Attendees:
Voting Participants: Andrew Hughes [Ping], Denny Prvu [RBC], Mark King, Richard Wilsher [Zygma], Jimmy Jung [Slandala], Mark Hapner, Martin Smith
Other Participants: Jazzmin Dowtin [IDEMIA], Mike Magrath [Easy Dynamics]
Staff: Lynzie Adams, Kay Chopard
Proposed Agenda
Administration:
Roll call, determination of quorum
Minutes approval
Kantara updates
Assurance updates
Discussion:
800-63-3 Criteria Issues to Resolve - numerous concerns have been brought up over several months and need to be discussed and likely updated.
IAWG Submitted Comments: NIST IAM Roadmap Update
KIAF 1050 - Glossary and Overview - eballot open for voting members until 6/27
Any Other Business
Meeting Notes
Discussion:
IAWG Chair Andrew Hughes called the meeting to order. Roll was called. Meeting was quorate.
Minutes Approval
Andrew Hughes moved to approve the draft minutes from the May 25th IAWG meeting. Martin Smith seconded the motion. Motion carried with no objections.
Kantara Updates
Kay shared some updates on the recent conferences. Jimmy shared positive words from GSA about Kantara.
Kay shared that Kantara is working with GTRI about automating our Trust Status List and Service Assessment Criteria spreadsheets to make the process less laborious on vendors and other looking for service specifics. OSCAL was considered as well, but the work from GTRI has already started. Updates on timelines will be coming in the near future.
Assurance Updates
The ARB recently approved a new version of our Service Approval Handbook. It’s been sent out to all accredited assessors and CSPs. It’s available to download on the website. Lynzie is preparing a redline version for assessors, in addition to anyone else, to see where the updates occurred.
Since our last meeting we have four new Registered Applicants in the Assurance Program - Notarize, NextGenID, AU10TIX, and Clear. It’s been a huge first half of the year with 7 new applications! Martin asked if there was any insight on where, as a group, the applicants are coming from. It varies - some are being pushed by healthcare, one is pursuing our first IAL3, another is looking for US & UK approvals. Mike mentioned that Notarize is likely being responsive to by a law in New York State that was passed in the spring. There are others in the pipeline. The law is vague - and it’s not mandated - but there is reference to IAL2.
Andrew noted that we should highlight this to Karyn for broader industry awareness - potentially including Mike’s blog (New York Swung and Missed in Regulating Identity Proofing for Remote Online Notarization (RON) - Kuma) currently posted on Kuma’s website as a starting point. Anywhere we find a law/regulation that tells the market to get certified, we should be highlighting and in all of our materials. That is a motivation to come to the assurance program! Martin reiterated Kay’s GSA discussions - that procurement people are great folks to speak with on that front!
800-63-3 Criteria Issues
NIST IAM Roadmap Comments
Due to IAWG being cancelled the previous two weeks, comments had to be submitted prior to additional conversation within the group. Lynzie and Denny worked to compile the submitted comments and submit on behalf of Kantara IAWG. The submitted comments can be read here.
KIAF1050 - Glossary and Overview
An eballot was sent to voting members to process the approval. The eballot closes on Tuesday June 27. Results here.
Any Other Business
Andrew is trying to start a start up a new discussion group to look at deep fakes, AI, and threats/risks to identity verification services specifically because many of Kantara’s constituents are ID proofing constituents. Ping’s CEO has pushed this as a hot topic - is there actually a new threat or is it just hype? Andrew will be circulating a charter proposal that will come to this group for comments, feedback, interest. Current thinking seems to be leaning toward synthetic humans as an attack factor for voice, video and text ID verification services. Specifically narrow. What are the actual threats? What are we seeing? As a buyer, what do you have know/ask? Martin likes the idea.