2024-02-15 Minutes

Owned by Amanda, created
Last updated: Oct 01, 2024
3 min read

Meeting status metadata

Quorum

quorate

Notes-Status

approved

Approved-Link

2024-02-22 Minutes

The meeting status metadata table is used for summary reports - copy the status macros from the table in these instructions:

Quorum: quorate not quorate

Notes-Status: drafting Ready for review approved

Approved-Link: Insert a link to the Meeting Notes page holding the approval decision for this notes page

 

Agenda

  1. Administration:

  2.  IAWG Actions/Reminders/Updates:

    • Address of Record Position:

      • Presented to ARB Monday, Feb 12

    • Group reminder: February 22, EU-US TTC WG-1 (Working Group 1) Webinar: Unpacking the Digital Identity Mapping Results (registration details coming soon - please check back). 

  3. Discussion:  

    • EU-US TTC WG-1 Digital Identity Mapping Exercise Report; feedback due 11:59PM ET, February 29, 2024

    • Richard Wilsher - Interpretation of criteria 

      • Review Yehoshua’s draft of criteria (first point regarding multi-factor authentication)

      • Continue discussion on second criteria question (superior evidence)

  4. Any Other Business

 Attendees

Voting participants - Richard Wilsher, Mark King, Mike Magrath, Yehoshua Silberstein, Jimmy Jung

Non-Voting Participants - Eric Thompson, Angela Ray, Jazzmine Downtin

Guests - Lisa Balzerit

Staff - Amanda Gay, Lynzie Adams, Kay Chopard

Quorum determination

Meeting is quorate when 50% + 1 of voting participants attend

There are <<9>> voters as of <<2024-02-15>>

Approval of Prior Minutes

Motion to approve meeting minutes listed below:

Moved by: Jimmy Jung

Seconded by: Mike Magrath

No objections, motion passes.

Link to draft minutes and outcome

Discussion

Link to draft minutes and outcome

Discussion

2024-02-01 Minutes DRAFT 

2024-02-08 Minutes DRAFT 

 

 Discussion topics

Time

Item

Presenter

Notes

Time

Item

Presenter

Notes

 

Kantara Updates

Kay

  • KI Strategic Business Planning for the next 3 years

  • Expect to be present at the usual conferences in the coming year

 

Assurance Updates

Lynzie

  • Company interested in FAL with 63 3, reengaging with assessor

  • Fair amount of new questions/people reaching out

 

  • Discussion:

    • EU-US TTC WG-1 Digital Identity Mapping Exercise Report; feedback due 11:59PM ET, February 29, 2024

Yehoshua

No feedback offered

 

Richard Wilsher

  • Review Yehoshua’s draft of criteria (first point regarding multi-factor authentication) - pushed to next week (2/22), per email

  • Continue discussion on second criteria question (superior evidence)

    1. Validation of superior evidence needs to be confirmed by personnel and training, therefore “unsupervised” is not possible

    2. Trained personnel does not equal supervised

    3. Per NIST 63A criteria, page 30; the process is not complete until someone reviews it online.  (3rd bullet -second session to conclude the process)

    4. Does this require both trained personnel and technologies? Revert back to the previously discussed combination of strong ‘OR’ options.  In other words, you have to do both? Richard/Eric concur.  

    5. Yehoshua: Trained personnel reviewing evidence doesn’t automatically mean unsupervised proofing and remote.  It’s more of a hybrid situation.

    6. Look at Table 5-2

      1. Strong criteria issues - There is a significant difference between choices 1 and 2, and choice 3.

      2. Trained personnel supplementing the appropriate technologies is not necessarily better than just appropriate technologies.

      3. This was done to allow for a slightly lower bar (if you can’t fully automate, you can supplement with trained personnel)

      4. This is difficult for assessors to utilize in terms of interpreting this description of superior evidence.

        1. Richard - If it is unsupervised, it should be complete in a single session or require an enrollment code if there is a break to ensure the correct person is coming.  The text seems to suggest that a second session is needed to bind everything back to the applicant (trained personnel may be a “backroom” activity after the unsupervised portion).

      5. Eric-references a chip in a passport, this is read in an unsupervised session, but is later confirmed by genuine trained personnel (a requirement that is not adding value)

      6. There’s a difference between trained personnel reviewing evidence and an operator that is supervising.  There is potentially no benefit with trained personnel supplementing the technologies to also review the evidence.  The last conformance criteria shows this with the allowance of trained personnel and appropriate technologies (if you can’t do it programmatically, you can have a person do it).  As it is written, it requires you to do both.

      7. Richard-The original proposition was to use a superior single piece of evidence in an unsupervised processed, and 63A, Table 5-2 does not seem to permit this.  The concern is that if there is an unsupervised process with a single piece of superior evidence, how does a trained person get involved?

    7. Richard notes that CSPs often employ comparable alternatives (accepted by ARB).  Should we make the comparable alternative criteria as part of the formal body of criteria? 

      1. Yehoshua-in our best interest to figure out how to make this happen to ensure consistency and transparency

      2. Action: Richard re-present comparable alternative criteria to IAWG with clean examples.

      3. Lynzie notes it is also time for a meeting with IAWG leadership, assessors, and the ARB, and this could be discussed there.

        1. Add to ARB/IAWG leadership/Assessor meeting agenda

 Open Action items

Richard: re-present comparable alternative criteria to IAWG with clean examples.

Action items may be created inline on any page. This block shows all open action items from all meeting notes.

 

 Decisions