2021-05-18 Meeting notes

  • Date

Attendees

Agenda

  • EO Response
  • Mobile Drivers License
  • ONC Grant

Discussion items

TimeItemWhoNotes
EO

Planning to respond to the EO per the email Tom shared May 17 to the FIRE-WG list if approval is received from Colin. 

5 FIRE-WG members, Tom Jones, Jeff Brennan, Noreen Whysel, Bev Corwin and Jim Kragh voted via email to respond as Kantara, constituting a quorum. No response: Sal D'Agostino, Catherine Schulten, Mary Hodder.

Tom's email:

we have only a few days to respond to this request - and i would like to do so.
At the least we need to explain that we have proposed some parts of this already for ONC and have a proposal in the works.
https://www.nist.gov/itl/software-supply-chain-executive-order/workshop-and-call-position-papers

One interesting question is whether patient interactions with their physician should be considered critical.  As a patient I would think so but
would like to hear other thoughts on that issue. (A related issue is the First Net Is emergency medicine critical?)

The question is whether Kantara is sufficiently nimble to respond in a few days or if I need to make the response on my own? Clearly it would be
better from Kantara.

Colin's email:

Greetings folks

Tom shared the link to the early start on the HIAWG.

There's some interest from the IAWG (and possibly the PImDL DG once the Report is finished) in developing a Kantara-wide response. 

In both cases that is not to all questions - most likely 2,3,6 and 15.. possibly one or 2 others.

Would the FIRE WG object to the sharing of the link to the other Groups and engage in joint discussion on it?

Kind regards

Colin 


Mobile Drivers Licence

Time to revisit the most current revision to the  Mobile Driver's License Criteria,again thanks to Tom's effort
https://wiki.idesg.org/wiki/index.php/Mobile_Driver%27s_License_Criteria

US Office of Strategy, Policy and Planns, of the Department of Homeland Security (DHS) has issued a RFC

We discussed Security and Privacy.

Vulnerabilities:

  • Trust registry: feature to detect, deter and mitigate risk - test wallets - trust registry for wallet, reader and issuer
  • Threat vectors: attacker has smart phone under their control, no trust 
  • Physical security : require proximity and user gesture from phone (BLE Bluetooth Low Energy is not sufficient)


Privacy:

  • PII Always encrypted


Industry Standards

  • Proof of human presence: level of liveness 


ISO 18013-5 Interface to Feds

  • current standards don’t include all necessary components, proof of presence, for example
  • Jim Kragh to address interface with FirstNet.


ISO 18013-3 interface between DMV and mDL

  • Tom working with Tony Nedowan (sp?)


Provisioning

  • addressing in-person provisioning will be costly
  • Feds should have a hotline


Storage of other things on device

  • should they be part of the mDL or a separate document? (other groups would work on that)

Data Freshness: no discussion

IT Security Infrastructure

trustregistry.org included in this

Alternative IT Security Solutions


ONC GrantUpdate on ONC submittal; may need to update with an insertion ref vulnerable populations 




Action items

  •