2017-02- 08 Draft Meeting Notes

TFS Monthly Sync – Draft Meeting Notes

Wednesday, February 8, 2017

 

Attendees

 

Brian Dilley, Verizon

Andrew H., AYIN International

LaChelle LeVan, FICAM

Peter Alterman, SAFE Biopharma

Ken Crowl, Experian

Scott Shorter, KUMA

Paul Grassi, NIST

Lee Aber, ID.me

Nandini Diamond, FICAM

Matthew, FICAM

Colin Wallis, KI

Russ Weiser, Synchronoss

Ken Dagg, Chair of KI IAWG

Ruth Puente, KI

 

 

KI IAWG Update

  • Finalizing comments on NISTIR 8149, Developing Trust Frameworks to Support Identity Federations.
  • Gathering comments on 800-63-3
  • Reviewing the charter.

 

FICAM and NIST Update

  •  Webinar about the status of 800-63-3, February 7, 2017.
  • Currently working to update the standard operating procedures. They aim to add simplification, clarity and consistency of the language for easy adoption. Incorporation of plain language and combined terminology, so the community readers can find a high level guide on how to establish trust among frameworks and with the federal government.
  • 800-63-3 Implementation timeframe: 1 year for agencies to comply with 800-63-3.

 

Comments from the industry

  • Big concern on the short timeframe for implementation of 800-63-3.  
  • Technical challenges of: document verification requirement for every remote identity proofing transaction and requiring validations using the “issuing source”.
  • Once you have the new factors and the componentization in place, how we will use it? How to express those factors in a transactional fashion so the party on the other side can receive that particular set of metadata?  NIST clarified that 800-63C addresses the assertion requirements, and includes the attributes that should be in the assertion (the text has a SHOULD, but could be a SHALL).  IGov profile – not decided if it will be conveyed in the VoT style and every organization internationally will need to map their individual assurance levels into what VoT says, or we will have an international government specific set of attributes. Discovery mechanism will include this metadata: the value of VoT, Identity providers convey during the discovery phase what they actually support.
  • Due to healthcare providers questions, one of the KI CSPs suggested to discuss and get guidance on as to how the DHS “RealID DMV Compliance List” will affect FICAM and all the CSPs. Given the DHS is not going to allow certain State drivers licenses as valid travel documents. Does this impact accepted Drivers Licenses from these states in ID verification  for credentialling under FICAM? How will this be managed? What are the timeframes that they would affect ID verification? Does this also affect other programs on a broader Basis e.g. PIV PIVI etc. ?  https://www.yahoo.com/travel/video-driver-licenses-nine-states-191632170.html FICAM commented that this has a very long history, there has been a 8 year effort, managed out of DHS / SCO  and would touch on what exactly this would mean for our identity proofing government wide. FICAM does not have a written position on this, they will need to work with DHS and NIST to analyze the clauses. 



Action items

 

  • TFPs to set up a meeting to discuss the short timeframe of 800-63-3 implementation.