Call recorded for purposes of note taking
Minutes approved, IAWG call 2013-04-11
As of 14 January 2013, quorum is 4 of 7
Submitted ticket #533469 - This is considered Errata and accepted
I've got a question about the proper interpretation of AL1_ID_IPV#010 and #020: If read literally these conditions say that a AL1 IdP must provide In-Person Public Verification (base on self-asserted identity). Why is this not an option for an IdP? The way I see it most IdPs operating at AL1 *only* would opt _out_ of IPV entirely (I suspect you won't be able to get a google account by showing up in person at G HQ for instance). I propose the following change to the lean-in text of 18.104.22.168: Replace: "An enterprise or specified service must:" With "An enterprise or specified service that provides In-Person Public Identity Verification at AL1 must:" ------------------- To view/respond to the ticket, please login to the support ticket system.
1. Potentially move the retention requirement to more reasonable in SAC core - but ensure that it's covered aligned to NIST requirement in US Federal Additional Criteria. (Part of which set of changes?) (See http://kantarainitiative.org/pipermail/wg-idassurance/2012-August/001326.html for thread of email discussion)
General Roadmap overview