2019-03-13 TFS Sync Meeting Notes
Attendees
Scott Shorter, IAWG Vice-Chair
Matt King, SAFE BioPharma
David Simonetti, SAFE BioPharma
JJ Harkema, Experian
Colin Wallis, KI
Ruth Puente, KI
Follow up of actions items
Discussing the Survey about adoption of 800-63-3
Questions, mechanisms and audience of the survey were discussed.
- Would the CSPs fill out the survey or send it to their customers?
- Matt suggested including more questions, such as, what is the value that you see in the certified services that we provide to you? In other words, if the CSP sends the survey to its customers, what is the value that customers see in getting a credential from the CSP that has been issued in accordance with standards that align with 800-63-3?
- Matt said that it would be great if the CSPs help us to understand what are the motivations that their customers have for coming to them for certified credentials; and what trends they might be seeing in that space. Is it increasing?
- Matt recommended to use plain language. Therefore, instead of asking to a business person, why do you want to conform with 800-63-3? to question, are you using digital credentials that align with the US government standards?
- Matt added that it would be also interesting to know how the CSPs customers pay for the identity proofing service, if there are premium rates for the certified service.
- Colin cited Tom´s comments from last meeting, where he stressed that the main reason for the adoption would be that the CSPs customers (Federal Agencies) might require 800-63-3.
- Colin affirmed that the most valuable information would be to get responses from end customers. He asked if we should send it to other Trust Frameworks.
- Matt commented that the primarily idea would be to send the survey to all the CSPs and IdPs certified by Kantara, Incommon and SAFE and to get their answers as it is much easier to do that; instead of asking them to survey their customers, there might be legal or business issues requiring them to do that. He believes it is important to understand who the audience is and what information we will get out of it.
- It was agreed to reword the questions of the survey on the basis that initially the first phase of the process would involve certified CSPs and IdPs by Kantara, SAFE and Incommon.
Kantara IAWG Report provided by Scott Shorter
- Updating the Kantara Identity Assurance Framework Overview and Glossary documents.
- They are planning to send recommendations to NIST from two memos containing implementation guidance with respect to interpreting the NIST 800-63-3 requirements at AL2.
- DIACC has asked Kantara to review and comment on the Pan Canadian Trust Framework, so the IAWG is gathering comments to provide to DIACC by March 15th.
SAFE BioPharma report provided by Matt King
- The Federal PKI Authority WG has been reviewing the policy, purpose and scope, and it was referenced the TFS Program. During the last meeting, SAFE wanted to know who the responsible for the TFS Program is; accordingly, the GSA representative answer suggested that the government does not want to take a position on the TFS Program. Moreover, it was commented that it seems that FPKI has been facing challenges with the funding and budget.
Action items
- To reword the questions of the survey before the next TFS Sync call on April 10th.