Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Time

Item

Who

Notes

5 min
  • Call to order
  • GPA reminder
  • Roll call
  • Agenda bashing
Chair




Introductions

All

Welcome!



New BusinessAll
  • Discuss terminology emails

Schedule updates

  • Status
  • Issues
  • Next period plan
Chair

Team Calendars
id308e504f-b7f1-4b7c-90ae-ac5684fb7c65


Contributions updates

  • Status
  • Issues
  • Next period plan
Chair
  • JJ - Experian Remote ID proofing to NIST IAL2
  • Stuart - UK Housing
  • Joe - W3C
  • John - Aadhaar
    • Aasim - end next week estimate
  • John - Peru
    • RENIAC - submitting soon
  • John - Mexico
    • End next week estimate
  • Andrew - Alipay
    • Andrew to use Chinese financial regulator rules to create a use case; Alipay folks are looking for best path to contribute their use cases
  • Peter - Airside Mobile
  • Others?
  • Terry - USPS x 5
    • Has mapped the use case steps back to requirements of NIST SP 800-63-3A
    • Comment: is it possible to reach IAL2 without using a photo?
    • Walked through In Person Proofing As A Service use case
      • Q: Is it always necessary to check with an issuer/authoritative source? Or is an examination of the security features of the credential sufficient?
        • A: 63-3A there's an issue that an 'Authoritative Source' must have access to the data at the 'Issuing Source' - this is not practical in many/most cases - so compensating controls are required.
        • 63-3A says 'published by an issuing source' - technically, for example, a drivers license is 'published' so does that count? (smile)
    • Walked through Device ID and Reputation case
      • explores what is meant as 'evidence' and how risk-based insights about the person/browser agent could be folded into recognition processes (e.g. device fingerprinting)
  • Comments: Look into valididy to see if they have material for this DG
  • Comments: taking ongoing relationship with RP into account to elevate IAL over time - e.g. ongoing use of financial services



Writing teams updates

  • Status
  • Issues
  • Next period plan
Chair

AOBChair

Terminology discussion

  • Joe - email looking at the terminology 'replacement rule' - boils down to comparison between two 'entities' that are actually different - this should be resolved somehow
  • Terry - https://plato.stanford.edu/entries/qt-idind - a paper on what makes an entity the 'same' entity?
  • Richard - might be useful to qualify the term 'entity' with adjectives describing what stage of 'proofing-ness' it has attained so far (paraphrased)
  • Joe - the objective is to compare the information about the applicant to the identity information records held at the authoritative sources to determine if the applicant is the expected entity (paraphrased)
  • Richard - describe this a 'presented profile' from the applicant versus the 'recorded profile' held at the authoritative source (paraphrased)
  • This needs more analysis - on the list

AdjournChair

Next DG meeting Wednesday, January 30February 06, 2019 11:00 Pacific Standard Time / 14:00 Eastern Standard Time / 19:00 GMT

https://global.gotomeeting.com/join/132339365

...