Page tree

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.




Callahan, JohnYes
Dagg, Ken

Harkema, JJ

Hapner, Mark


Hughes, Andrew (Chair)


Pasquale, Jim

Shorter, Scott

Skyberg, David

WILSHER, Richard


Non-Voting Participants

Joe Andrieu, Terry McBride, Colin Wallis, 

Discussion Items





5 min
  • Call to order
  • GPA reminder
  • Roll call
  • Agenda bashing




New BusinessAll
  • Discuss terminology emails

Schedule updates

  • Status
  • Issues
  • Next period plan

Team Calendars

Contributions updates

  • Status
  • Issues
  • Next period plan
  • JJ - Experian Remote ID proofing to NIST IAL2Terry - USPS x 5
  • Stuart - UK Housing
  • Joe - W3C
  • John - Aadhaar
    • Aasim - end next week estimate
  • John - Peru
    • RENIAC - submitting soon
  • John - Mexico
    • End next week estimate
  • Andrew - Alipay
    • Andrew to use Chinese financial regulator rules to create a use case; Alipay folks are looking for best path to contribute their use cases
  • Peter - Airside Mobile
  • Others?
  • Terry - USPS x 5
    • Has mapped the use case steps back to requirements of NIST SP 800-63-3A
    • Comment: is it possible to reach IAL2 without using a photo?
    • Walked through In Person Proofing As A Service use case
      • Q: Is it always necessary to check with an issuer/authoritative source? Or is an examination of the security features of the credential sufficient?
        • A: 63-3A there's an issue that an 'Authoritative Source' must have access to the data at the 'Issuing Source' - this is not practical in many/most cases - so compensating controls are required.
        • 63-3A says 'published by an issuing source' - technically, for example, a drivers license is 'published' so does that count? (smile)
    • Walked through Device ID and Reputation case
      • explores what is meant as 'evidence' and how risk-based insights about the person/browser agent could be folded into recognition processes (e.g. device fingerprinting)
  • Comments: Look into valididy to see if they have material for this DG
  • Comments: taking ongoing relationship with RP into account to elevate IAL over time - e.g. ongoing use of financial services

Writing teams updates

  • Status
  • Issues
  • Next period plan


Terminology discussion

  • Joe - email looking at the terminology 'replacement rule' - boils down to comparison between two 'entities' that are actually different - this should be resolved somehow
  • Terry - - a paper on what makes an entity the 'same' entity?
  • Richard - might be useful to qualify the term 'entity' with adjectives describing what stage of 'proofing-ness' it has attained so far (paraphrased)
  • Joe - the objective is to compare the information about the applicant to the identity information records held at the authoritative sources to determine if the applicant is the expected entity (paraphrased)
  • Richard - describe this a 'presented profile' from the applicant versus the 'recorded profile' held at the authoritative source (paraphrased)
  • This needs more analysis - on the list


Next DG meeting Wednesday, January 30February 06, 2019 11:00 Pacific Standard Time / 14:00 Eastern Standard Time / 19:00 GMT