2021-04-13 Identity Binding Drafting Group Meeting Notes

Owned by Todd Gehrke
Last updated: Apr 13, 2021
2 min read

Attendees

Co-Leads:

  • Bryn Robinson-Morgan (Mastercard)
  • Paco Garcia (Yoti)

ID2020 PM:

  • Todd Gehrke

Participants: 

  • Stew Whitman
  • Yoav Schlesinger
  • Dan Bachenheimer
  • John Garratt
  • Scott Perry
  • Kaliya
  • Sid Mishra
  • Sara Facchinetti
  • Paul Murdock (Observer)

Agenda Items

TimeItemWho
2 min

Anti-Trust Policy and Recording reminder given

Chair
5 min

Introductions: (New participants (if any) only 

Chair
15 min

Key questions document: Contributors to share thoughts 

All

20 min Key requirements: Agree 3 key requirements, and 30/60/180 day milestones for eachAll
15 minRecommended solutions: Agree 3 actionable recommendations, and 30/60/180 day milestones for each Chair 
3Wrap UpChair

Presentations -

(PDFs posted)

Notes

1. Welcome and Linux Foundation antitrust policy

Google Drive Share for Identity Binding https://drive.google.com/drive/folders/1LFF5ipUmE1moxjc9pzndMdyBlit-bm0e


Key Question on Identity Assurance Levels - What standard should we use?

  1. What are GHP compliant ecosystems?  From an identity binding standpoint there will be different levels, we cannot dictate across the ecosystem.  
  2. What would be compliant in various different scenarios?
  3. What are the standards of data reported in the credential?
  4. If there is no identity binding data in the credential, should the recommendation be that the verifier treats it at the lowest level? (Self-Asserted)
  5. Should we provide a mapping across recognized schemes?  NIST, PCTF, TDIF, eIDAS, UK GPG, ISO/IEC 2476


  1. [Scott] Need to be inclusive but maintain a guidance for a LOA that represents the different standards
    1. Starts with the fact that there are different LOA
  2. [Paco] We should recommend the risk levels that should be accepted.
  3. [Stew] We should decide quickly id theis is data or policy standardization. How can we encapsulate the IAL standards. Recommends we go toward data standards rather than recommending a spacific technical standard.
    1. Propose we look at the facts and report what was done, could be null or NIST or ISO. . . It is up to the verifier how they want to handle that.
    2. We shouldn’t be pushing policy, we should be defining the data.
  4. [Kayila] This group is the identity binding, we need to define the standard for recording LOA and send someone to the data structure group and recommend they include the information.
  5. [Bryn] We need to consider binding across all three zones. 
    1. We have a clear direction from steerco to focus on international travel.
  • Next steps

Everyone should contribute to the documents:       

Action Items

  1. Action: Todd to circulate the links to the key documents to the DG and the task for this week to review the content that exists in the draft paper https://docs.google.com/document/d/1Gf9XjOS4lmb3Hs80ITqgtoYaJnXxGasMNCnIrHoQN1I/edit# and fill the gaps that exist in requirements and recommendations.

  2. Action: Ensure we identify the interaction with the credential definition WG - the level of assurance should be included with the credential.

  3. Action: Discuss with rules engine WG how different LoAs can be translated by the Verifier