I’m OK with that in principal BUT took care in that refined draft NOT to use the word ‘conformant’, or any derivative thereof, in connection with the actual implementation of these synch.authrs. So how about something evasive like “Synch.authrs. implemented using the FIDO specification <<name here>>”, by which we make not even the slightest suggestion on KI’s part concerning the implementation’s state of conformity. Replying just to IAWG will kill a bit of traffic J Richard G. WILSHER CEO & Founder, Zygma Inc. www.Zygma.biz +1 714 797 9942 From: Andrew Hughes [mailto:andrewhughes3000@gmail.com] Sent: Sunday, November 10, 2024 17:09 To: Richard G. WILSHER (@Zygma Inc.) Cc: IA WG Subject: Re: [WG-IDAssurance] Re: Draft Notice re. FIDO Passkeys we might want to phrase it something like "Syncable authenticators implemented in conformance with FIDO (specification name here)..." Because "FIDO Passkeys" is not a real thing - that's a marketing name. ———————— Andrew Hughes CISM m +1 250.888.9474 <mailto:AndrewHughes3000@gmail.com> AndrewHughes3000@gmail.com On Sun, Nov 10, 2024 at 9:04 AM Richard G. WILSHER (@Zygma Inc.) <RGW@zygma.biz> wrote: +1 Richard G. WILSHER CEO & Founder, Zygma Inc. www.Zygma.biz +1 714 797 9942 From: Jimmy Jung [mailto:jimmy.jung@slandala.com] Sent: Sunday, November 10, 2024 13:08 To: Carol Buttle; Richard G. WILSHER (@Zygma Inc.) Cc: IA WG Subject: RE: [WG-IDAssurance] Re: Draft Notice re. FIDO Passkeys Correct me if I am wrong, but FIDO (or WebAuthn) is the standard used by apple, Google, MS, etc. I had suggested specifically calling out FIDO. While these seem to be the focus of the NIST supplement, NIST used the generic "synchable authenticators." My concern was, we are opening up a loophole in the criteria, so we may want to be more restrictive. Sent from my Verizon, Samsung Galaxy smartphone -------- Original message -------- From: Carol Buttle <carol@kantarainitiative.org> Date: 11/9/24 8:12 PM (GMT-05:00) To: "Richard G. WILSHER (@Zygma Inc.)" <RGW@zygma.biz> Cc: IA WG <wg-idassurance@kantarainitiative.org> Subject: [WG-IDAssurance] Re: Draft Notice re. FIDO Passkeys Hi Richard, Thanks for this. Are we only talking about FIDO here? Are Apple or Google passkeys should they find their way in anymore assessable? Carol On Sat, Nov 9, 2024 at 12:41 AM Richard G. WILSHER (@Zygma Inc.) <RGW@zygma.biz> wrote: Further to the action Jimmy gave me during yday’s IAWG call, pfa a first draft for comment of the notice which was proposed. It has been back and forth between Jimmy and myself and is improved from yesterday’s hasty effort. The list of applicable criteria is yet to be definitively produced, but I believe that the list is of secondary importance to the body of the notice, hence its early provision. I will follow-up with a further version including the list, but that will be later into next week. Bon weekend a tous, Richard G. WILSHER CEO & Founder, Zygma Inc. www.Zygma.biz +1 714 797 9942 _______________________________________________ A Community Group mailing list of KantaraInitiative.org WG-IDAssurance mailing list -- wg-idassurance@kantarainitiative.org To unsubscribe send an email to staff@kantarainitiative.org List archives -- https://mailman.kantarainitiative.org/hyperkitty/list/wg-idassurance@kantara... ______ Group wiki -- https://kantara.atlassian.net/wiki/spaces/WG-IDAssurance _______________________________________________ A Community Group mailing list of KantaraInitiative.org WG-IDAssurance mailing list -- wg-idassurance@kantarainitiative.org To unsubscribe send an email to staff@kantarainitiative.org List archives -- https://mailman.kantarainitiative.org/hyperkitty/list/wg-idassurance@kantara... ______ Group wiki -- https://kantara.atlassian.net/wiki/spaces/WG-IDAssurance