2024-04-03 Meeting notes

Chaudhury, Atef

Jones, Thomas

Y

Krishnaraj, Venkat

Thoma, Andreas

Y

Wunderlich, John

Y

Williams, Christopher

Y

Auld, Lorrayne

Aronson Mark

Balfanz, Dirk

Brudnicki, David

D'Agostino, Salvatore

Y

Davis, Peter

Dowtin, Jazzmine

Y

Dutta, Tim

Flanagan, Heather

Fleenor, Judith

Glasscock, Amy

Graaf, Irene

Gropper, Adrian

Hodges, Gail

Hughes, Andrew

Jordaan, Loffie

Y

LeVasseur, Lisa

Lopez, Cristina Timon

Pasquale, Jim

Y

Snell, Oliver

Stowell, Therese

Sutor, Hannah

Tamanini, Greg

Vachino, Maria

Whysel, Noreen

5 min.

• Start the meeting.

• Call to order

• Approve minutes

• Approve agenda

@John Wunderlich

Called to order: 14:03

Quorum reached: Yes

Minutes to approve: Yes

Open Tasks Review

All

Link to Recommendations (Commenter Link): Recommendations for Privacy Enhancing Mobile Credentials

Kantara Nano-Visions Exercise

@John Wunderlich

Eve Mahler has been leading the Kantara board through a nano-visions exercise, and they are looking to gather input from each group for discussion on the next Leadership Council Monthly call. @John Wunderlich will share the deck from Eve and then the group is asked to brainstorm a response.

Discussion on Requirements

@John Wunderlich

Raised a question on the relationship between the trust failures in the environment and the device binding. John reads that to be the difference between technical trust and human trust.

Board is looking to understand the beliefs of the PEMC work group and what is the evidences that substantiates the beliefs.

What is the intention of the products of the workgroup? Requirements, Compliance testing, a Standard?

In the context of mobile credentials, the WG was highlighting the risks to privacy in a mobile credential context. The first phase was scoping and now the efforts are focused on the development of the requirements.

Evidence of empowering people to make risk decisions: PEMC is developing a mobile credential privacy trust mark to benefit both individuals and organization in the ecosystem to convey trust framework during mobile credential transactions.

Context of location doesn’t inherently reflect the nature of the transaction or the data use. Additional requirements (UI, trust marks, organization policy, etc.) are needed to develop trust the mobile credential ecosystem.

Group raised questions about third nano-vision, recommend a clarification of nano-vision. From an organizational perspective the depth of experience does not necessarily impact simplification of the assurance.

Group raised the fact that there are multiple links to establish assurance in a transaction. For in-person presentations the binding is well solved by current methods. Additionally, there are other missing links in addition to the human-to-digital binding in online transactions.

1.4 Selected Data Release (Providers)

All

Remains under review.

AAMVA is having an on-going discussion with solution providers regarding selective data release. Considerations for the choice is unintended release of information, user friction.

Sensible to consider a blanket yes/no if provider can verify the minimum requested information is requested.

Tom: Providers should be given results and not a list of instructions.

Loffie: Very important to have a level of trust in the relying party when data is requested.

@John to add a note to description on trust mark exception. Modification of the statement is necessary to build an exception

Start Section 2 Review

All

John presented a first draft of the framing context for Section 2. Put to the group for comment

14:57

Adjourn