2022-03-17 Minutes
Attendees:
Voting Participants: Ken Dagg, Martin Smith, Mark Hapner, Jimmy Jung, Richard Wilsher, Maria Vachino
Staff: Lynzie Adams, Kay Chopard
Proposed Agenda
- Administration:
- Roll call, determination of quorum
- Agenda confirmation
- Minutes approval - 2022-02-10 DRAFT Minutes
- Staff reports and updates
- Discussion:
- 63a Updates
- Any Other Business and Next Meeting Date
Meeting Notes
Administrative Items:
IAWG Chair Ken Dagg called the meeting to order. Roll was called. Meeting was quorate. Distributed agenda was confirmed.
Minutes approval: Martin Smith motioned to approve the draft minutes from the February 10 IAWG meeting. Mark Hapner seconded the motion. The minutes, as distributed, were approved unanimously.
Staff Reports and Updates:
The Assurance Program continues to thrive. GakuNin, Experian, and ID.me have all been Approved since the last IAWG meeting
Kantara has a new administrative assistant, Kimberly Miller. You may see emails coming from her going forward.
There is no news on the UK pilot program. Kantara was accepted and Kay has one-on-one calls with UKAS and DCMS next week. They will discuss next steps, process, and timelines then.
Discussion:
63a Updates
Richard raised that there are some CO_SAC and OP_SAC updates that also need addressed. These will be revisited after we complete the 63a updates.
Discussion started with 63a#0040 – suggests using “applicant/ service consumer” in the criteria and provide a definition of that term in the guidance (or somewhere). Refer to the original tag each time the guidance is used in later criteria. It was agreed this is a good path forward.
- Question - Does it address the allocation of responsibility for carrying something out? Is it clear enough on who’s responsibility everything is?
- We could explain that further in the guidance if needed. Trying to keep the criteria itself as concise as possible.
Applicant/ Service Consumer is also used in 63a#0060 and 63a#0062.
- Challenge with the term with these criteria is that it implies a communication from the service provider. It’s not the applicant/service consumer. It’s the full service communicating with the component service. It is implied that must take place.
- If the bottom-up communication channels are there, we are good. We do not need to worry about the top-down communication. It was agreed this criteria will work with the new term.
Applicant/ Service Consumer is also used in 63#0080 d), 63a#130 b); 63a#0180; 63a #0350 – changing user to 'applicant/ service consumer' makes the criteria clearer. Group agreed.
63a#0300 – It was decided not to change this one. You would not send an enrollment code to a service consumer. 63a#0570 was determined to also be left alone.
Discussion around 63a#0520. ARB brought up that this entire section (5.3.3.2) is actually IAL3 and not IAL2 due to the requirement for supervised remote proofing to take place on specialized equipment. Kantara criteria imposes a greater burden at IAL2 than the NIST documents require. Group discussed this and believes it will need additional thought on revision and/or way to address.
- Jimmy believes there needs to be criteria for in-person at IAL2 that will not be as stringent. This will need to be brought up in our rev. 4 comments.
That concluded the 63a edits from Richard. The group agreed to use 'Applicant/Consumer Service' and refer people to the guidance at each place the change was made. Additionally, a definition for proofing supervisor is needed in 5.3.3.2.
Next Meeting:
March 24 @ 1pm ET to look at the OP_SAC and CO_SAC updates.