2021-10-05 Meeting notes
Date
Attendees
Bev Corwin
- Salvatore D'Agostino (Unlicensed)
Guest: Former user (Deleted)
Regrets:
- Mary Hodder
- Catherine Schulten
Goals
- Decide: Should we engage FTC with our ONC work?
- Determine: Is there a Zero Trust Framework at Kantara? Should we work on one?
- Discuss: How would an end user get data out of a Digital Wallet? Credential?
Meeting commenced at 1pm EDT
Discussion items
Time | Item | Who | Notes |
---|---|---|---|
25min | FTC | 1) Our ONC submittal pairing with FTC?... lets engage them! jim spoke with Kat who has a contact at FTC ONC is “frustrated” because they aren’t used to partnering with other agencies. It may be worth exploring how to engage FTC with our ONC work. FTC model is not based on Zero Trust. No definition of “compliance with the FTC rule”. Talking about criteria may get them interested in working with us.. EO assigns some work to three agencies. NIST, Commerce involved. FTC and a communications are part of Commerce. Align with zero trust. Kay is working on a contact at the FTC. FTC involved in healthcare devices, communication of PHI. CURES Act says patient has the right to access and share their data not covered by HIPPA. FTC voted to enforce CURES Act. Tom: Could be just sharing the proposal with FTC to see if they would fund it. FIRE WG proposed one of two things: create list of criteria for establishing the fines and/or trust framework Andrew: Is there a way to test our assumptions that FTC would be receptive? Jeff: would they accept a service provider who used our criteria (Kantara requirements) Andrew: Has ONC responded to our letter? Jim: Not yet. Plans to make an introduction with Micky Tripathi and Kay. We have a connection with Micky. He knows our work. Catherine and Carmen at ONC are also well acquainted. Sal: can we contact to FTC referencing the recent announcement? Andrew doesn’t think so. He suspects they already have lawyers working on the criteria. Andrew suggests finding policy orgs who work with FTC. Vision of Privacy and Identity Protection. https://www.ftc.gov/about-ftc/bureaus-offices/bureau-consumer-protection/our-divisions/division-privacy-and-identity Right now only GSA is a member of Kantara (they have a need for our assurance project) Other gov: NZ, Australia, parts of UK are “almost members” and Indirectly with Canada and others through consultants. Kantara Europe is domiciled in Estonia but we don’t have govt members in EU. Bev: Daza Greenwood has some connections with FTC. | |
25min | TrustFramework | 2) Is there a functional Trust Framework? Show me! Looking at who end user (who is the perimeter) goes to for trust? Zero Trust is a Common thread among all of these items. Andrew: Zero Trust doesn’t have to do with people. It is about the underlying technology. Tom says before anyone makes the connection, the site accessing the data should be made known to the user. A primary goal is to make sure the website is identified to the user, similar to mDL. | |
10min | Digital Wallet credential | 3) Digital Wallet, how does a user extract or show a smart document? what a response might entail: (Zero Trust?) - https://tcwiki.azurewebsites.net/index.php?title=Presentation_from_a_Wallet if you have a wallet and go to a relying party, one of the things they will ask for is a mDL. Federation could work as away for wallets and RPs to come to an common agreement about what they share. So how do you make a presentation to a requesting entity and how does the wallet answer back? Microsoft is working on it. Should Kantara have an opinion about it. If Kantara is t interested, Tom will work with Microsoft on it. Andrew: SC17 and OpenID foundation are discussing this. Tom: we would be creating profiles. Andrew: How is this different from Privacy EMC? Tom is also working with them as an editor on this. But they aren’t working on interoperability. Tom can also reach out to FTC in coordination with Jim Kragh and Kay Chopard . |
Meeting adjourned at 2:05pm EDT
Action items
- Jim Kragh will follow up with Kay Chopard Re Intro to FTC. Tom Jones to align his inquiry about the Wallet with that introduction
- Jim Kragh follow up with ONC about our proposal.