2018-03-01 IAWG Minutes
- Former user (Deleted)
Owned by Former user (Deleted)
Attendees
Voting participants: Jose Lopez, Zentry; Scott Shorter, Vice Chair; Ken Dagg, Chair; Richard Wilsher, Zygma; Mark Hapner, Resielient
Staff: Colin Wallis; Ruth Puente
Quorum: There was quorum (5 voting participants out of 8)
Minutes Approval
2018-02-22 DRAFT IAWG Minutes were approved by motion. (SS made the motion and was seconded by MH)
Updates
- SAC for 800-63-3 out for LC vote.
- 4 new members joined Kantara this year.
- TFS Sync: there is a proposal to work on 800-63-3 Identity evidence examples. CW had a call with NIST, which commented that they have been working on creating the list of identity evidence.
- Increased number of downloads, UMA, Consent Receipt and Blockchain and Smart Contracts are the top ones.
Approval of 1410 and 1420
- CW pointed out that the 'Notice' section text has conflicts with the current IPR policy (version 2.0) on the derivative works. The Notice text says 'no derivative works' but the IPR policy ARTICLE 3 COPYRIGHT allows derivative works (3rd line) https://kantarainitiative.org/wp-content/uploads/2014/08/KantaraInitiativeIPRPolicies_V2.0.pdf It was agreed that a rewording of that section was needed, so CW will provide a new wording for that.
- After the review of revised IAF 1410 v0.3.0 and IAF 1420 v0.3.0 the IAWG approved the documents subject to the new text that CW will provide for the 'Notice' Section to clarify the IPR policy description.
- Revised Documents: Kantara IAF-1410 Commonly-Applicable Service Assessment Criteria v0.3.0.docx and Kantara IAF-1420 Operational 63-2 Service Assessment Criteria v0.3.0.docx
Any other Business
- MH commented that once the Real ID is issued, NIST should see how to fit it into 800-63-3. RW made the following questions: what makes a Real ID credential better than the pre-existing forms; what would allow states to be variable in the implementation? MH responded that from the basic proofing aspect, the requirements are based on citizenship criteria and all of the other variations on how a person is legally in the country (passport or birth certificate, social security card, which should be validated with the issuing agencies, also proof of address that needs to be validated, digital photo, etc.) There are 17 security factors integrated into the credential itself. He could not find the security elements. He added that he will provide a written explanation in the following meeting.
- KD commented about the news 'US carriers testing replacement for two-factor authentication' and pointed out that it will probably affect us.
Next meeting: March 15