2019-03-07 Meeting Notes


Voting participants: Ken Dagg; Scott Shorter; Mark Hapner 

Non-voting participants: David Kelts

Staff: Colin and Ruth 

Quorum: 4 of 7.  

Agenda

  1. Administration:
    1. Roll Call
    2. Agenda Confirmation
    3. Minutes approval 2019-02-28 DRAFT Minutes
    4. Action Item Review: action item list
    5. Staff reports and updates -  Director´s Corner February 2019 
    6. LC reports and updates
    7. Call for Tweet-worthy items to feed (@KantaraNews or #kantara)
  2. Discussion

a. IAWG Comments on the Pan Canadian Trust Framework Model Overview (Attached). 

b. Criteria Guidance (Any participant suggestions for adding or enhancing guidance for understanding assessment criteria)

3. Any Other Business


Roll Call

  • Roll call was taken, noting that there was not quorum.

Minutes Approval 

  • The attendees noted the Minutes, but they could not be approved since the quorum was not reached.

Updates

  • Ken and Richard are still working on the Overview and Glossary.
  • Experian is the second approved CSP under 
  • Colin congratulated Scott for Excelsior Security Solutions Accreditation as a Kantara Assessor. 
  • IDVP DG report is almost complete to submit to ISO. 
  • Further information: Director´s Corner - February 2019

IAWG Comments on the Pan Canadian Trust Framework Model Overview 

Any Other Business

  • Colin commented that he will speak at the KNOW identity conference at the panel called "Mythbusters".
  • He presented the list of myths* (below) and asked the IAWG participants to choose their favorites, or add their favorite and a brief explanation to justify that choice/addition, and he would try to accommodate them in part of the panel.


*What myths are we trying to bust?

Terminology

  • Eligibility and Identity are interchangeable
  • Authentication is the same as identity assurance
    • Provision of biometric credentials is identity assurance
  • Certification and assurance are the same thing
  • Verification and Validation are the same things
  • Businesses have identities not identifiers (attributes)
  • KBVs are useless

Standards

  • Standards are not needed
  • Standards are too difficult
  • Specific elements not required (e.g. Activity history)
  • Standards need to define methods (biometric etc.) as opposed to outcomes
  • Standards only apply to public sector
  • Interoperability is not important

Schemes and regulations

  • The UK scheme (Verify) and the standards are the same thing
  • Verify is a failure (certification, assurance, standards are a success)
  • Standards are not helpful for AML and KYC at all

Relying Parties

  • Digital Identity sells itself (ignores RP requirements for efficiencies, channel shift, risk mitigation etc)
  • RPs need all the evidence attributes from the proofing
  • RP’s always need a high levels of assurance/having a lower level of assurance isn’t always a bad thing
  • The identity attributes cause matching issues in the RP
  • IDP success is unrelated to RP service design