Wiki
Clone wikiekyc-ida / Minutes / eKYC-IDA_Meeting_Notes_2020-01-15
Agenda
- F2F London
- Discussion of potential liaisons (e.g. FIDO, ETSi)
- Conformance tests
- Work through the existing tickets
Attendees:
- Torsten Lodderstedt
- Daniel Fett
- Dima Postnikov
- John Callahan
- Kosuke Koiwai
- Lee McGovern
- Marcos Sanz
- Marcus Almgren
- Mark Haine
- Naohiro Fujie
- Takahiko Kawasaki
- Wesley Dunnington
- Achim Schlosser
- Anthony Nadalin
- Azusa Kikuchi
- Roland Hedberg
- Alberto Pulido
F2F London - item paused since Don is not present
Discussion of potential liaisons (e.g. FIDO, ETSi)
- TorstenL would like to gather thoughts
- AnthonyN - FIDO is looking at fast re-proofing to permit addition of secondary methods so not through electronic claims. Cojuld be linked with eKYC to soem extent but not with claims - propose we wait and see how that effort develops. There is only activity on gathering requirements
- AnthonyN - suggests engagememt with ISO SC17 Working group 10 - Mobile Driving Licenses - at an ISO plenary in March
-
DimaP - Fido is looking at recovery processes - chat: ```Identity Verification & Binding Working Group Overview
-
For accounts protected from phishing and other credential-based attacks with FIDO Authentication, the account recovery process when a FIDO device is lost or stolen becomes critical to maintaining the integrity of the user’s account. Validating a user’s identity with high assurance is an important aspect of this process, as well as for account onboarding processes, meeting Know Your Customer (KYC) and Anti-Money Laundering (AML) requirements.
-
The FIDO Alliance has identified newer remote, possession-based techniques including biometric “selfie” matching and government-issued identity document authentication as having the potential to greatly improve the quality of identity assurance for new account onboarding and account recovery. The Alliance has also determined a market need for authoritative guidance, performance evaluation and certifications for their use.
-
The FIDO Alliance has created the IDWG to fill this need. The IDWG will define criteria for re```
-
AnthonyN - shouldn’t be hard to establish a stronger enaggement when the appropriate time arises
-
AnthonyN - Add this working group for notification to ISO SC17
-
TorstenL - suggest we establish a liason with ETSI - as they have started to work towards a standard for identity proofing - it would be useful if this group appears in the report - TorstenL will take care of that
-
AnthonyN - don’t forget W3C verifiable credentials working group - it is in maintenance mode - recommendation: AnthonyN - just keep an eye on that
Conformance tests
- TorstenL :What does it take in this space?
- RolandH: Suggestion is that comparison of implementations as well as
Known implementations in progress:
- Marcos (ID4me),
- Vladimir (Connect2id)
- Taka (Authlete)
- Roland working on implementation,
- 3 in ‘yes’ ecosystem
-
Curity (?)
-
MacrosS - Helpful for potential interop workshops, to know whom to invite
- TorstenL will send a message to the list and document it
Work through the existing tickets
Intent is to go through and categorise Issues
Issues discussed were
#1068openid / ekyc-ida / issues /#1068- Follow ISO rules (ISO Directive Part 2 and global relevance documents) on the drafting — Bitbucket#1069closed no objections - openid / ekyc-ida / issues /#1069- Identity Assurance Section 5.1 on reason for request — Bitbucket#1077openid / ekyc-ida / issues /#1077- Identity Assurance - Need Input from other Jurisdictions — Bitbucket- DimaP will seek feedback on this point from Australia,
- MarcusA will seek feedback from Scandinavia,
- MaciejM will seek feedback in UK,
- TorstenL will send out a not seeking further feedback
#1078closed with no objections openid / ekyc-ida / issues /#1078- Identity Assurance - Incorporate EU/EC KYC Token work — Bitbucket,- TorstenL spoke to an EU expert and this seems to be a bias to SAML but that what we are doing supports their goals
- Propose close as Torsten will take it forward with ETSi
#1088openid / ekyc-ida / issues /#1088- register new claims in OAuth Token Introspection Response Registry — Bitbucket- TorstenL suggests updating the JWT claims spec,
- MarkH will do this with support from TorstenL
#1093openid / ekyc-ida / issues /#1093- Extensibility: how do we support extensibility for trust frameworks, evidence types, verification methods and id documents? — Bitbucket- AnthonyN - will develop a proposal for an IANA regsitry
#1094openid / ekyc-ida / issues /#1094- How to treat unknown identifiers in claims parameter — Bitbucket- MarcosS took action to review and make a proposal
#1097openid / ekyc-ida / issues /#1097- Include Legal Persons — Bitbucket- MarcusA is concerned about the complexity of identifying the Unique beneficial entity
- AnthonyN seconded that view
- TorstenL The feeling is that there is a desire to do this but push it back and come back to this topic if we have the capacity and expertiese
#1098openid / ekyc-ida / issues /#1098- Add verification_score — Bitbucket- #1100 openid / ekyc-ida / issues / #1100 - Analyse ISO 29003 — Bitbucket
- AnthonyN - we should use ISO29003 as a guide
Updated