Voting participants: Ken Dagg; Scott Shorter; Mark Hapner
Non-voting participants: David Kelts
Staff: Colin and Ruth
Quorum: 4 of 7.
- Roll Call
- Agenda Confirmation
- Minutes approval 2019-02-28 DRAFT Minutes
- Action Item Review: action item list
- Staff reports and updates - Director´s Corner February 2019
- LC reports and updates
- Call for Tweet-worthy items to feed (@KantaraNews or #kantara)
a. IAWG Comments on the Pan Canadian Trust Framework Model Overview (Attached).
b. Criteria Guidance (Any participant suggestions for adding or enhancing guidance for understanding assessment criteria)
3. Any Other Business
- Roll call was taken, noting that there was not quorum.
- The attendees noted the Minutes, but they could not be approved since the quorum was not reached.
- Ken and Richard are still working on the Overview and Glossary.
- Experian is the second approved CSP under
- Colin congratulated Scott for Excelsior Security Solutions Accreditation as a Kantara Assessor.
- IDVP DG report is almost complete to submit to ISO.
- Further information: Director´s Corner - February 2019
IAWG Comments on the Pan Canadian Trust Framework Model Overview
- Ken walked the IAWG through the spreadsheet with the comments on PCTF Model Overview, where there are 32 comments: DIACC-Submission-Form-PCTF-Model-Overview-Discussion-Draft-V0.02-1-1 Ken Dagg 20190304.xlsx
- Ken said that the individual names will be changed to "IAWG" in Column C.
- Ken will send the agreed IAWG comments to DIACC by March 15th.
Any Other Business
- Colin commented that he will speak at the KNOW identity conference at the panel called "Mythbusters".
- He presented the list of myths* (below) and asked the IAWG participants to choose their favorites, or add their favorite and a brief explanation to justify that choice/addition, and he would try to accommodate them in part of the panel.
*What myths are we trying to bust?
- Eligibility and Identity are interchangeable
- Authentication is the same as identity assurance
- Provision of biometric credentials is identity assurance
- Certification and assurance are the same thing
- Verification and Validation are the same things
- Businesses have identities not identifiers (attributes)
- KBVs are useless
- Standards are not needed
- Standards are too difficult
- Specific elements not required (e.g. Activity history)
- Standards need to define methods (biometric etc.) as opposed to outcomes
- Standards only apply to public sector
- Interoperability is not important
Schemes and regulations
- The UK scheme (Verify) and the standards are the same thing
- Verify is a failure (certification, assurance, standards are a success)
- Standards are not helpful for AML and KYC at all
- Digital Identity sells itself (ignores RP requirements for efficiencies, channel shift, risk mitigation etc)
- RPs need all the evidence attributes from the proofing
- RP’s always need a high levels of assurance/having a lower level of assurance isn’t always a bad thing
- The identity attributes cause matching issues in the RP
- IDP success is unrelated to RP service design