Attendees
Voting Participants: Ken Dagg; Mark Hapner; Martin Smith
Invited guests: Barry Hieb, HIAWG.
Staff: Colin Wallis and Ruth Puente
Quorum: As of 2019-12-19, quorum is 3 of 5. There was quorum
Agenda
1.Administration:
- Roll Call
- Agenda Confirmation
- Minutes approval 2020-03-19 Draft Minutes
- Action Item Review: action item list
- Staff reports and updates - Keeping up with Kantara March 2020and February Director's Corner
- LC reports and updates
- Call for Tweet-worthy items to feed (@KantaraNews)
2.Discussion: Discuss Initial Comments on PCTF Verified Person, Privacy, and Glossary - Please see Ken's comments for these three PCTF Components attached.
3.Any Other Business
Minutes Approval
2020-03-19 Minutes were approved by motion. Martin moved and Ken seconded. Unanimous approval.
Motion to approve minor change on OP-SAC
- Ken remarked that the proposed revision arises from the ARB’s concerns during review of CSP applications for Approval that phishing was not being adequately addressed. After considering this comment the IAWG has agreed the revision of the OP-SAC in principle on 2020-02-20.
Ken said that he has discussed the text with Richard and the revised OP-SAC was sent to the IAWG and ARB. Ruth added that given that the ARB agreed on the change, it might be a good opportunity to make a motion to approve the proposed text.
- It was said that the modification affects ALx_CM_CTR#020 at ALs 2, 3 and 4. Please see Kantara IAF-1420 Operational -63r2 Service Assessment Criteria v1.0.1.docx It was added that that no change is justified at AL1 since only from AL2 is the extended list of threats introduced (modelled directly from NIST SP 800-63 rev.2). Richard has modelled the revised text on that used for other sub-criteria in the cited criterion, and also allowed for ‘other fraudulent threats’, rather than phishing exclusively. It was pointed out that during the previous IAWG meetings the group was a little uncomfortable with going too far in including this specific threat type, but the fact that the criterion at AL3 and 4 also includes the caveat “The above list shall not be considered to be a complete list of threats to be addressed by the risk assessment”, this should allay those concerns.
- Motion: To approve the proposed revision to OP-SAC ALx_CM_CTR#020. Moved: Martin Seconded: Ken. Unanimous approval.
- Action item: Ken to notify the LC about this minor change.
Updates
- Colin mentioned that the whitepaper on mDL was released, a collaborative effort but co-ordinated by STA. Kantara is referenced significantly: https://www.securetechalliance.org/publications-the-mobile-drivers-license-mdl-and-ecosystem/
- Matt Thompson, ID.me is the new President
Discuss Initial Comments on PCTF Verified Person, Privacy, and Glossary
- Ken shared the inconsistencies found in the 3 documents and explained the relevant ones from the comment sheets he has provided beforehand:
- Bary pointed out that a diagram was missing to show relationship and differences between "subject", "user" and...