Digital Identity Guidelines: Public Comment Period

January 30 - March 31, 2017

FIRST SESSION: IAWG started to discuss the latest NIST release of 800-63 on February 9, 2017.

Key discussion items Feb 9th:

Get comments in at least a week before March 31. Switching back to weekly meetings to accomplish that.
Comments regarding cost and impact of the changes in the CSPs.
Concern about implementation timeframe.
Kolin Whitley, Experian - ID proofing strategies were put in place as part of multiyear contracts, how might that impact the component given that the new guidelines are significantly different.
Russ Weiser, Zentry/Synchronoss - requirements for authoritative data sources, chasing identity documents to their source. The federal and state governments have failed to provide a verification service. TFS work on standard operating procedures, the implication was that there were changes underway to make things easier for agencies to understand. It's more unrealistic if agencies must grapple with new standard procedures from TFS at the same time that 800-63-3 hits.
One problem with 800-63 has been lack of flexibility in the face of considerable CSP innovation in how services are provided, we shouldn't try to stand in the way.
The simplification of the levels from 4 to 3 may have made it more difficult to obtain the levels. Removes the lower cost category and increased the cost to comply.
The different numbers of levels in different countries may result in interoperability issues between the jurisdictions.

SECOND SESSION:

February 23rd.