Voting Participants: Ken Dagg, Martin Smith, Mark Hapner, Mark King, Richard Wilsher
Non-voting participants: Chris Lee, Jimmy Jung, Tim Reiniger, Marc Aronson , Roger Quint
Staff: Kay Chopard, Lynzie Adams
- Roll Call and quorum determination
- Agenda Confirmation
- Minute approval (DRAFT minutes of 2021-08-19)
- Staff reports and updates
- LC reports and updates
- Call for Tweet-worthy items to feed (@KantaraNews)
- Finalize proposed criterion language regarding "comparable alternative controls."
- Finalize proposed text regarding use of "presentation attack detection" (PAD.)
- Confirmation of other non-substantive changes to criteria to be included in the package to be submitted.
- Finalize proposed criterion language regarding "comparable alternative controls."
- Any Other Business and Next Meeting Date
Ken Dagg having emailed he would be slightly delayed, IAWG Vice-Chair Martin Smith called the meeting to order at about 1:07PM (US Eastern), and called the roll. It was noted that the meeting was quorate.
Minutes approval: Mark King moved approval of the draft Minutes of the IAWG meeting of Aug 19 . Mark H seconded. The minutes as distributed were approved unanimously.
Staff reports and updates: ED Kay Chopard–today talked with UK contact, who said they had a good relationship with former Kantara ED Colin Wallis , but that "Kantara is a mystery organization." It seems we need to get them a clear picture of the scope of Kantara's activities. The UK contact said they welcome participation in their stakeholders groups, but don't want to overburden anyone with keeping up with multiple stakeholder sub-groups. Kay assured her Kantara had the resources and interest to participate wherever we could be relevant. They are planning to have a certification process, and Kay recommends we respond to the current call for comment to stay engaged. She said they are encouraging responses from identity-focused organizations to balance against lots of comments they are receiving from individuals opposed to any government involvement in identity. Ken D. asked if our contact had indicated any knowledge of past Kantara comment contributions. Kay said no, but that maybe they did not count input received from Colin as having come from Kantara as an organization.
Mark K. I will send some questions on the latest UK draft, not as a proposed Kantara response but just to point out issues we should be aware of.
Richard W. Will be in UK soon. Should I try to meet with them? Kay C.: I don't think we need an in-person meeting, but we do need to make sure they realize Colin is not the only expert in Kantara. They may also have the idea that Colin and Ruth Puentes were representing Kantara Europe. Ken D.: I am willing to give this one more try, We had been on pause because of lack of positive impact of past comments submitted. Maybe a new face (i.e., Kay) will also help trigger them to take a fresh look at Kantara. For background: our policy has been to respond to requests for input if the requesting government is a Kantara member, or might become one. We had judged that UK joining Kantara was not likely. In the past, OIX was on their board and that may have discouraged greater Kantara access. Bottom line: we will try to provide some comments on the current UK draft.
Kay C.: the response deadline is September 13. That may also be one reason our UK contact suggested keeping comments brief.
Jimmy J.: I am concerned about their lack of familiarity with Kantara. I know we have briefing materials; should we try to present that to the UK program's board? Kay C.: I will be presenting at next month's European Identity Conference (EIC) drawing from our standard Kantara overview briefing materials.
Chair Dagg then invited the new Kantara Assurance PM, Lynzie Adams, to introduce herself. Lynzie A: I started this week, and look forward to getting more involved with IAWG and Kantara generally very soon. I worked with Kay C. previously when I was living in the Washington DC area, supporting the National District Attorneys Association. Since moving to South Carolina I am pursuing a Masters in Public Administration, which I expect will be very useful in my new role at Kantara.
LC reports and updates: Ken D.– not much to report.
Ken D. reminded WG participants that Kantara staff is ready to help them publicize their newsworthy activities via the @KantaraNews Twitter handle. Requests can be sent to Ken D or Kay C.
Ken D. asked Richard W. to lead the group through the various revisions to the criteria for 800-63-3 certification to be submitted for Kantara review and publication.
Richard had combined all proposed changes ("comparable alternatives", PAD-related, and errata) on a master spreadsheet which he displayed on-screen to the WG. He then led the group through the proposed changes to the current criteria, which were displayed in red.
There were no notable changes in the COSAC.
In the OPSAC, there was one minor item with respect to which group agreed with Richard's characterization as a "non-material" change (i.e., not requiring full public review for Kantara approval.)
The WG then reviewed the recommended text changes to the current 63A criteria --
No questions were raised on the recommended change to criterion item #80.
Ken D. noted that the changes to item #177, regarding "comparable alternative controls", had been reviewed at the previous IAWG, and participants offered no further questions or suggestions.
Items #460 and 480, relating to knowledge-based verification (KBV) were characterized as non-substantive and participants had no comment.
Items #630-50 clarified provisions relating to used of presentation-attack detection (PAD changes.) The recommended changes were based on the discussion of PAD at the WG's meeting last week. Ken D. invited any further comments, but there were none, so Ken considered the changes approved. It was agreed these changes are material and will therefore be subject to the full Kantara review process.
The WG briefly discussed the mechanics of the Kantara review process, and concluded that only the "material" changes will be highlighted for review, though the entire document set will be provided to reviewers. Ken D. said it is possible, though not too likely, that substantive comment might be received on any text in the documents, even those where no change at all has been proposed. In that case the IAWG would review and propose a disposition of those comments, as well as any comments received on the highlighted "material" changes.
Richard W. noted that in the event of a "material" change to any document, the first digit of the version number for that document would be incremented, but that each document is versioned independently. In the present case, for example, the version numbers for the 63A and 63B criteria would be incremented to 5.0, but there would be no change to the COSAC version number as no changes have been proposed.
The WG then moved on to review recommended changes to 63B criteria:
Richard W. suggested that for items #350 and #790 the changes are not material. Participants offered no further comment.
He suggested that items #1505 - 20, dealing with PAD. are material. No other changes to 63B criteria are being recommended.
Richard W. also noted that no changes are proposed for 63C criteria.
Jimmy J. Mentioned that the Assurance Review Board (ARB) had recently said to him that the applicability of PAD is unclear. Does it require PAD if any biometric data is collected, whether or not remote proofing is being used? Richard W. expressed the view that our criteria language is in fact unambiguous. .
Roger Q. asked how--when and if PAD is made mandatory by NIST in their next revision of 800-63–Kantara would handle that in our criteria. Martin S. suggested that the first move is NIST's: to draft any PAD-related requirements in 800-63-4.
Ken D. invited a motion to approve the package of criterion changes as discussed today for submission to the Kantara review process. Mark H. so moved; Jimmy J. seconded. The motion was approved unanimously.
Richard W. said he would do a final clean-up of the documents and send them to the IAWG Chair and Vice-Chair, and to Assurance PM Adams for submission for Kantara review.
Ken D. announced that the IAWG would meet again next week (September 2) to begin developing comments on the latest UK framework draft.
He then adjourned the meeting at about 2:05PM US Eastern.
NOTE: The following was placed into the GTM Chat during the meeting:
Mark King to Everyone
Are Kay and Lynzie taking over the collaboration with NGI_Trust in Horizon 2020 programme (EU plus UK), where both Colin and Ruth are/were mentors/board members?
Kay Chopard to Everyone
Colin and Ruth have told me that they were doing that as part of their work with Kantara Europe. I did not have the understanding from them that it was something Lynzie and I would be permitted to take over.