IAWG Off Cycle Meeting Notes - 2010-04-07

Owned by Former user (Deleted)
Last updated: Apr 14, 2010
2 min read

This is an off-cycle call and as such individual attendance does not count towards quorum. As such these notes will not be approved formally to Minutes but will remain as informal notes.

SCOPE – The framework is for international and non-government use as well as government use. Therefore cannot be driven solely by Federal government requirements but should take them into consideration.

  • GOAL: Focus on what is NOT being covered
    • Not defining the standard for breeder documents but rather a mapping.
    • Not doing cross jurisdiction mapping
  • We are attempting to establish proof of what?
    • 800-63 Identity proofing simply to prevent the theft of the credential
      • Value of having a name and address – to have a way (at least a starting point) to investigate that person in the event the person does something bad.
    • Attributes to provide to RP as part of registration process
  • We have to define the problem then define the scope.
    • The identity proofing tends to be CSP centric as opposed to RP centric
    • How identity proofing occurs at a specific level of assurance.
    • What’s currently in IAF is too 800-63 centric
    • Give that requirement a more concrete direction.
    • How do you define a trusted entity:
      • Notary public?
      • Utility bill?
  • Focus on the goals of 800-63 and not the details and define our goals and ensure they align with 800-63.
  • 800-63 drivers around identity proofing.
    • Someone in the world exists with that specific name (as verified by a picture document)
    • Some hope of trying to find that person if something goes wrong

Jurisdictions

  • What is sufficient to prove an identity at a particular assurance level across jurisdictions?
    • What we have today has a jurisdiction implied because we have government issued IDs however should it be?
  • Better to discuss the steps and processes to verify the individual’s identity instead of the credibility of the jurisdiction or documents.

Credibility

  • In addition to levels of assurance we’ll end up having levels of credibility of the documents used to generate the identity.
    • The acceptance of that will be dependent upon the Relying Party.
  • The CSP publishes the criteria that they use for issuance of credentials and the RP determines if they would choose to accept that.
  • Keep to a broad level and not specific to a jurisdiction.
  • What we’re looking to do in the identity proofing is to define with more clarity the trust characteristics of a document that a CSP uses to provide credentials at specific assurance levels.
  • Might be helpful to develop jurisdiction based profiles.