Status of Minutes
Approved at: <<Insert link to minutes showing approval>>
Agenda Call to order Roll Call & Determination of quorum status Reminder about the Group Participation Agreement Agenda bashing Introductions Standing Agenda Items Schedule status updates Contributions status updates Writing teams status updates All Other Business (AOB) Adjourn Attendees
Link to the full
Participant Roster Voting Participants
Callahan, John Yes Dagg, Ken
Hughes, Andrew (Chair)
Joe Andrieu, Terry McBride, Colin Wallis,
5 min Call to order GPA reminder Roll call Agenda bashing
New Business All Discuss terminology emails
Status Issues Next period plan Chair
EDIT THE CALENDAR
Customize the different types of events you'd like to manage in this calendar.
Next Skip tour #legIndex/#totalLegs RESTRICT THE CALENDAR
Optionally, restrict who can view or add events to the team calendar.
Next Skip tour #legIndex/#totalLegs SHARE WITH YOUR TEAM
Grab the calendar's URL and email it to your team, or paste it on a page to embed the calendar.
Next Skip tour #legIndex/#totalLegs ADD AN EVENT
The calendar is ready to go! Click any day on the calendar to add an event or use the Add event button.
Next Skip tour #legIndex/#totalLegs SUBSCRIBE
Subscribe to calendars using your favorite calendar client.
Status Issues Next period plan Chair JJ - Experian Remote ID proofing to NIST IAL2 Stuart - UK Housing Joe - W3C John - Aadhaar Aasim - end next week estimate John - Peru John - Mexico Andrew - Alipay Andrew to use Chinese financial regulator rules to create a use case; Alipay folks are looking for best path to contribute their use cases Peter - Airside Mobile Others? Terry - USPS x 5 Has mapped the use case steps back to requirements of NIST SP 800-63-3A Comment: is it possible to reach IAL2 without using a photo? Walked through In Person Proofing As A Service use case Q: Is it always necessary to check with an issuer/authoritative source? Or is an examination of the security features of the credential sufficient? A: 63-3A there's an issue that an 'Authoritative Source' must have access to the data at the 'Issuing Source' - this is not practical in many/most cases - so compensating controls are required. 63-3A says 'published by an issuing source' - technically, for example, a drivers license is 'published' so does that count? Walked through Device ID and Reputation case explores what is meant as 'evidence' and how risk-based insights about the person/browser agent could be folded into recognition processes (e.g. device fingerprinting) Comments: Look into valididy to see if they have material for this DG Comments: taking ongoing relationship with RP into account to elevate IAL over time - e.g. ongoing use of financial services
Writing teams updates
Status Issues Next period plan Chair AOB Chair
Joe - email looking at the terminology 'replacement rule' - boils down to comparison between two 'entities' that are actually different - this should be resolved somehow Terry - https://plato.stanford.edu/entries/qt-idind - a paper on what makes an entity the 'same' entity? Richard - might be useful to qualify the term 'entity' with adjectives describing what stage of 'proofing-ness' it has attained so far (paraphrased) Joe - the objective is to compare the information about the applicant to the identity information records held at the authoritative sources to determine if the applicant is the expected entity (paraphrased) Richard - describe this a 'presented profile' from the applicant versus the 'recorded profile' held at the authoritative source (paraphrased) This needs more analysis - on the list Adjourn Chair Next DG meeting Wednesday, January 30, 2019 11:00 Pacific Standard Time / 14:00 Eastern Standard Time / 19:00 GMT https://global.gotomeeting.com/join/132339365