Background to Comments
1. Early in 2016, the Health Information and Management System (HIMSS) issued a "Patient Protal Identity Proofing adn Authentication" guidance document that recognizes the emerging use of two-way live audio/video communications for remote notarization under Virginia law (to fulfill the "personnel appearance" requirement of a signer before a notary) and growing interest in the use for tele-medicine. In the document, HIMSS recommends the use of "Identity proofing using video calling" as a means of satisfying the in-person proofing requirement.
2. The draft NIST 800-63A "Digital Authentication Guideline" includes authorization for "virtual in-person proofing" (i.e. identity proofing conducted by humans through live audio/video communications).
3. On June 9, 2016, Freddie Mac and Fannie Mae, with the approval of the Federal Housing Finance Authority, issued a public statement of support for notarizations performed in accordance with the Virginia remote notarization law, which includes procedures for online authentication of signers - "The GSEs support the recognition of electronic notarizations, including interstate notarizations accomplished by audio/video means by out-of-state notaries, provided the notary is acting in accordance with legal requirements for the state in which they were licensed to perform the notarial acts."
Recommendations
4. For purposes of setting minimum standards for identity proofing and issuance of credentials/tokens/authenticators, continue to use levels of assurance as defined in the latest approved NIST 800-63 document series. This will be especially important to both identity providers and relying parties in the commercial sector.
5. On pages 21 and 22 under discussions of Level of Assurance 2, 3, and 4, add references to "virtual in-person proofing" as an approved method consistent with draft 800-63A.
6. On page 15, add a definition of "virtual in-person proofing" perhaps based on section 5.4.3 of draft 800-63A.
7. On page 12, add a definition of "remote network identity proofing." This could be modeled after language contained in NIST 800-63 series documents.
Thank you for your consideration.