I don't understand the wording of e.g. 63B#1290-1320 - specifically these criteria refer to things like "enforce a rate-limiting mechanism" for MF cryptographic software authenticators. Where the proposed criterion talks about "where authenticators that allow the cloning of the secret key..." 

But the whole problem with syncable authenticators is that that kind of control is not observable from the CSP viewpoint and is outside of the control of the CSP. 
It has nothing to do with syncable passkeys - it has to do with authenticator settings that the CSP has no info/control over.
————————
Andrew Hughes CISM 
m +1 250.888.9474
AndrewHughes3000@gmail.com 



On Wed, Oct 16, 2024 at 12:20 PM Richard G. WILSHER (@Zygma Inc.) <RGW@zygma.biz> wrote:

Jimmy and I got a little out of step (my tardiness!) and I didn’t get some further thoughts to him in time, so I attach a possible further iteration of these criteria.  I think we’re homing-in on a consensus position.


One thing I want to stress independently is the idea of having a ‘FIDO Passkey Profile’.  We’ve talked about profiles in the past and defined a basic structure and rules for them.  Both Jimmy and I are concerned about the “FIDO-ness” of these proposed changes and the fact that we’re really employing euphemisms for passkeys and abrading the notion of being technology agnostic in our criteria.  Having a profile would separate the FIDO-ness from the principles of the base criteria – a separate SAC would be produced which CSPs /Agencies would elect to employ and the specific provisions of the profile would overlay the baseline 63B criterion.  In other words, the 63B_SAC need not change.

If this notion gains support I’m happy to draft a 63B­_FIDO_SAC for the IAWG’s consideration.  I reckon this is the way to go.
Until tomorrow, …

 

Richard G. WILSHER
CEO & Founder,  Zygma Inc.
www.Zygma.biz
+1 714 797 9942

 

From: Jimmy Jung [mailto:jimmy.jung@slandala.com]
Sent: Wednesday, October 16, 2024 01:28
To: Amanda Gay; wg-idassurance@kantarainitiative.org
Subject: [WG-IDAssurance] Re: Invitation and Agenda - IAWG - 17 October 2024

 

Amanda, folks,

 

Attached please find a cleaner updated version.  Again, selecting in column Q shows the related criteria, with actual changes in RED font. 

 

From: Amanda Gay <amanda@kantarainitiative.org>
Sent: Tuesday, October 15, 2024 3:38 PM
To: wg-idassurance@kantarainitiative.org
Subject: [WG-IDAssurance] Invitation and Agenda - IAWG - 17 October 2024

 

Dear IAWG Members:

Please join us Thursday, October 12th, 12PM ET for our next IAWG meeting.

The proposed agenda and Zoom details are below. 

Date and Time

·  Date: Thursday, 2024-10-17

·  Time: 9:00 PT | 12:00 ET (time zone calculator)

o Please join the meeting from your computer, tablet or smartphone: https://zoom.us/j/93167965850?pwd=dldoT0hYK1k4MkVGYkQ3TkNqdG1Idz09 

o Meeting ID: 931 6796 5850

o Passcode: 884696

o You can also dial in using your phone. Find your local number: https://zoom.us/u/aeg9vt8LSr

o Need to add IAWG meetings to your calendar? Do so here!

DRAFT 10.17.2024

1. Administration:

o    Roll call, determination of quorum.  

o    Minutes approval 

§  2024.10.10 Minutes DRAFT

§  2024.10.03 Minutes DRAFT 

§  2024.09.26 Minutes DRAFT

§  2024.09.19 Minutes DRAFT

§  2024.09.05 Minutes DRAFT

o    Kantara Updates

§  DEIA Survey Open to Responses

o    Assurance Updates

2.            IAWG Actions/Reminders/Updates:

3.            ISO 17065 Discussion Items

4.            Group Discussion:  

    • Proposed syncable authenticator criteria from Richard/Jimmy (Found in Meeting Materials on IAWG Wiki and attached).
      • Review any comments/continued discussion

--

Amanda Gay | Administrative Coordinator

 

Twitter:    @KantaraNews

LinkedIn:  @KantaraInitiative

 

*Please take a few minutes to complete the third annual DEIA survey!*

 

_______________________________________________
A Community Group mailing list of KantaraInitiative.org
WG-IDAssurance mailing list -- wg-idassurance@kantarainitiative.org
To unsubscribe send an email to staff@kantarainitiative.org
List archives --  https://mailman.kantarainitiative.org/hyperkitty/list/wg-idassurance@kantarainitiative.org/
______
Group wiki -- https://kantara.atlassian.net/wiki/spaces/WG-IDAssurance