Status of Minutes


Approved at: <<Insert link to minutes showing approval>>


  1. Call to order
    1. Roll Call & Determination of quorum status
    2. Reminder about the Group Participation Agreement
    3. Agenda bashing 
  2. Introductions
    Standing Agenda Items
  3. Schedule status updates
  4. Contributions status updates
  5. Writing teams status updates
  6. All Other Business (AOB)
  7. Adjourn


Link to the full Participant Roster

Voting Participants



Callahan, JohnYes
Dagg, Ken

Harkema, JJ

Hapner, Mark


Hughes, Andrew (Chair)


Pasquale, Jim

Shorter, Scott

Skyberg, David

WILSHER, Richard


Non-Voting Participants

Joe Andrieu, Terry McBride, Colin Wallis, 

Discussion Items





5 min
  • Call to order
  • GPA reminder
  • Roll call
  • Agenda bashing




New BusinessAll
  • Discuss terminology emails

Schedule updates

  • Status
  • Issues
  • Next period plan

Contributions updates

  • Status
  • Issues
  • Next period plan
  • JJ - Experian Remote ID proofing to NIST IAL2
  • Stuart - UK Housing
  • Joe - W3C
  • John - Aadhaar
    • Aasim - end next week estimate
  • John - Peru
    • RENIAC - submitting soon
  • John - Mexico
    • End next week estimate
  • Andrew - Alipay
    • Andrew to use Chinese financial regulator rules to create a use case; Alipay folks are looking for best path to contribute their use cases
  • Peter - Airside Mobile
  • Others?
  • Terry - USPS x 5
    • Has mapped the use case steps back to requirements of NIST SP 800-63-3A
    • Comment: is it possible to reach IAL2 without using a photo?
    • Walked through In Person Proofing As A Service use case
      • Q: Is it always necessary to check with an issuer/authoritative source? Or is an examination of the security features of the credential sufficient?
        • A: 63-3A there's an issue that an 'Authoritative Source' must have access to the data at the 'Issuing Source' - this is not practical in many/most cases - so compensating controls are required.
        • 63-3A says 'published by an issuing source' - technically, for example, a drivers license is 'published' so does that count? (smile)
    • Walked through Device ID and Reputation case
      • explores what is meant as 'evidence' and how risk-based insights about the person/browser agent could be folded into recognition processes (e.g. device fingerprinting)
  • Comments: Look into valididy to see if they have material for this DG
  • Comments: taking ongoing relationship with RP into account to elevate IAL over time - e.g. ongoing use of financial services

Writing teams updates

  • Status
  • Issues
  • Next period plan


Terminology discussion

  • Joe - email looking at the terminology 'replacement rule' - boils down to comparison between two 'entities' that are actually different - this should be resolved somehow
  • Terry - - a paper on what makes an entity the 'same' entity?
  • Richard - might be useful to qualify the term 'entity' with adjectives describing what stage of 'proofing-ness' it has attained so far (paraphrased)
  • Joe - the objective is to compare the information about the applicant to the identity information records held at the authoritative sources to determine if the applicant is the expected entity (paraphrased)
  • Richard - describe this a 'presented profile' from the applicant versus the 'recorded profile' held at the authoritative source (paraphrased)
  • This needs more analysis - on the list


Next DG meeting Wednesday, February 06, 2019 11:00 Pacific Standard Time / 14:00 Eastern Standard Time / 19:00 GMT