I’m OK with that in principal BUT took care in that refined draft NOT to use the word ‘conformant’, or any derivative thereof, in connection with the actual implementation of these synch.authrs.  So how about something evasive like “Synch.authrs. implemented using the FIDO specification <<name here>>”, by which we make not even the slightest suggestion on KI’s part concerning the implementation’s state of conformity.

Replying just to IAWG will kill a bit of traffic  J

 

Richard G. WILSHER
CEO & Founder,  Zygma Inc.
www.Zygma.biz
+1 714 797 9942

 

From: Andrew Hughes [mailto:andrewhughes3000@gmail.com]
Sent: Sunday, November 10, 2024 17:09
To: Richard G. WILSHER (@Zygma Inc.)
Cc: IA WG
Subject: Re: [WG-IDAssurance] Re: Draft Notice re. FIDO Passkeys

 

we might want to phrase it something like "Syncable authenticators implemented in conformance with FIDO (specification name here)..."

Because "FIDO Passkeys" is not a real thing - that's a marketing name.

————————

Andrew Hughes CISM 
m +1 250.888.9474
AndrewHughes3000@gmail.com 

 

 

On Sun, Nov 10, 2024 at 9:04 AM Richard G. WILSHER (@Zygma Inc.) <RGW@zygma.biz> wrote:

+1

 

Richard G. WILSHER
CEO & Founder,  Zygma Inc.
www.Zygma.biz
+1 714 797 9942

 

From: Jimmy Jung [mailto:jimmy.jung@slandala.com]
Sent: Sunday, November 10, 2024 13:08
To: Carol Buttle; Richard G. WILSHER (@Zygma Inc.)
Cc: IA WG
Subject: RE: [WG-IDAssurance] Re: Draft Notice re. FIDO Passkeys

 

Correct me if I am wrong, but FIDO (or WebAuthn) is the standard used by apple, Google, MS, etc.

 

I had suggested specifically calling out FIDO.  While these seem to be the focus of the NIST supplement, NIST used the generic "synchable authenticators."  My concern was, we are opening up a loophole in the criteria,  so we may want to be more restrictive.

 

 

 

Sent from my Verizon, Samsung Galaxy smartphone

 

 

 

-------- Original message --------

From: Carol Buttle <carol@kantarainitiative.org>

Date: 11/9/24 8:12 PM (GMT-05:00)

To: "Richard G. WILSHER (@Zygma Inc.)" <RGW@zygma.biz>

Subject: [WG-IDAssurance] Re: Draft Notice re. FIDO Passkeys

 

Hi Richard,

 

Thanks for this.

Are we only talking about FIDO here?

Are Apple or Google passkeys should they find their way in anymore assessable?

 

Carol

 

 

On Sat, Nov 9, 2024 at 12:41 AM Richard G. WILSHER (@Zygma Inc.) <RGW@zygma.biz> wrote:

Further to the action Jimmy gave me during yday’s IAWG call, pfa a first draft for comment of the notice which was proposed.

It has been back and forth between Jimmy and myself and is improved from yesterday’s hasty effort.  The list of applicable criteria is yet to be definitively produced, but I believe that the list is of secondary importance to the body of the notice, hence its early provision.

I will follow-up with a further version including the list, but that will be later into next week.

Bon weekend a tous,

 

Richard G. WILSHER
CEO & Founder,  Zygma Inc.
www.Zygma.biz
+1 714 797 9942

 

_______________________________________________
A Community Group mailing list of KantaraInitiative.org
WG-IDAssurance mailing list -- wg-idassurance@kantarainitiative.org
To unsubscribe send an email to staff@kantarainitiative.org
List archives --  https://mailman.kantarainitiative.org/hyperkitty/list/wg-idassurance@kantarainitiative.org/
______
Group wiki -- https://kantara.atlassian.net/wiki/spaces/WG-IDAssurance

_______________________________________________
A Community Group mailing list of KantaraInitiative.org
WG-IDAssurance mailing list -- wg-idassurance@kantarainitiative.org
To unsubscribe send an email to staff@kantarainitiative.org
List archives --  https://mailman.kantarainitiative.org/hyperkitty/list/wg-idassurance@kantarainitiative.org/
______
Group wiki -- https://kantara.atlassian.net/wiki/spaces/WG-IDAssurance