Wiki
Clone wikiekyc-ida / Minutes / eKYC-IDA_Meeting_Notes_2020-03-11
Attendees
- Torsten Lodderstedt
- Daniel Fett
- Mark Haine
- Naohiro Fujie
- Nat Sakimura
- Bjorn Hjelm
- Alberto Pulido
- Dima Postnikov
- Jan Kelin
- Joseph Heenan
- Kosuke Koiwai
- Wesley Dunnington
- Achim Schlosser
- Anthony Nadelin
- Marcus Almgren
- Stéphane Mouy
Agenda
- External organisations
- Implementers draft update
- Post v09 activities
External orgs/events
- Nick Mothershaw of TISA (and OIX) shared some documentation on how they will envisage use of eKYC
#1181- There is some useful information about how age verification use case may work
- There is some concern that there may be some liability associated with age verification
- Derived claim seems to be a good approach rather than an LOA
- Mark asked to speak at OIX event
- IETF meeting Vancouver
- Cancelled
- European eKYC effort - no progress as yet
- Call tomorrow with Stéphane to move it forward
- Mark will attend as he has a connection to another party involved
- IIF - Event Cancelled
- A virtual meeting is being organised
- Rod is talking to Don Thibeau about involvement in whatever replaces it
- Santander Hackathon - Event Cancelled
- Mark will be available to attend when it is re-scheduled
- FDX Meeting
- Wesley will have a 10mins talk about this WG and specification
- Bjorn talked about situation of eKYC together with NIST trust framework, and introduced ZenKey corporation who are providing identity services compliant to NIST SP800-63B, authentication part, but does not aware that they are compliant to 63A. identity proofing part.
implementers draft update
- New version is up and running
- Generic URL that points to most up to date version of OpenID Connect for Identity Assurance 1.0
- A direct link to v09 page of OpenID Connect for Identity Assurance 1.0 which has been dramatically improved over the last few months
- Torsten thanked everybody for their contributions
- Issues with publishing v09 on Wordpress may lead to minor tweaks and a v10. This is because the team haven't been able to publish the JSON schema files
-
Once it is published Can all please do a detailed review of the document due to small errors possibly being introduced
-
What timeline is desired for the implementers draft process?
- For implementers draft - notification is 45 days and voting period is 2 weeks (voting period can run concurrently to the last 2 weeks of notification period)
- once JSON files are published we should start the notification period by -achieving consensus of WG -notifying the secretariat at the OIDF -provide an implementers draft announcement for OIDF website -any normative changes would need to go back to start of process -editorial changes can be made during review period
Post revision v09
-
Under #1151 Set up a page to show how eKYC could satisfy many use cases - what do WG members think?
- Various parties have agreed to prepare examples
- A potential sub page could be around TISA - Mark will work with Nick Mothershaw on that
-
Jan spoke about BankID project report from Czech republic
- preparing specifications for this project and received support from EU and will be using eKYC spec from this working group
- Private activity JV between 20 banks but there is some legal and government support
- Examples in spec are being directly used in the project.
- Jan will arrange to write example page
-
Assertion language
- Originating from issue
#1172 - Tony observed that this may be applicable to broader group but may not be able to do it as effectively
- Mark asked about priority of this -vs- legal entity
- Alberto (Santander) is interested to contribute on assertion environment
- Nat is convinced that the Assertion piece is best done in this working group given the level of activity and people participating
- Achim observed that starting a separate document would be better as it might be that this piece of work might be ultimately part of OIDC core or another part of the OIDF specs
- Originating from issue
-
Legal entity
- Torsten stated that it's a really ambitious topic but really important
- Tony observed that it is jurisdictionally specific and there may be some baseline that can be shared but there will be specialised instances and it will be hard from a legal perspective
- One way would be to describe a simple use case and try to work out where the difficulties are
- Nat suggested collecting use cases
- Torsten's view is that the main use case is the questoin of whether "this person represents this legal entity"
- Tony has been looking at confidence levels
- Summary from Torsten - There is some reluctance but we should work on this and start by working on use cases
Other topics deferred due to time running out
- data minimisation for claims request to restrict returned datas
#1159- how we determine names of claims
Updated