[GNSO-Accuracy-ST] Proposed Agenda - Registration Data Accuracy Scoping Team Meeting #1 - Tuesday 5 October at 14.00 UTC

Steve Crocker steve at shinkuro.com
Tue Oct 5 13:13:48 UTC 2021 

Michael,

Thanks for your note.  See inline below.

Steve


On Mon, Oct 4, 2021 at 10:28 PM Michael Palage <michael at palage.com> wrote:

> Steve,
>
>
>
> First thanks for completing the survey and getting a head start on some of
> our future work – you get the Chair’s first Gold Star for Working Group
> Participation😊
>
>
>
> One of the questions I would like to pose to you, Jeff and the rest of
> your SSAC colleagues is the following. SAC 058 was written in 2013 - over 8
> years ago. Since that time there has been a substantial amount of work done
> internationally on identity/accuracy proofing standards. Has SSAC ever
> revised a previously published SAC document to make sure that it is still
> up to date with current international and industry best practices?
>

I perceive two questions.  One is a general SSAC process question, viz "has
SSAC ever revised [any] previously published SAC document..."  The other is
a specific question, "has SSAC [considered revising SAC 058]?"  I've
cc'd SSAC chair Rod Rasmussen and vice chair Julie Hammer for their
consideration of both questions.

>
>
> Specifically, I would like to address your validation levels V0, V1, V2,
> and V3.  Under older NIST Guidelines (Version 1.0.2. -2011) I believe there
> were 4 recognized assurance levels. However, under the current NIST SP
> 800-63a Digital Identity Guidelines (
> https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-63a.pdf)
> there are now 3 Identity Assurance Levels (IAL) NOT 4.  These three
> assurance levels also align with the levels in the current EU eIDAS
> Regulation (2016) (low, substantial and high), see
> https://ec.europa.eu/cefdigital/wiki/display/CEFDIGITAL/eIDAS+Levels+of+assurance
>

Thank you for referencing these documents.  I've taken a quick look and
written the short attached memo.  In brief, the SSAC scale is applicable on
a per data element basis.  The NIST and EU scales appear to be holistic.
The SSAC scale is a bit more specific regarding the operational test.  The
high rating in the SSAC scale appears to me not to distinguish between the
two higher ratings in the NIST and EU scales.  See the attached memo for
slightly more detail.

>
>
> So please keep up the excellent work and I look forward to hearing any
> additional feedback from you and Jeff.
>
>
>
> Best regards,
>
>
>
> Michael
>
>
>
>
>
> *From:* GNSO-Accuracy-ST <gnso-accuracy-st-bounces at icann.org> *On Behalf
> Of *Steve Crocker
> *Sent:* Monday, October 4, 2021 9:23 PM
> *To:* gnso-accuracy-st at icann.org
> *Subject:* Re: [GNSO-Accuracy-ST] Proposed Agenda - Registration Data
> Accuracy Scoping Team Meeting #1 - Tuesday 5 October at 14.00 UTC
>
>
>
> Folks,
>
>
>
> Attached is a rough attempt at capturing the validation requirements
> listed in the first few pages of assignment 1.  The validation settings are
> in the column labeled VAL.  The settings V0, V1, V2 and V3 align with the
> definitions in SAC 058, which are repeated on the first page of assignment
> 2.  V0 indicates no validation, i.e. accept whatever the registrant
> supplies.  V1 indicates syntactic validation, V2 indicates operational
> validation, and V3 indicates identity validation.
>
>
>
> The COLL column indicates whether the data element is required (Collect),
> optional (Optional), or left up to the registrar (Any).  The SENS column
> indicates the sensitivity of the data element.  S0 indicates "public."  In
> other cases, the degree of sensitivity or a range of possible sensitivity
> settings is indicated.  (There is more to explain about this part of the
> system, but the focus of this message is only to capture the accuracy
> requirement.)
>
>
>
> The STORE column indicates whether ICANN stores the data element.  Since
> ICANN does require escrow of data, it can be argued these data elements
> should be set to STORE.  As with the sensitivity settings, this is subject
> to further discussion but is outside the scope of this message.)
>
>
>
> Are the validation settings shown here an accurate expression of the
> policy and contractual requirements?
>
>
>
> Regarding the meeting tomorrow, I have a conflict after 30 minutes.  Going
> forward, this time slot will generally be ok for me, although the conflict
> I have tomorrow may occur every three months.  I'm also open to other time
> slots.
>
>
>
> Thanks,
>
>
>
> Steve
>
>
>
>
>
>
>
> On Mon, Oct 4, 2021 at 9:57 AM Marika Konings <marika.konings at icann.org>
> wrote:
>
> Dear All,
>
>
>
> Please find below the proposed agenda for the first meeting of the
> Registration Data Accuracy Scoping Team.
>
>
>
> Best regards,
>
>
>
> Caitlin, Berry and Marika
>
>
>
>
>
> *Registration Data Accuracy Scoping Team – Meeting #1*
>
> Tuesday 5 October at 14.00 UTC
>
>
>
>    1. Welcome and introductions (30 minutes)
>
>
>    1. Each team member to introduce themselves and share objectives for
>       this effort (results of survey to be shared in advance of the meeting)
>       2. Consider how objectives align and how obstacles can be avoided.
>
>
>    1. Required documents for review by Scoping Team (10 minutes)
>
>
>    1. Council instructions and assignments (see
>       https://community.icann.org/x/QoFaCg)
>       2. Index of relevant resources (see
>       https://community.icann.org/x/SoFaCg)
>       3. Assignment Background briefings:
>
> ·       Assignment #1 -
> https://docs.google.com/document/d/16mFQkzM4tTj84736J-tlZ8T7tFeiFwfx/edit
>
> ·       Assignment #2 -
> https://docs.google.com/document/d/1OyzzAjZgvNkfZ5EekUvJ7PQg80vNZvJ3/edit
>
> ·       Assignment #3 -
> https://docs.google.com/document/d/1NiwMk6qHOQRn7VdcW0Paj5OoC3tWAQpm/edit
>
> ·       Assignment #4 -
> https://docs.google.com/document/d/1Z8t-uH4gRqXytHOGnIkZ2qMSJctgR_kD/edit
>
>    1. Discuss proposed next steps (15 minutes)
>
>
>    1. Diversity and inclusiveness
>       2. Meeting frequency / timing: proposal is to start with weekly
>       plenary sessions to go through background briefings and develop work plan.
>       Following that, try agile approach and have small teams make progress on
>       work items.
>       3. All team members are expected to have reviewed the items under
>       #2 by the next meeting.
>       4. All team members to provide input on the questions identified in
>       assignment background briefing #1 - 4 by the next meeting – walk through of
>       assignment background briefings and related questions will commence during
>       next week’s meeting.
>
>
>    1. Confirm action items & next meeting (Tuesday 12 October at 14.00
>    UTC)
>
>
>
> _______________________________________________
> GNSO-Accuracy-ST mailing list
> GNSO-Accuracy-ST at icann.org
> https://mm.icann.org/mailman/listinfo/gnso-accuracy-st
>
> _______________________________________________
> By submitting your personal data, you consent to the processing of your
> personal data for purposes of subscribing to this mailing list accordance
> with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and
> the website Terms of Service (https://www.icann.org/privacy/tos). You can
> visit the Mailman link above to change your membership status or
> configuration, including unsubscribing, setting digest-style delivery or
> disabling delivery altogether (e.g., for a vacation), and so on.
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mm.icann.org/pipermail/gnso-accuracy-st/attachments/20211005/883a78ad/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Comparison of SAC 058.docx
Type: application/vnd.openxmlformats-officedocument.wordprocessingml.document
Size: 23916 bytes
Desc: not available
URL: <https://mm.icann.org/pipermail/gnso-accuracy-st/attachments/20211005/883a78ad/ComparisonofSAC058-0001.docx>

More information about the GNSO-Accuracy-ST mailing list