- Big concern on the short timeframe for implementation of 800-63-3.
- Technical challenges of: document verification requirement for every remote identity proofing transaction and requiring validations using the “issuing source”.
- Once you have the new factors and the componentization in place, how we will use it? How to express those factors in a transactional fashion so the party on the other side can receive that particular set of metadata? NIST clarified that 800-63C addresses the assertion requirements, and includes the attributes that should be in the assertion (the text has a SHOULD, but could be a SHALL). IGov profile – not decided if it will be conveyed in the VoT style and every organization internationally will need to map their individual assurance levels into what VoT says, or we will have an international government specific set of attributes. Discovery mechanism will include this metadata: the value of VoT, Identity providers convey during the discovery phase what they actually support.
- Russ Weiser Due to healthcare providers questions, one of the KI CSPs suggested to discuss and get guidance on as to how this will affect FICAM and all the CSPs: The DHS “RealID DMV Compliance List” attached, will this impact Identity Verification for FICAM. Given will affect FICAM and all the CSPs. Given the DHS is not going to allow certain State drivers licenses as valid travel documents. Does this impact accepted Drivers Licenses from these states in ID verification for credentialling under FICAM? How will this be managed? What are the timeframes that they would affect ID verification? Does this also affect other programs on a broader Basis e.g. PIV PIVI etc. ? https://www.yahoo.com/travel/video-driver-licenses-nine-states-191632170.html FICAM commented that this issue has a very long history, there has been a 8 year effort, managed out of DHS / SCO and would touch on what exactly this would mean for our identity proofing government wide. FICAM does not have a written position on this, they will need to work with DHS and NIST to analyze the clauses.
- TFPs to set up a meeting to discuss the short timeframe of 800-63-3 implementation.