1. OpenID Foundation Avatar OpenID Foundation
  2. WGs
  3. ekyc-ida

Wiki

Clone wiki

ekyc-ida / Minutes / eKYC-IDA_Meeting_Notes_2020-09-16

View History

Attendees

  • Nat Sakimura
  • Mark Haine
  • Anthony Nadalin
  • Don Thibeau
  • Bjorn Hjelm
  • Dave Tonge
  • Takahiko Kawasaki
  • Joseph Heenan
  • Dima Postnikov
  • Anthony Nadalin
  • Kosuke Koiwai
  • Taylor Ongaro
  • Stephane Mouy
  • Ralph Bragg
  • Alberto Pulido
  • Kai Lehmann
  • Jules
  • Kristina Yasuda
  • Manuela Sedvartaite
  • Naohiro Fujie

Agenda

  • Brief review of external Orgs & Events
  • Agenda items
  • PRs & Issues

Brief review of external Orgs & Events

  • IIF / OIDF liaison - Don
    • IIF/OIDF launched Open Digital Trust Initiative earlier this year on request and sponsorship by Santandar group.
    • The purposes of the initiative is following new solutions for the passing the problems in the identity ecosystem from global perspective
    • The OIDF is leading technical track and the IIF is providing resource for the policy track. And the technical track consists of two WGs, eKYC, FAPI.
    • The unique opportunity for the OIDF / eKYC&IDA WG through this initiative is to communicate directly with the members of IIF includes over 160 regulators, policy makers, national banks, financial service agencies, etc.
    • Also there is an opportunity to educate policy makers about the importance of the work on eKYC WG especially current health and economic disruption.
    • By finalize current IDA spec/implementer's draft by the end of this calendar year, it meets the state of IIF's goal.
    • Don has wrote a blog about the initiative.
    • Along with the efforts of the IMF, Don is working with the World Economic Forum on behalf of OIDF, who also has the initiative regarding and providing financial security to the global ecosystem in particular looking at the issues on financial inclusion, privacy protection and security.
    • The WEF has welcomed the OIDF into their network and collaborate with identity organizations. They are about to plan, in year end wrap up, to try to consolidate and aggregate many efforts between NGOs, standard developing organizations, industry associations, etc.
  • Q&A, comments
    • Nat asked Don about related activities around the GOFTS(Global Open Finance Technical Standard).
    • Don answered there is yet another initiative by a partner organization with the Open ID Foundation which is led by Kevin from the Financial Data and Technology Association. The initiative is called the Global Open Finance Centre of Excellence and it is funded from the UK government to create an international working group that will be focused on policy issues from a regulatory and technology point of view. Their work will correlates to the work of the FAPI working group.
    • Don will let them know about the work of both of the FAPI working group and the eKYC and IDA working group.
    • Kevin asked that the Open ID Foundation act as a partner or a liaison and informally to as Nat as a co-chair of the initiative.

Agenda Items

  • Update from Stephane on ETSi Cooperation #1167

    • ETSi STF588 work group has started work for a month ago.
    • They focus on identity proofing for trust services
    • Much narrower than what the OIDF IDA is focusing on.
    • They are planning to publish 2 reports
      • A review of technologies and regulatory requirements for identity proofing for trust services
      • Technical set of specification on policy and security requirements for the components of identity proofing on trust services
    • The first report will be released as the first draft that could be open for public consultation in the early days of October.
    • ETSi STF588 was started in April or May, but cybersecurity agency has started a working group on a very closely connected field.
    • They are supposed to produce another report in a short timeframe.
    • ETSi and the working group had a first meeting yesterday.
    • Stephane will have a meeting with the European Commission team next Friday, and tell them that the OpenID Foundation eKYC and Identity Assurance working group is ready to support them in their efforts.
    • The European Commission asks about to be a member of OpenID Foundation.
    • Don said they will be welcomed, but it may be appropriate to have some kind of liaison agreement.
    • Stephane will have conversation around this topics as well in the next Friday's meeting with them.

  • Static age verification #1172

    • Proposed to be separated from the conditional claims.
    • We want to have a set of claims to cover a number of predefined threshold.
    • mDL has multiple claims to express age threshold, age_over_18 and age_over_21.
    "claims_supported": [ 
        "org.iso.18013.5.1:resident_address", 
        "org.iso.18013.5.1:portrait", 
        "org.iso.18013.5.1:portrait_capture_date", 
        "org.iso.18013.5.1:age_in_years", 
        "org.iso.18013.5.1:age_birth_year", 
        "org.iso.18013.5.1:age_over_18", 
        "org.iso.18013.5.1:birthplace", 
        "org.iso.18013.5.1:age_over_21", 
        "org.iso.18013.5.1:nationality", 
        "org.iso.18013.5.1:resident_city", 
        "org.iso.18013.5.1:resident_state", 
        "org.iso.18013.5.1:resident_postal_code", 
        "org.iso.18013.5.1:biometric_template_face", 
        "org.iso.18013.5.1:biometric_template_signature_sign", 
        "org.iso.18013.5.1:issuing_jurisdiction", 
        "org.iso.18013.5.1:hair_color", 
        "org.iso.18013.5.1:weight", 
        "org.iso.18013.5.1:eye_color", 
        "org.iso.18013.5.1:height", 
        "org.iso.18013.5.1:gender", 
        "org.iso.18013.5.1:driving_privileges", 
        "org.iso.18013.5.1:administrative_number", 
        "org.iso.18013.5.1:document_number", 
        "org.iso.18013.5.1:issuing_authority", 
        "org.iso.18013.5.1:issuing_country",
    • Alberto commented there should be more number of ranges, e.g. age over 16 for train ticket in the U.K.
    • In the driver's license discussion, all the national bodies agreed with defining for age 18 and 21.
    • But in the U.K. age over 17 can drive a car, also in the US people can drive at 14 if they have a hardship case. There is no commonality and each country does/does not enforce.
    • It is difficult to define all of threshold for all countries, it is reasonable to adopt 80-20 rules to decide which ranges to be adopted.
    • Jules will write the lists of thresholds on the bitbucket.
    • Continue discuss on the next call.

  • Conformance and testing and interoperability #1199

    • Taka proposed that to develop a test tool to conform interoperability across multiple implementation.
    • Daniel wrote a testing scripts to check schema, it's already on the README.md on bitbucket.
    • Taka and Joseph will look at the scripts and make sure whether it's enough to test interoperability or should be extended.

  • Security profile

    • Mark and Torsten had a conversation last week
    • At a high level decision, this spec is not a security profile, Torsten will make PR which describes that if users want to use this spec to deal with sensitive data, they should use a security profiles such as FAPI.
    • from recent case in Japan, it is quite important that all of claims are protected through the beginning of its registration to delivery.
    • Torsten will write come comments in privacy consideration on the spec so that implementers can consider those concerns.

  • Any other discussion points

    • New work item over in ISO, a privacy guidelines for fintech services.
    • Tony will get input and take their feedback under the liaison with ISO SC27.
    • Mark have had conversation with OWASP people.
    • They are trying to define how to implement APIs in secure fashion and FAPI profile will help them.
    • This activity might be overlapped with Tony's activities.

PRs & Issues

  • PR #37
    • Achim had made some comment on this.
    • If we can get 2 or 3 people to review and comment on this, or approve by next week, we can close this.
  • PR #38
    • Editorial changes and if we can reviewers we can close as well.

Updated