|MoU and next steps|
- Ben has sent a revised version of the MoU on May 10th KI Approved CSP-to-IDESG IDEF Registry MoU Rev3.docx
- Ben and David revised what was applicable and what is no longer applicable regarding some privacy criteria and added Annexes A, B and C.They added step 7 in the on-boarding process, Annex A.
- Colin has accepted the changes and a final version was circulated on May 17th KI Approved CSP-to-IDESG IDEF Registry MoU Rev3 Changes accepted clean for Board.docx
- David explained some details on of the Annexes and tables:
-Table 1. Interop 2, 3 and 4 for LoA 4 was partially confirmed. KI also confirmed for Interop 2, 3 and 4. Partial for LoA4 and not for LoA 2 and 3 when there is no credit. Privacy 13 requires specific privacy assessment, there was no credit and was confirmed by KI.
-No changes were made to the KI US federal privacy profile mapping and conformance table (Table 2).
-Tables in Annex C relate to the Table 1 of Annex B.
-Table 3 shows the baseline requirements for the IDEF that has been mapped as full conformance or partial for full service CSPs. KI also approves components that provides the identity proofing component or the credential management component not all of the baseline requirements would be satisfied because not all the KI IAF 1400 SAC are assessed for those components.
-Table 4. For anybody that have been certified for the Privacy requirements, there is not differentiation for full service or component. If you have ben which are assessed against the privacy profile, all those apply, all the pre-qualifications for the IDEF baseline requirements apply.
-Table 5. Shows the baseline requirements for ID proofing component and baseline requirements that are mapped and satisfied for id proofing components that are approved just for the component function. The credential management SAC are not assessed for the components, they will not be applicable and there is not pre-qualification for those baseline requirements.
-Table 6 IDEF Registry Pre-qualification for IDEF Baseline Requirements for Kantara-approved Credential Management Component Service Providers. Full scope for baseline requirements. For full service CSPs or components credential providers, service providers for id proofing and verification, credential management component, that are pre-qualified for. Baseline requirements that were determined not comparable, not equivalent, or not applicable, are not shown in the table. So the table only shows those baseline requirements that the 3 types of KI approvals are pre-qualified for, full service CSPs, identity and verification components and credential management service components.
- David and Ben offered to help presenting the MoU in June´s KI BoD meeting (June 15th). David pointed out that they would like to jointly draft the communications to the KI CSPs that will contain the MoU.
- Colin may be able to present KI views on the IDESG Board Meeting.
- David and Ben will send the clean version to the IDESG Board for their consideration. Ben will ask the Board to designate the person that will be the IDESG contact in the MoU.
- The MoU needs IDESG legal review for the sign off.