[GNSO-Accuracy-ST] Proposed Agenda - Registration Data Accuracy Scoping Team Meeting #1 - Tuesday 5 October at 14.00 UTC

Sat Oct 9 01:41:27 UTC 2021

Michael,

Here are answers to the two questions Steve has pulled out of your query.

1) Yes, the SSAC has released revisions to several documents.  These are usually within a short period of time after initial publication of the first version of the document and could be to correct minor issues with the document or to update the document to capture  any changes in the SSAC’s thinking based on feedback received from the community post-publication that brings to light new facts or more appropriate ways to direct recommendations.  It is fairly rare, but not unprecedented.

2) No, we have not considered updating SAC058.  We completed a fairly comprehensive look at our prior advice within the last two years and put anything we thought may need updating on a list of potential future work.  In such cases, we would issue new advice rather than reach several years back in time to update an older document.  That new work would supplant earlier work.  SAC058 is not on that list, but certainly, if work done by your group or elsewhere were to substantially change the landscape in that topic area, we’d look to release a fresh advisory.

Cheers,

Rod

> On Oct 5, 2021, at 6:13 AM, Steve Crocker <steve at shinkuro.com> wrote:
> 
> Michael,
> 
> Thanks for your note.  See inline below.
> 
> Steve
> 
> 
> On Mon, Oct 4, 2021 at 10:28 PM Michael Palage <michael at palage.com <mailto:michael at palage.com>> wrote:
> Steve,
> 
> 
> 
> First thanks for completing the survey and getting a head start on some of our future work – you get the Chair’s first Gold Star for Working Group Participation😊
> 
> 
> 
> One of the questions I would like to pose to you, Jeff and the rest of your SSAC colleagues is the following. SAC 058 was written in 2013 - over 8 years ago. Since that time there has been a substantial amount of work done internationally on identity/accuracy proofing standards. Has SSAC ever revised a previously published SAC document to make sure that it is still up to date with current international and industry best practices?
> 
> 
> I perceive two questions.  One is a general SSAC process question, viz "has SSAC ever revised [any] previously published SAC document..."  The other is a specific question, "has SSAC [considered revising SAC 058]?"  I've cc'd SSAC chair Rod Rasmussen and vice chair Julie Hammer for their consideration of both questions.
> 
> 
> Specifically, I would like to address your validation levels V0, V1, V2, and V3.  Under older NIST Guidelines (Version 1.0.2. -2011) I believe there were 4 recognized assurance levels. However, under the current NIST SP 800-63a Digital Identity Guidelines (https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-63a.pdf <https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-63a.pdf>) there are now 3 Identity Assurance Levels (IAL) NOT 4.  These three assurance levels also align with the levels in the current EU eIDAS Regulation (2016) (low, substantial and high), see https://ec.europa.eu/cefdigital/wiki/display/CEFDIGITAL/eIDAS+Levels+of+assurance <https://ec.europa.eu/cefdigital/wiki/display/CEFDIGITAL/eIDAS+Levels+of+assurance>
> 
> Thank you for referencing these documents.  I've taken a quick look and written the short attached memo.  In brief, the SSAC scale is applicable on a per data element basis.  The NIST and EU scales appear to be holistic.  The SSAC scale is a bit more specific regarding the operational test.  The high rating in the SSAC scale appears to me not to distinguish between the two higher ratings in the NIST and EU scales.  See the attached memo for slightly more detail.
> 
> 
> So please keep up the excellent work and I look forward to hearing any additional feedback from you and Jeff.
> 
> 
> 
> Best regards,
> 
> 
> 
> Michael
> 
> 
> 
> 
> 
> From: GNSO-Accuracy-ST <gnso-accuracy-st-bounces at icann.org <mailto:gnso-accuracy-st-bounces at icann.org>> On Behalf Of Steve Crocker
> Sent: Monday, October 4, 2021 9:23 PM
> To: gnso-accuracy-st at icann.org <mailto:gnso-accuracy-st at icann.org>
> Subject: Re: [GNSO-Accuracy-ST] Proposed Agenda - Registration Data Accuracy Scoping Team Meeting #1 - Tuesday 5 October at 14.00 UTC
> 
> 
> 
> Folks,
> 
> 
> 
> Attached is a rough attempt at capturing the validation requirements listed in the first few pages of assignment 1.  The validation settings are in the column labeled VAL.  The settings V0, V1, V2 and V3 align with the definitions in SAC 058, which are repeated on the first page of assignment 2.  V0 indicates no validation, i.e. accept whatever the registrant supplies.  V1 indicates syntactic validation, V2 indicates operational validation, and V3 indicates identity validation.
> 
> 
> 
> The COLL column indicates whether the data element is required (Collect), optional (Optional), or left up to the registrar (Any).  The SENS column indicates the sensitivity of the data element.  S0 indicates "public."  In other cases, the degree of sensitivity or a range of possible sensitivity settings is indicated.  (There is more to explain about this part of the system, but the focus of this message is only to capture the accuracy requirement.)
> 
> 
> 
> The STORE column indicates whether ICANN stores the data element.  Since ICANN does require escrow of data, it can be argued these data elements should be set to STORE.  As with the sensitivity settings, this is subject to further discussion but is outside the scope of this message.)
> 
> 
> 
> Are the validation settings shown here an accurate expression of the policy and contractual requirements?
> 
> 
> 
> Regarding the meeting tomorrow, I have a conflict after 30 minutes.  Going forward, this time slot will generally be ok for me, although the conflict I have tomorrow may occur every three months.  I'm also open to other time slots.
> 
> 
> 
> Thanks,
> 
> 
> 
> Steve
> 
> 
> 
> 
> 
> 
> 
> On Mon, Oct 4, 2021 at 9:57 AM Marika Konings <marika.konings at icann.org <mailto:marika.konings at icann.org>> wrote:
> 
> Dear All,
> 
> 
> 
> Please find below the proposed agenda for the first meeting of the Registration Data Accuracy Scoping Team.
> 
> 
> 
> Best regards,
> 
> 
> 
> Caitlin, Berry and Marika
> 
> 
> 
> 
> 
> Registration Data Accuracy Scoping Team – Meeting #1
> 
> Tuesday 5 October at 14.00 UTC
> 
> 
> 
> Welcome and introductions (30 minutes)
> Each team member to introduce themselves and share objectives for this effort (results of survey to be shared in advance of the meeting)
> Consider how objectives align and how obstacles can be avoided.
> Required documents for review by Scoping Team (10 minutes)
> Council instructions and assignments (see https://community.icann.org/x/QoFaCg <https://community.icann.org/x/QoFaCg>)
> Index of relevant resources (see https://community.icann.org/x/SoFaCg <https://community.icann.org/x/SoFaCg>)
> Assignment Background briefings:
> ·       Assignment #1 - https://docs.google.com/document/d/16mFQkzM4tTj84736J-tlZ8T7tFeiFwfx/edit <https://docs.google.com/document/d/16mFQkzM4tTj84736J-tlZ8T7tFeiFwfx/edit>
> ·       Assignment #2 - https://docs.google.com/document/d/1OyzzAjZgvNkfZ5EekUvJ7PQg80vNZvJ3/edit <https://docs.google.com/document/d/1OyzzAjZgvNkfZ5EekUvJ7PQg80vNZvJ3/edit>
> ·       Assignment #3 - https://docs.google.com/document/d/1NiwMk6qHOQRn7VdcW0Paj5OoC3tWAQpm/edit <https://docs.google.com/document/d/1NiwMk6qHOQRn7VdcW0Paj5OoC3tWAQpm/edit>
> ·       Assignment #4 - https://docs.google.com/document/d/1Z8t-uH4gRqXytHOGnIkZ2qMSJctgR_kD/edit <https://docs.google.com/document/d/1Z8t-uH4gRqXytHOGnIkZ2qMSJctgR_kD/edit>
> Discuss proposed next steps (15 minutes)
> Diversity and inclusiveness
> Meeting frequency / timing: proposal is to start with weekly plenary sessions to go through background briefings and develop work plan. Following that, try agile approach and have small teams make progress on work items.
> All team members are expected to have reviewed the items under #2 by the next meeting.
> All team members to provide input on the questions identified in assignment background briefing #1 - 4 by the next meeting – walk through of assignment background briefings and related questions will commence during next week’s meeting.
> Confirm action items & next meeting (Tuesday 12 October at 14.00 UTC)
> 
> 
> _______________________________________________
> GNSO-Accuracy-ST mailing list
> GNSO-Accuracy-ST at icann.org <mailto:GNSO-Accuracy-ST at icann.org>
> https://mm.icann.org/mailman/listinfo/gnso-accuracy-st <https://mm.icann.org/mailman/listinfo/gnso-accuracy-st>
> 
> _______________________________________________
> By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy <https://www.icann.org/privacy/policy>) and the website Terms of Service (https://www.icann.org/privacy/tos <https://www.icann.org/privacy/tos>). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
> 
> <Comparison of SAC 058.docx>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mm.icann.org/pipermail/gnso-accuracy-st/attachments/20211008/8093e18b/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 235 bytes
Desc: Message signed with OpenPGP
URL: <https://mm.icann.org/pipermail/gnso-accuracy-st/attachments/20211008/8093e18b/signature-0001.asc>