...
...
...
...
...
...
...
April 20, 2021
Attendees
Co-Leads:
- Bryn Robinson-Morgan
- Paco Garcia
ID2020 PM:
- Todd Gehrke
Participants:
- Stew Whitman
- Dan Bachenheimer
- Matt Snyder
- Paul Murdock
- Rob Haslam
- John Garratt
Agenda Items
Time | Item | Who |
---|---|---|
2 min | Welcome & Antitrust Policy Notice | Chair |
XY minTopic A | Intros from anyone new | TBC |
XY minTopic B | Review key questions document | TBC |
XY min | Topic C Agree recommendations | TBC |
3 minWrap up | Actions for the next week | Chair |
Presentations -
(PDFs posted)
Recording - Link
Notes
1. Welcome and Linux Foundation antitrust policy
2. Topic A
3. Topic B
4. Topic C
5. Wrap up
- Next steps
Action Items
...
Antitrust & Present agenda
New people (no one)
Interop key questions
What types of identity bindings should be standardized in the Good Health Pass ecosystem?
What IAL is required for the individual’s identity document(s) presented to the health service provider?
What AAL is required to bind the individual’s identity to the identity document(s) presented to the health provider for issuance of a Good Health Pass credential?
What IAL is required for the identity document(s) the individual presents to the verifier of a Good Health Pass credential (e.g., airline, border, school, employer)?
What AAL is required to bind the individual’s identity to the identity document(s) presented to the verifier?
How should identity binding for paper credentials relate to identity binding for digital credentials?
Stew
We shouldn’t try dictate the levels of assurance.
Addressing ulian Ranger 4 days ago
@Todd Gehrke Whilst supporting multiple LoA standards is the path of least resistance, all options in standards prejudice interoperability as not all players will (or even can) support all standards.
Unpalatable as it may be I would suggest that we at least recommend one preferred standard, whilst accepting others may be used. And ideally there is an attempt to map between them - at least for the purposes of health passes if not generically for all identity use cases.
Jim StClair 12:56 PM
@Todd Gehrke sorry I missed today's meeting and I'll aim to participate next time. Discussion of LoA is interesting, based on what I have discussed around patient identity with ONC (Office of the Natl Coordinator, HHS). ONC is considering LOA as low as "1.5" as potentially being acceptable given socio-demographic challenges for IdP. This may need to be a consideration for equitable credentialing. Also, while I don't have firm answer on this yet, consideration must be given to the level of LOA /IdP possible in obtaining the vax information for the credential from the IIS - that's a "known unknown"
Bryn, Stew, Paco
We don’t think dictating a particular identity standard will work in an international forum. Agree that we need to factor in scenarios where no identity level of assurance is present.
Biometric binding.
iProov is trialing with care homes the biometric binding, completely paperless, just based on biometric authentication.
Certification / Testing of the LoA frameworks.
Do I need Identity Assurance Level 2 to be a good health pass?
Maybe it is binary, certified or not?
Can we start off with something more simple such as self assurance
Action Items
WG to contribute to the ID binding recommendations document by this Friday for draft to be shared among the rest of the working groups.