- Prepared and approved a draft report entitled Healthcare Design Guidelines which is currently undergoing approval by Leadership Council.
We are pleased to inform the Board of the successful creation of the Information Sharing Interoperability Work Group (ISI WG), continuing and expanding on the work previously accomplished in the Consent Information & Sharing Work Group.
The Group successfully archived the Consent Information & Sharing Work Group (CIS WG). ISI WG is expanding new concepts and information flows towards record-keeping control and management for both the service provider side and the individual side of information sharing between two or more entities.
ISI WG has organized into several project teams, working on specific solutions to accomplish expanded goals. The WG has taken the current Consent Receipt (CR) specification version 1.1 and will be developing and clarifying fields and field definitions aligning them with other standards, which have emerged since the CIS WG inception.
The project teams are working around specifications for Notice and Consent, the manifestation of consent using standard definitions and labels. Information sharing through two mechanisms, profiles individuals create and use to proffer the information to others called Standard Information Sharing Agreements. Intent Casting, whereby individuals can infer an intent for suppliers to quote a value exchange, often referred to as a deal or trade. These two projects and the output specifications created contribute to the concept of a Personal Data Use Records (PDR) framework.
The PDR Framework publication will be contributed through Kantara's official liaison agreement with ISO SC 17/WG 5 "Identity management, privacy technologies and biometrics" into the new ISO 27560 standards project "Consent Record Information Structure" which will be led by Kantara members.
ISI WG continues our outreach and awareness efforts at industry events and conferences. Following on our success at Identiverse 2019, we have secured a masterclass session at Identiverse 2020 in June where we will showcase progress in the specification publications and implementations by members.
The FIRE WG has continued to meet and is collaborating with the HIAWG and IAWG. Recent work has focused on health care use cases aligned with the activities of the Office of the National Coordinator (ONC) and the Trust Exchange Framework Common Agreement (TEFCA). In particular the FIRE WG has established a set of draft requirements https://wiki.idesg.org/wiki/index.php/High_Assurance_ID_Token#ID_Token and scope for high assurance tokens. We have created a sandbox open to all Kantara WGs, detailing a test suite that will allow developers of code and user experience to assure the compliance of their products to the Health Care Profile of the basic framework.
The FIRE WG representative to the Kantara Initiative Education Foundation (KIEF) also provided an update to the KIEF Board on the intention of the FIRE WG to seek funding to support the pursuit of a grant to:
- establish an assurance program for high assurance tokens and applications,
- build out the proposed sandbox https://wiki.idesg.org/wiki/index.php/Health_Care_Profile_Sandbox#Context
- further build out the IDEF registry so that it can be leveraged by the FIRE WG as well as other Kantara WGs.
- The Work Group has consolidated and revamped its meeting schedule so that we're meeting only on alternate Thursdays.
- We recently discussed a forthcoming contributions from company IDENTOS of an UMA extension that ties in self-sovereign identity technologies and concepts. We'll take a look and consider whether it's something worth standardizing within the group.
- We are also once again discussing how to set up an interop testing environment.
- Provided input to UK Government Digital Services on their GPG44 (Using authenticators to protect an online service).
- Provided input to DIACC on the Organization component of the Pan Canadian Trust Framework.
- Preparing input to DIACC on the Individual and Privacy components and the Glossary of the Pan Canadian Trust Framework.
- Preparing guidance for the Classic Class of Approval Service Assessment Criteria to reduce the risk of phishing attacks.
- Developing Service Assessment Criteria for NIST 800-63Rev3 Federation Assurance Level 2 (FAL2) Requirements.