party intellectual property rights to disclose such infringement claims so that these claims may be provided to the Group members for resolution.
 
To submit an Intellectual Property Rights infringement claim, email staff@kantarainitiative.org  with the subject "IAWG IPR CLAIM".

____________________

Please contact the Kantara Initiative staff at staff@kantarainitiative.org with any questions regarding this notice.  

We thank you for your time and interest.