2024-02-08 Minutes

Owned by Amanda, created
Last updated: Feb 27, 2024
3 min read

Meeting status metadata

Quorum

not quorate

Notes-Status

approved

Approved-Link

2024-02-15 Minutes

The meeting status metadata table is used for summary reports - copy the status macros from the table in these instructions:

Quorum: quorate not quorate

Notes-Status: drafting Ready for review approved

Approved-Link: Insert a link to the Meeting Notes page holding the approval decision for this notes page

 

Agenda

  1. Administration:

  2.  Actions:

    • Address of Record Position:

      • Obtain approval before sending to ARB

    • EU-US TTC WG-1 Digital Identity Mapping Exercise Report; feedback due 11:59PM ET, February 29, 2024

      • Gather comments/feedback before final consolidation of comments on 2.15.2024 prior to deadline

  3. Discussion:  

  1. Any Other Business

Group reminder: February 22,EU-US TTC WG-1 (Working Group 1) Webinar: Unpacking the Digital Identity Mapping Results (registration details coming soon - please check back).

 Attendees

 

Voting participants - Andrew Hughes, Yehoshua Silberstein, Richard Wilsher, Jimmy Jung

Non-Voting Participants - Eric Thompson, Tim Anderson

Guests -

Staff - Amanda Gay, Kay Chopard

Quorum determination

Meeting is quorate when 50% + 1 of voting participants attend

There are <<9>> voters as of <<2024-02-08>>

Approval of Prior Minutes

Motion to approve meeting minutes listed below:

Moved by:

Seconded by:

Link to draft minutes and outcome

Discussion

Link to draft minutes and outcome

Discussion

2024-02-01 Minutes

 

 Discussion topics

Time

Item

Presenter

Notes

Time

Item

Presenter

Notes

 

Kantara Updates

Andrew/Kay

Kay was approached by an Australian company, a small-start up with constrained resources, that is interested in working with Kantara/IAWG to write-up a trust framework for digital identity.  Calls are getting set-up and if all is well, we will invite them to present to IAWG.

 

IAWG Actions/Reminders/Updates

Andrew Hughes

  • Address of Record Position:

    • Reviewed final adjustments and sentences, in preparation to send to ARB.

    • ACTION:  Amanda to finalize edits/adjustments,  add to ARB’s February 12th agenda, and circulate the AoR Position with meeting reminders.

  • EU-US TTC WG-1 Digital Identity Mapping Exercise Report; feedback due 11:59PM ET, February 29, 2024

    • Reminder: Gather comments/feedback by 2.15.2024 for a discussion before final consolidation of comments on 2.22.2024 prior to deadline

 

Interpretation of Criteria

Richard

  • Interpretation of criteria 

    • Primary Q: Do we agree that multifactor authentication is authentication where there is more than 1 single factor, irrespective of whether the authentication factors are single or multi-types?

      1. Andrew/Yehoshua offered some criteria adjustments, which is generally accepted with some language tweaking in order to provide clarity regarding the factors, binding, and consistency with other documentation.  General agreement that if there are 2+ factors, it is multi-factor authentication, irrespective of how they are packaged.

      2. ACTION: Yehoshua to draft proposed text for February 15 discussion.

    • Primary Q: Can a CSP offer superior evidence as long as it is verified or validated to a superior level in an unsupervised proofing flow??

      1. NIST tables imply supervision, Richard’s thinking is that you then can not use superior evidence in an unsupervised proofing flow.

      2. Eric offers an example regarding a chipped passport (used to get superior evidence) and the appropriate technology determines it is genuine.  No supervision is involved, as images are used.

      3. Key questions around “supervision”: Does trained personnel mean onsite supervision?  Do trained personnel review the evidence AND make independent judgments? Can it be asynchronous?

        1. Review August 24th Minutes (Discussion and suggestions, but no actual changes made)

        2. Yehoshua: It seems that both technologies and people are needed, so you can’t have a fully automated superior validation (irrespective of “trained personnel”).  This concurs with Richard’s perspective that it’s not an unsupervised process simply because “unsupervised” means there are no personnel involved on the part of the service provider. Because a person needs to be involved, it isn’t possible to have a fully automated process approved.

        3. 2 options in “Strong” are similar, the third one is different.  Provider tried to combine these in an attempt to enhance rigor, but it doesn’t fully work.

        4. No decision or conclusion, continue next meeting. 

 Open Action items

Amanda: Finalize edits/adjustments,  add to ARB’s February 12th agenda, and circulate the AoR Position with meeting reminders.
Yehoshua to draft proposed text regarding the first criteria (multi-factor authentication)for February 15 discussion.

Action items may be created inline on any page. This block shows all open action items from all meeting notes.

 

 Decisions