April 20, 2021

Attendees

Co-Leads:

  • Bryn Robinson-Morgan
  • Paco Garcia 

ID2020 PM:

  • Todd Gehrke

Participants:

  • Stew Whitman
  • Dan Bachenheimer
  • Matt Snyder
  • Paul Murdock
  • Rob Haslam
  • John Garratt

Agenda Items

TimeItemWho
2 minWelcome & Antitrust Policy NoticeChair
XY min

Intros from anyone new

TBC
XY min

Review key questions document

TBC

XY min 

Agree recommendations

TBC
3 min

Actions for the next week

Chair 

Presentations -

(PDFs posted)

Notes

  1. Antitrust & Present agenda 

  2. New people (no one)

  3. Interop key questions

    1. What types of identity bindings should be standardized in the Good Health Pass ecosystem?

    2. What IAL is required for the individual’s identity document(s) presented to the health service provider?

    3. What AAL is required to bind the individual’s identity to the identity document(s) presented to the health provider for issuance of a Good Health Pass credential?

    4. What IAL is required for the identity document(s) the individual presents to the verifier of a Good Health Pass credential (e.g., airline, border, school, employer)? 

    5. What AAL is required to bind the individual’s identity to the identity document(s) presented to the verifier?

    6. How should identity binding for paper credentials relate to identity binding for digital credentials?

Stew

We shouldn’t try dictate the levels of assurance. 

Addressing ulian Ranger  4 days ago

@Todd Gehrke Whilst supporting multiple LoA standards is the path of least resistance, all options in standards prejudice interoperability as not all players will (or even can) support all standards.

Unpalatable as it may be I would suggest that we at least recommend one preferred standard, whilst accepting others may be used.  And ideally there is an attempt to map between them - at least for the purposes of health passes if not generically for all identity use cases.

Jim StClair  12:56 PM

@Todd Gehrke sorry I missed today's meeting and I'll aim to participate next time. Discussion of LoA is interesting, based on what I have discussed around patient identity with ONC (Office of the Natl Coordinator, HHS). ONC is considering LOA as low as "1.5" as potentially being acceptable given socio-demographic challenges for IdP. This may need to be a consideration for equitable credentialing. Also, while I don't have firm answer on this yet, consideration must be given to the level of LOA /IdP possible in obtaining the vax information for the credential from the IIS - that's a "known unknown"

Bryn, Stew, Paco

We don’t think dictating a particular identity standard will work in an international forum. Agree that we need to factor in scenarios where no identity level of assurance is present.

Biometric binding.

iProov is trialing with care homes the biometric binding, completely paperless, just based on biometric authentication.


Certification / Testing of the LoA frameworks. 

Do I need Identity Assurance Level 2 to be a good health pass?

Maybe it is binary, certified or not?

Can we start off with something more simple such as self assurance 

Action Items

  1. WG to contribute to the ID binding recommendations document by this Friday for draft to be shared among the rest of the working groups.