IAWG Meeting Minutes 2017-03-02

Kantara Initiative Identity Assurance WG Teleconference

Date and Time

Agenda

  1. Administration:
    1. Roll Call
    2. Agenda Confirmation
    3. Minutes Approval: 
    4. Action Item Review: action item list
    5. Organization Updates - Director's Corner
    6. Staff reports and updates
    7. LC reports and updates
    8. Call for Tweet-worthy items to feed (@KantaraNews or #kantara)
  2. Discussion
    1. Discussion of NIST SP 800-63A
    2. IAWG Leadership Elections

 Attendees

Link to IAWG Roster

As of 2017-01-12, quorum is 4 of 7

Use the Info box below to record the meeting quorum status

Meeting did achieve quorum

 

 

Voting

  • Andrew Hughes (VC)
  • Scott Shorter (S)
  • Ken Dagg (C)
  • Richard Wilsher (Delegated by Lee Aber to represent ID.me)

Non-Voting

  • Ken Crowl
  • Russ Weiser

Staff

  •  Ruth Puente

Apologies

  • None

Notes & Minutes

Administration 

Minutes Approval

Motion to approve minutes of 2017-02-23:  Ken Crowl
Seconded:  RGW
Discussion: 
Motion Carried

Action Item Review

  •  

Staff Updates

  • Directors meeting at RSA, a number of folks were present remotely or in person. Full day and board meeting, devoted to strategy for 2017. Voted a new mission statement.  There will be a new slide deck coming out for folks who want to represent KI.
  • Voted in a refreshed IPR, public review for transparency, board of directors will vote it through.
  • Colin has been at a KYC conference in London - insightful in a number of ways.
LC Updates
  •  
Participant updates
  •  

Discussion

NIST SP 800-63A Discussion

Ken mentions that Experian has submitted their concerns.

Richard mentioned that NIST has effectively taken away AL2.

Discussion of the fact that there are no mechanisms for validating drivers license, although AAMVA would like to be in that business.

Right now the only viable implementations are PKI or self-assertion.

Russ has had discussion with someone at GSA has looked into expanding passport service to support this, but they run into funding problems for this.  Financial institutions will also have difficulty verifying those sources.  Would not be surprised if there was an order of magnitude increase in costs - negotiating individual contracts with different states for drivers license validation would expand costs considerably, even if it was possible. Will probably result in stagnating the online credential business, unless GSA were to step in and provide those services on behalf of the government (along the lines of the ACES program).

Ken mentions the concern from CSPs about the implementation roadmap for when the new changes will be required. Colin says discussions have not taken place, but NIST are aware of Kantara's view on that.

Richard Wilsher points out that the enrollment processes of most CSPs would need to be changed to meet the new standard, that will not be rapid. Furthermore the question from Kantara's perspective - how soon would Kantara be able to perform assessments?  Thirdly, what would Kantara do to set a deadline by which CSPs would be required to comply.

Ken asks whether existing credentials would need to be re-proofed. Russ Weiser has mentioned that customers will be unhappy about that. Customers are already asking what to do about the standard. Something like that could result in a years of delay while credentials are updated.

Richard inquires what will happen with the existing SAC aligned with 63-2 - would we continue it in parallel?  Would there be an overlap?  What about those who are not in the US who are approved against the current criteria.

Leadership Election

Will hold an e-ballot for the leadership team soon. 

AOB

No other business.

Attachments

 

 

Next Meeting - Topic will be 800-63B

  • Date: Thursday, 2017-03-09
  • Time: 12:00 PT | 15:00 ET
  • Time: 12:00 PDT | 15:00 EDT
  • United States Toll +1 (805) 309-2350
  • Alternate Toll +1 (714) 551-9842
    Skype: +99051000000481
    • Conference ID: 613-2898
  • International Dial-In Numbers