Attendees
Scott Shorter, IAWG Vice-Chair
Colin Wallis, KI
Peter Alterman, SAFE BioPharma
Stuart Levy, TransUnion
Ann West, Incommon
Andrew Hughes, LC Chair
Ken Dagg, IAWG Chair
Matt King, SAFE BioPharma
Ruth Puente, KI
Incommon Update
- Focus on implementing the Baseline Expectations. Legal agreement and policy documents have changed.
- Started sending Monthly metadata health checks.
Kantara Update - Identity Assurance Working Group (IAWG)
- KI Service Assessment Criteria (SAC) to meet 800-63-3 requirements were approved by IAWG and are under All Member Ballot which closes on March 19th and will be published by March 21st.
- IAWG also approved the repackaging of the current SAC that enable part of it to be used with 800-63-3 SAC.
- Service Approval Handbook release with updated processes to reflect multiple classes of approval and in the assessment process it was added that minor discrepancies need to be resolved by the next Annual Conformity Review, otherwise they will become major non conformities.
SAFE BioPharma Update
- Completed 800-63-3 conformance profile and published it; copies of the procedures were sent to all the approved assessors.
- Integration effort with NH-ISAC continues.
- They are promoting the use of their standard through the healthcare community; looking for more use cases in the Healthcare space.
- It was raised the 'Patient identity proofing' question, which will be addressed in a future call.
NIST and GSA Update
- GSA informed KI that Nandini Diamond has left the FICAM Program area but no new representative was confirmed for the TFS Sync.
- NIST: Naomi Lefkovitz will join the next TFS calls replacing Paul Grassi. She commented to Colin that the contractors are working on the identity evidence list and want to avoid duplication so she shared the work they have done so far.
Scott: strength of evidence Table 5.1; 5.2 and 5.3 should be addresses in the same format.
We’re also doing work in b and c below, so we should sync up on that as well.
Scope of work: B and C They are on the list but not yet.
NIST spreadsheet: Evaluation of evidence types, provides strength of evidence and justification.
NIST provided the spreadsheet they are working on as they want to avoid duplication of work.
Strength of evidence Table 5.1 is addressed on the file; 5.2 and 5.3 should be addressed in the same format.
Smart cards and/or FID cards are called: SUPERIOR
Driver license: STRONG
School Id and Bank statement: FAIR
Social security and birth certificate: WEAK
Scott and Peter pointed out that there is no differentiation among States and one of the gaps identified was that the text should differentiate the different States´s driver licenses.
Peter suggested to review and share our comments and suggestions for revision and provide a common draft to Naomi. Also, he suggested that the file could be circulated in 2 circles, in a reduced group and then wider group.
Scott said that his concerns on 63A are partially satisfied with NIST spreadsheet but he has a question about Table 5.3 physical or biometric verification, which references Biometrics section on 63B. What´s applicable?, all the requirements´s set of Biometrics section or only the subset when applies to a photograph?
Action items from the last Sync on this regard:
1) Review the NIST excel sheet, identify gaps, point out what is missing, make comments and concrete recommendations and send it back to NIST.
2) Redraft the scope of work.