TFS Monthly Sync – Draft Meeting Notes
Wednesday, February 8, 2017
Brian Dilley, Verizon
Andrew H., AYIN International
LaChelle LeVan, FICAM
Peter Alterman, SAFE Biopharma
Ken Crowl, Experian
Scott Shorter, KUMA
Paul Grassi, NIST
Lee Aber, ID.me
Nandini Diamond, FICAM
Colin Wallis, KI
Russ Weiser, Synchronoss
Ken Dagg, Chair of KI IAWG
Ruth Puente, KI
KI IAWG Update
- Finalizing comments on NISTIR 8149, Developing Trust Frameworks to Support Identity Federations.
- Gathering comments on 800-63-3
- Reviewing the charter.
FICAM and NIST Update
- Webinar about the status of 800-63-3, February 7, 2017.
- Currently working to update the standard operating procedures. They aim to add simplification, clarity and consistency of the language for easy adoption. Incorporation of plain language and combined terminology, so the community readers can find a high level guide on how to establish trust among frameworks and with the federal government.
- 800-63-3 Implementation timeframe: 1 year for agencies to comply with 800-63-3.
Comments from the industry
- Big concern on the short timeframe for implementation of 800-63-3.
- Technical challenges of: document verification requirement for every remote identity proofing transaction and requiring validations using the “issuing source”.
- Once you have the new factors and the componentization in place, how we will use it? How to express those factors in a transactional fashion so the party on the other side can receive that particular set of metadata? NIST clarified that 800-63C addresses the assertion requirements, and includes the attributes that should be in the assertion (the text has a SHOULD, but could be a SHALL). IGov profile – not decided if it will be conveyed in the VoT style and every organization internationally will need to map their individual assurance levels into what VoT says, or we will have an international government specific set of attributes. Discovery mechanism will include this metadata: the value of VoT, Identity providers convey during the discovery phase what they actually support.
- Due to healthcare providers questions, one of the KI CSPs suggested to discuss and get guidance on as to how the DHS “RealID DMV Compliance List” will affect FICAM and all the CSPs. Given the DHS is not going to allow certain State drivers licenses as valid travel documents. Does this impact accepted Drivers Licenses from these states in ID verification for credentialling under FICAM? How will this be managed? What are the timeframes that they would affect ID verification? Does this also affect other programs on a broader Basis e.g. PIV PIVI etc. ? https://www.yahoo.com/travel/video-driver-licenses-nine-states-191632170.html FICAM commented that this has a very long history, there has been a 8 year effort, managed out of DHS / SCO and would touch on what exactly this would mean for our identity proofing government wide. FICAM does not have a written position on this, they will need to work with DHS and NIST to analyze the clauses.
- TFPs to set up a meeting to discuss the short timeframe of 800-63-3 implementation.