Date

2019-01-30

Status of Minutes


DRAFT

Approved at: <<Insert link to minutes showing approval>>

Agenda

  1. Call to order
    1. Roll Call & Determination of quorum status
    2. Reminder about the Group Participation Agreement
    3. Agenda bashing 
  2. Introductions
    Standing Agenda Items
  3. Schedule status updates
  4. Contributions status updates
  5. Writing teams status updates
  6. All Other Business (AOB)
  7. Adjourn

Attendees

Link to the full Participant Roster

Voting Participants

fParticipants

Attended

Callahan, JohnYes
Dagg, Ken


Harkema, JJ


Hapner, Mark

Yes

Hughes, Andrew (Chair)

Yes

Pasquale, Jim


Shorter, Scott


Skyberg, David

WILSHER, Richard

Yes


Non-Voting Participants

Joe Andrieu, Terry McBride, Colin Wallis, 


Discussion Items


Time

Item

Who

Notes

5 min
  • Call to order
  • GPA reminder
  • Roll call
  • Agenda bashing
Chair




Introductions

All

Welcome!



New BusinessAll
  • Discuss terminology emails

Schedule updates

  • Status
  • Issues
  • Next period plan
Chair


Contributions updates

  • Status
  • Issues
  • Next period plan
Chair
  • JJ - Experian Remote ID proofing to NIST IAL2
  • Stuart - UK Housing
  • Joe - W3C
  • John - Aadhaar
    • Aasim - end next week estimate
  • John - Peru
    • RENIAC - submitting soon
  • John - Mexico
    • End next week estimate
  • Andrew - Alipay
    • Andrew to use Chinese financial regulator rules to create a use case; Alipay folks are looking for best path to contribute their use cases
  • Peter - Airside Mobile
  • Others?
  • Terry - USPS x 5
    • Has mapped the use case steps back to requirements of NIST SP 800-63-3A
    • Comment: is it possible to reach IAL2 without using a photo?
    • Walked through In Person Proofing As A Service use case
      • Q: Is it always necessary to check with an issuer/authoritative source? Or is an examination of the security features of the credential sufficient?
        • A: 63-3A there's an issue that an 'Authoritative Source' must have access to the data at the 'Issuing Source' - this is not practical in many/most cases - so compensating controls are required.
        • 63-3A says 'published by an issuing source' - technically, for example, a drivers license is 'published' so does that count? (smile)
    • Walked through Device ID and Reputation case
      • explores what is meant as 'evidence' and how risk-based insights about the person/browser agent could be folded into recognition processes (e.g. device fingerprinting)
  • Comments: Look into valididy to see if they have material for this DG
  • Comments: taking ongoing relationship with RP into account to elevate IAL over time - e.g. ongoing use of financial services



Writing teams updates

  • Status
  • Issues
  • Next period plan
Chair

AOBChair

Terminology discussion

  • Joe - email looking at the terminology 'replacement rule' - boils down to comparison between two 'entities' that are actually different - this should be resolved somehow
  • Terry - https://plato.stanford.edu/entries/qt-idind - a paper on what makes an entity the 'same' entity?
  • Richard - might be useful to qualify the term 'entity' with adjectives describing what stage of 'proofing-ness' it has attained so far (paraphrased)
  • Joe - the objective is to compare the information about the applicant to the identity information records held at the authoritative sources to determine if the applicant is the expected entity (paraphrased)
  • Richard - describe this a 'presented profile' from the applicant versus the 'recorded profile' held at the authoritative source (paraphrased)
  • This needs more analysis - on the list

AdjournChair

Next DG meeting Wednesday, February 06, 2019 11:00 Pacific Standard Time / 14:00 Eastern Standard Time / 19:00 GMT

https://global.gotomeeting.com/join/132339365