2024-02-22 Minutes

1. https://kantara.atlassian.net/wiki/spaces/IAWG/pages/365723698/2024-02-15+DRAFT+Minutes

Kantara Updates

Kay/Andrew

• Ash Robert is helping significantly with the UK, uptick in business there.  Kantara also resubmitted  expression of interest to DSIT to continue as a certifying body.

• Subset of board still meeting for continued operational plan (adding schemes, work group support, etc)

  1. Challenge of not having a pipeline for potential WGs (important since WGs have a natural lifespan)

  2. Reinvigorating BoDLiaisons subcommittee to receive the flowof documents for ISO SC27 WG 5 which holds the identity assurance and authentication standards.  Any paying member of Kantara may join.

• EU-US TTC WG-1 Digital Identity Mapping Exercise Report; feedback due 11:59PM ET, February 29, 2024

Andrew

• Final opportunity for feedback, none provided by group.

• ACTION: Andrew will prepare a cover letter thanking them for the opportunity to provide feedback, and ship that off prior to deadline.  Will share the letter with IAWG after.

Interpretation of criteria

Richard Wilsher

• Review Yehoshua’s draft of criteria 

  1. Yehoshua-shifted and clarified some language with the basic premise being that if they lose their authenticators, they can either complete the full proofing process, or if the evidence was retained, they can complete the verification step.

  2. Does it matter if we say authentication v. MFA?  Will people who do MFA recognize this applies to them? Yehoshua assumes so, the point was to simplify.

  3. 1815-changed intro sentence and put the demand on the CSP by changing the language

     1. Mike’s question: “In addition to completing identity proofing”--lose 1, replace 1, buy a FIDO token, why go through proofing via IAL2?

        1. Yehoshua-only if they lose the ones necessary to complete authentication (so if they still have  enough to complete authentication, it’s OK)

     2. Goal of 1815–unable to authenticate, but there are still some authenticators left

     3. AHughes-every criterion has to stand alone.  1815 on its own is imprecise–need to add language to link to 1810-if you have to invoke 1810, then 1815 applies.

        1. Lynzie notes this type of change is not unprecedented.

           1. 63A language used when something was moved: (This source clause has been deliberately repositioned since it does not 'flow' with the other requirements in this section.)

  4. Richard requests to leave this open since Jimmy isn’t here. Richard would like to have Jimmy’s input.

  5. ACTION: Yehoshua/Staff circulate clean version to the list, add to next meeting for final discussion.

• Continue discussion on second criteria question (see Richard’s email on 2024.02.15 with proposed alternative criteria)

  1. This discussion is pushed to next week, Richard will provide an updated document for review.

  2. Andrew requests to do this criteria first.

  3. Where should alternative/comparable criteria go?  Should it be an accompanying Word doc withthe CoSAC and OpSAc, or absorbed into the SAH

     1. Yehoshua notes that adding it to guidance would allow IAWG to avoid creating more documents, however, a prominent document may be a better place in terms of visibility/usability.

     2. The group settles on a separate document and will submit with comments on rev. 4.