Skip to Content.
Sympa Menu

assurance - Re: [Assurance] Remote proofing feedback from Big Ten auditors

Subject: Assurance

List archive

Re: [Assurance] Remote proofing feedback from Big Ten auditors


Chronological Thread 
  • From: "William G. Thompson, Jr." <>
  • To:
  • Subject: Re: [Assurance] Remote proofing feedback from Big Ten auditors
  • Date: Thu, 9 Aug 2012 10:25:53 -0400

On Tue, Aug 7, 2012 at 9:58 AM, Roy, Nicholas S <> wrote:

I got some feedback from the Big Ten auditors – three responses from three different schools.  A summary of the comments is posted as a comment on the remote proofing wiki (https://spaces.internet2.edu/display/InCAssurance/Remote-Proofing+Approaches) and also below:

 

1) The notary approach might work

2) They don't like the video approach, but did not give specific reasons why

3) They think the eVerify process used for I9 stuff in HR processes is good enough to use for proofing (not remote, really, but OK I think this is good news for existing relationship stuff)

4) Quote:

"I don't know how InCommon relates to NIST 800-63, but 800-63 seems clearer.  It says that remote proofing for Level 2 or 3 requires validation of the gov't ID and/or financial acct, plus address validation.  The latter is not a substitute for the former."

To me that says if you take this to be 800-63 rules, then you also need to validate the ID at LoA2/Silver.  But then again, "Silver is not 800-63 level 2, Silver is Silver."



http://www.idmanagement.gov/pages.cfm/page/ICAM-TrustFramework-Provider states, "If approved by ICAM, credentials issued by Identity Providers who are assessed against these Approved Trust Frameworks by their respective Trust Framework Provider (TFP) can be trusted and used by federal Relying Parties (RPs) at a known level of assurance (LOA) comparable to one of the four OMB Levels of Assurance."

Then goes on to list "Bronze (LOA1) and Silver (LOA2)".

So "comparable" but "not the same"?

Bill


 

 

Best,

 

Nick

 





Archive powered by MHonArc 2.6.16.

Top of Page