Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 16 Next »


Attendees

Voting participants: Mark King; Mark Hapner; Martin Smith; Ken Dagg; Richard Wilsher; Tom Jones

Non-voting participants: Manvendra Kumar; Sarah Chu; James Jung

Staff: Ruth Puente

Quorum: As of 2019-12-19, quorum is 3 of 5. There was quorum


Agenda
Administration:
a.Roll Call
b.Agenda Confirmation
c. Action Item Review: action item list
d. Minutes approval 2020-07-16 DRAFT Minutes
e. Staff reports and updates - Director's Corner and Keeping up with the Kantarians
f. LC reports and updates
g. Call for Tweet-worthy items to feed (@KantaraNews)

2. Discussion
a. Kantara comments on how SP 800-63-3 could be revised for NIST’s consideration in developing Revision 4 
b. Review and approve 63B_SAC at AAL3 and 63C_SAC at FAL3 criteria
c. Review and approve the revised Glossary & Overview
d. DIACC Request for Comment and IPR Review: PCTF Assessment & Infrastructure Draft Recommendations

3. AoB


Minutes Approval 

2020-07-16 Minutes were approved by motion. Moved: Mark Hapner Seconded: Martin Smith. Unanimous Approval.


LC Update

  • eGov WG, after performing lot of good work for Kantara has decided to self-shutdown given that it’s not active for a while and finding it hard to get members to attend; that vote has recently passed LC.
  • Mark Hapner reminded about the eIDAS Public Consultation. It was agreed that IAWG will be generating comments on it. Ken added that as the deadline for comments is October, the plan is to start the review at the end of August. Furthermore, it was requested to promote this review work on Kantara channels.
  • Tom shared a couple of standards that are being worked on at the OpenID and also in FIRE WG. The FIRE WG specification may result in the need for something like criteria for mobile apps at some point along distant future. 


Review and approve 63B_SAC at AAL3 and 63C_SAC at FAL3 criteria

AAL3

  • Richard explained that it was adopted the multiple parties practice from the FAL2 to work into the IAL and AAL SACs, in doing so we have pulled out those criteria which relates specifically to federal agencies or might also apply to RPs, in order to take the AAL criteria to their fullest implementation responding to absolutely normative criteria.
  • He has updated all the tags because it's a substantial change. There is a new contiguous set, and the old ones will be here at least for a year or so while we transition to the new ones.
  • Changes are in red text; there have been a few changes which have affected level 2 because we've been more inclusive this time with federal agencies. 
  • We have around 30 to 40 new discrete criteria of AAL3.
  • It was decided to defer the approval to the next week.



FAL3 

  • Basically, two criteria, one of them has three subparts.what this is requiring as a question of whether this is an accurate replication of essentially these criteria here, which you will find minimal change.

I will make this whole debate actually what we've done here. Is this shows the subscriber shall well, we don't assess subscribers, but we could assess an RP therefore. We would require the RP. To require the subject to prove possession Etc. And that's going to be the reason why we've made these changes.

Motion: IAWG to approve the FAL3 criteria as presented.

Moved: Mark King Seconded: Mark Hapner. Unanimous Approval.

The xAL3 SACs will go as a package for 45-day Public Comment and IPR Review.


in terms of the overall impact

The are there improvements or extensions? What what was the actual objective for the changes in general?

Honey, we have to go back to the nest requirement for that. Really I think and it's a question of demanding greater rigor or in some cases denying some of the authentication techniques that might be allowed at level 2 because they were not considered to be strong enough for level 3. So I mean all these cases As you move from one Assurance level to the next stronger higher level. It's all a question of removing weak Solutions and increasing the rigor


Kantara comments on how SP 800-63-3 could be revised for NIST’s consideration in developing Revision 4 


DIACC Request for Comment and IPR Review: PCTF Assessment & Infrastructure Draft Recommendations

  • Ken commented that the Digital Identification and Authentication Council of Canada (DIACC) have just released another two components of the Pan Canadian Trust Framework (PCTF) for review. The PCTF Assessment component establishes the certification scheme that verifies that a process, service, or product conforms with PCTF criteria. The PCTF Infrastructure (Technology and Operations) component identifies the policies, plans, technology and technology operations required to implement the principles of the PCTF Profiles in the context of a Digital Identity Ecosystem. It also identifies the criteria that will be used assess that a service’s technology and operations meet those requirements. At the 2020-07-30 meeting, Ken will ask IAWG if we wish to develop comments to submit to DIACC.  Link to DIACC request for comments: https://diacc.ca/2020/07/20/assessment-infrastructure-technology-operations-draft-recommendations/


Review and approve the revised Glossary & Overview

Revised Glossary & Overview




  • No labels