NSTIC – Assuring ID Services as well as the Technology (W4G)

Session Topic: NSTIC Assuring ID Services as the Technology (W4G)

Convener: Richard Wilsher

'Notes-taker(s): Richard Wilsher

Tags for the session - technology discussed/ideas considered: 

Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:

Seven persons participated, four having close relationship with Kantara/Safe-BIO Pharma, three being ‘newbies’ who came for the learning opportunity. It was observed that historically the use of credentials was B-B – bringing-in consumers could change the landscape. There was only limited take-up for PKI-based systems at Level 4. Real-time Trust-Elevation was considered to be an important feature of gaining assurance. Assurance was taken as being based upon the LoA and related criteria at four distinct Levels of Assurance (of Authentication), although other axes were considered to be likely influencers as well (but not named!).

From a NSTIC perspective, where there was perceived to be a need to have an overall, broad, basis for delivering assurance, IS27001 was postulated as a basis for an over-arching framework for determining assurance across a number of areas, e.g. identity, privacy, …, it being able to accommodate through its risk-based approach, the identification of suitable controls in each of these areas and for the selected LoAs. This was elegantly captured in this scribbling on the white-board, including a reliable time-stamp and geo-ref ;-)