TFS Monthly Sync – Draft Meeting Notes
Wednesday, February 8, 2017
Attendees
Brian Dilley, Verizon
Andrew H., AYIN International
LaChelle LeVan, FICAM
Peter Alterman, SAFE Biopharma
Ken Crowl, Experian
Scott Shorter, KUMA
Paul Grassi, NIST
Lee Aber, ID.me
Nandini Diamond, FICAM
Matthew, FICAM
Colin Wallis, KI
Russ Weiser, Synchronoss
Ken Dagg, Chair of KI IAWG
Ruth Puente, KI
KI IAWG Update
- Finalizing comments on NISTIR 8149, Developing Trust Frameworks to Support Identity Federations.
- Gathering comments on 800-63-3
- Reviewing the charter.
FICAM and NIST Update
- Webinar about the status of 800-63-3, February 7, 2017.
- Currently working to update the standard operating procedures.
-They aim to add simplification, clarity and consistency of the language for easy adoption.
-Incorporation of plain language and combined terminology, so the community readers can find a high level guide on how to establish trust among frameworks and with the federal government.
- 800-63-3 Implementation timeframe: 1 year for agencies to comply with 800-63-3.
Comments from the industry
- Big concern on the short timeframe for implementation of 800-63-3.
- Technical challenges of: document verification requirement for every remote identity proofing transaction and requiring validations using the “issuing source”.
- Once you have the new factors and the componentization in place, how we will use it? How to express those factors in a transactional fashion so the party on the other side can receive that particular set of metadata? NIST clarified that 800-63C addresses the assertion requirements, and includes the attributes that should be in the assertion (the text has a SHOULD, but could be a SHALL). IGov profile – not decided if it will be conveyed in the VoT style and every organization internationally will need to map their individual assurance levels into what VoT says, or we will have an international government specific set of attributes. Discovery mechanism will include this metadata: the value of VoT, Identity providers convey during the discovery phase what they actually support.
Action items
- TFPs to set up a meeting to discuss the short timeframe of 800-63-3 implementation.