/
IAWG Off Cycle Meeting Notes - 2010-04-07

IAWG Off Cycle Meeting Notes - 2010-04-07

Apr 14, 2010

This is an off-cycle call and as such individual attendance does not count towards quorum. As such these notes will not be approved formally to Minutes but will remain as informal notes.

SCOPE – The framework is for international and non-government use as well as government use. Therefore cannot be driven solely by Federal government requirements but should take them into consideration.

  • GOAL: Focus on what is NOT being covered

    • Not defining the standard for breeder documents but rather a mapping.

    • Not doing cross jurisdiction mapping

  • We are attempting to establish proof of what?

    • 800-63 Identity proofing simply to prevent the theft of the credential

      • Value of having a name and address – to have a way (at least a starting point) to investigate that person in the event the person does something bad.

    • Attributes to provide to RP as part of registration process

  • We have to define the problem then define the scope.

    • The identity proofing tends to be CSP centric as opposed to RP centric

    • How identity proofing occurs at a specific level of assurance.

    • What’s currently in IAF is too 800-63 centric

    • Give that requirement a more concrete direction.

    • How do you define a trusted entity:

      • Notary public?

      • Utility bill?

  • Focus on the goals of 800-63 and not the details and define our goals and ensure they align with 800-63.

  • 800-63 drivers around identity proofing.

    • Someone in the world exists with that specific name (as verified by a picture document)

    • Some hope of trying to find that person if something goes wrong

Jurisdictions

  • What is sufficient to prove an identity at a particular assurance level across jurisdictions?

    • What we have today has a jurisdiction implied because we have government issued IDs however should it be?

  • Better to discuss the steps and processes to verify the individual’s identity instead of the credibility of the jurisdiction or documents.

Credibility

  • In addition to levels of assurance we’ll end up having levels of credibility of the documents used to generate the identity.

    • The acceptance of that will be dependent upon the Relying Party.

  • The CSP publishes the criteria that they use for issuance of credentials and the RP determines if they would choose to accept that.

  • Keep to a broad level and not specific to a jurisdiction.

  • What we’re looking to do in the identity proofing is to define with more clarity the trust characteristics of a document that a CSP uses to provide credentials at specific assurance levels.

  • Might be helpful to develop jurisdiction based profiles.