iTC Meeting Minutes 2020 05 21 - biometricITC/cPP-biometrics GitHub Wiki

Agenda:

https://github.com/biometricITC/cPP-biometrics/wiki/iTC-Meeting-Agenda-2020-05-21

Call started at 10:00 am EDT

Attendees

  • Brian Wood
  • Naruki Kai
  • Clare Olin
  • Liz Louis
  • Malaysia scheme? (Not sure, not one spoke, name wasn't clear from meeting)

Record of Decisions

  • None

Action Items

  • Brian will send out an email asking for volunteers for the BIT, followed by a vote on approval
  • Brian will update the voting document to note that the iTC vote will be done offline and provide some info about that

Minutes The call started with a quick review of the Task List.

Brian then showed the uploaded docs (and noted there should be a link to the GitHub release) and noted that NIAP has returned and will update the CC Portal when they get through their backlog. He also noted that he had posted an issue for the MDFPP in GitHub about integrating with the PP-Module.

The next topic was a review of the changes to the proposed IT documents. There was a brief look at the membership document. Brian volunteered to be the chair of the BIT. He mentioned that there still needs to be a deputy and preferably a secretary. Since not everyone from the previous call was online, he said he would send out an email asking to volunteer officially for the BIT and then would send a vote request on the membership (or some sort of approval). Naruki noted that a scheme member should probably not hold any "officer" positions. Brian thought we could handle that for now without any problems, but the docs could be updated to reflect that.

The changes based on the last call for the changes to membership (to allow for scheme members without any implied scheme approval of the TDs) was reviewed along with an updated vote document. Based on a question about how to record the vote by the iTC, Brian will add some text about needing to record the vote by some external process (email, survey, etc).

Brian then reviewed the changes he had made to the repositories after publishing v1.0. This covered moving the public review docs to a new repository, moving files around, deleting old files and closing old issues.

Naruki presented that he had published the initial version of the Vein toolbox for review and requested it be looked at.

A question was asked about whether the toolboxes were "normal" or if this should be in the SD. Brian explained that the purpose was to allow for a generally static SD and potentially dynamic PAD toolboxes so the SD did not need to be updated every time a new PAD test was created. The idea is to require the use of the latest PAD toolbox for the testing, so they can be revised independently of the SD.

Naruki then asked about how we would revise them and would this require approvals for changes. Brian explained that until v1.0 went out, the approvals would be as they are now, but that once they get to v1.0, the approvals should become the same as the BIT process (at least that is what seemed likely to handle an in-eval question) as well as the normal approvals for any updates. But this wouldn't be configured until they are published.

Naruki also asked how updates to the SD should be made if he finds problems while updating the toolboxes. Brian explained that the changes should go through the IT process and that a TD would be made against v1.0. This would be acceptable as the process for the IT should be acceptable and it would be followed for these updates.

The last topic Brian brought up was for the next steps for the iTC. It was agreed that at the moment we do not need more toolboxes, they should be created based on demand (not counting the fingerprint toolbox from NIAP).

Brian then asked about working on new Use Cases. The main thought had been to move on to Use Case 2 for the EAL2 requirements as had been initially proposed. The consensus of the group though was that there currently is no demand for these additional use cases, and that there may not be until after some devices have been evaluated. When asked about when we think this would happen, Brian responded that it seemed at best next spring, assuming NIAP will modify the MDFPP V3.3 to work with the PP-Module, otherwise it would likely be next fall at the earliest.

Brian brought up looking into creating a shell PP (as had been discussed late last summer) that could be used to provide a standalone eval of the biometrics system, but there wasn't any real interest in this either.

The current plan then, aside from completing the BIT stand-up, is to focus on completing the toolboxes so they are published at v1.0 in July (for the face, eye and vein).

The call ended at 10:59am EDT.