Versions Compared

Old Version 1

changes.mady.by.user Colin Wallis

Saved on

compared with

New Version Current

changes.mady.by.user Ken Dagg

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Hello everyone

...

...............................................................................................................................................................................................................................................................................................................

We certainly live in interesting times and March has been no exception.  From the horrific tragedy in Christchurch through the findings of the Mueller investigation to the near comical farce of Brexit, this month has served up plenty to feast on. For Kantara, March has been a 100% good news month and for that I am very grateful.     

Kantara's Trust Framework Operations and Assurance program continues to strengthen with major players signalling their intention to seek 3rd party assessment and approval of their solutions to KantaraAs the weather warms up in the northern hemisphere, there's more than just the flowers blooming!

Wow... what a month for Kantara. It will take some more time to be able to reveal the full extent of progress in April, but together with the first days in May, it has been intensely satisfying.      

It's great to see Kantara's 'NIST 800-63-3 Class of Approval' . To that end it was great to see the Board approve Swedish company Seadot as an accredited assessor.  

The 3rd week of March saw the DHS Showcase finally take place in Washington DC after its initial postponement during the Federal shutdown in January. Our KIPI performers, Exponent with its MOB4PACS project using smartphones as PIV cards with NFC and BLE. and Lockstep with its ValidIDy attribute capsules demonstrated their features and picked up further interest, as they ready themselves for partnering and commercialization. 

The last week of the month featured the KNOW Identity conference in Las Vegas, with many Kantarians in attendance, at the podium presenting, on the stage on panels, as well as receiving awards. Congratulations and many thanks for your support Catherine Schulten, Sphere Identity's Katherine Noall, Experian's Kathleen Peters, Meeco's Katryna Dow, ID Crowd's Adam Cooper, ID.me's Blake Hall, ID Crowd's David Black, ID Crowd's Gillan Ward, 1Kosmos' Rohan Pinto, ID Machines' Sal D'Agostino, Lockstep's Steve Wilson and Tom Sullivan. Also recognizing the hat tips and support at the event of our Liaison Partners FIDO Alliance and ID Pro. It was a great event with Kantara helping out or liaison partners ID Pro on the educational session 'Privacy essentials for ID Professionals' and members featuring other members or Kantara reps on their panels.   

Meanwhile, the UMA working group was presenting to the OAuth working group at the IETF 104 meeting in Prague to support its contribution of the UMA 2.0 specifications for formal standardization. Many thanks to ForgeRock's Eve Maler for preparing the deck, together with co-presenter Maciej Machulak, Pedro Silva in the room in Prague, Gluu's Mike Schwartz, Hindle Consulting's Andi Hindle, Cigdem Sengul, George Fletcher, and other UMAnitarians who pitched in to improve the slides in the weeks leading up. You can find the presentation materials on the Work Group wiki

It did not end there however, with your intrepid Exec Director doing a dash across the globe to catch the Future Trust Go eIDAS workshop in which Kantara Europe is a partner, followed by fellow NGI_Trust partner Fraunhofer's Open Identity Summit in Garmisch-Partenkircken near Munich. This is my first time attending and I was super impressed with the speaker line-up. If you want to know what's coming down the pipe from research institutes and universities as they present their papers before they hit prime time at main conferences, this is 'must-see'. We came away with a fresh basket of actions arising from Kantara's heightened reputation in Europe resulting in organizations wanting to work more closely with us to apply our services and operations in that continent. Just as well Program Manger Ruth agreed to become a Director also! Thank you!

And on the last day of this month I write this from Tel Aviv, I am here with Leadership Council Chair Andrew Hughes about to start a long hard week in ISO SC27 meetings, supporting a suggestion form a well known industry luminary to have an example Kantara Consent Receipt added as an annex to ISO 29184 Online privacy notices and consent. Andrew will also be tabling the results of the IDVP Use Cases from the Kantara discussion Group of the same name.  

On the community side of the house:

  • the Consent & Information Sharing WG is working towards the revision of its Consent Receipt real world use case demo and its respective Consent Receipt Generator;
  • the UMA WG is in advanced preparations to present UMA v2.0 to the 104th IETF meeting in Prague in April to ready it for a standards track contribution;
  • the Identity Assurance Work Group is working hard on preparing comments on the Pan Canadian Trust Framework whose overview is out for public review;
  • the ID Proofing and Verification Discussion Group is assembling a strong set of use cases into a report to ISO SC27 Working Group 5 later in March in time for the Study Period's findings in Tel Aviv in April; and
  • Kantara's liaison with Working Group 5 is seeing increased activity as the international standards drafts covering identity and privacy reach a more developed and mature stage in their development.  

The workshop agenda at the European Identity Conference in Munich in May receive so much fresh interest. I think that this is in part due to US Federal agencies finally having the cycles to include it in procurement requests, together with the cumulative effect of its reference in the April announcement from HHS that TEFCA v2.0 was open for public comment, and ONC's announcement of the opening of competitive bids for the Recognized Coordinating Entity (RCE).  But interest goes beyond the current Classes of Approval as organizations are seeing new and revised standards emerging from organizations. For example, they are recognizing that the electronic driving licence standard from ISO requires assurance and support operations, similar to those offered by Kantara, to extract the full potential from mDL programs. It's also not just a US phenomenon anymore. In April we received SOIs from a global telco, two global IT companies and two smaller market leading innovation companies in the US. But in addition, Kantara received government and corporate interest in its Assurance program from Europe and Asia during April also.    

With this in mind, you'll appreciate that we need more prospective Assessors to come forward to seek Accreditation from Kantara's Assurance Review Board. Once an Assessor goes through the process, they will stand in the marketplace of Accredited Assessors and be able to undertake assessments of credential and service solution providers seeking assurance approval and Trust Marks for their applicable products and services. If you have, or know, an individual or organization who has ISMS audit experience, strong digital Identity implementation experience and holds current a valid CISSP qualification or similar from a recognized Certification Body, please Contact us!  

At the start of April, I was traveling again, this time to Tel Aviv.  Together with Leadership Council Chair Andrew Hughes and other Kantara members sprinkled amongst national bodies, we attended the ISO SC27 meetings - specifically Working Group 5 Identity Management and Privacy. At these meetings it was formally proposed to include an example from Kantara's Consent Receipt v1.1 in Annex B of ISO 29184 Online privacy notices and consent. Not only did we come away with this great result, but also came away as appointed rapporteurs of a new Study Period to look into the feasibility of a consent receipts and records standard. Drafting a v2.0 of the consent receipt has understandably taken on a new sense of urgency for the Consent & Information Sharing Work Group. Recognizing this urgency, I'm pleased to report that a volunteer who works for a large consulting company has agreed to lead the v2.0 project. 

In other ISO news Kantara's IDVP Use Case contributions were well received. Kantara’s contribution constituted the vast majority of the report. It's hard to overestimate the significance of this given that the report lays the foundation for the future posture of the identity standards coming from ISO. You can be involved too, just as long as you are a Kantara member in good standing (a requirement from ISO), in order to gain access to and contribute to the draft standards sent to us from ISO SC27 Working Group 5. Contact us if you meet the criteria so you can join the group.   

It has been hot, hot hot for Mittetulundusühing Kantara Initiative Europe as well. A whooping 109 responses were received in response to the first call for proposals in its NGI_Trust project that closed April 30th!  And following my meetings in Garmisch-Partenkircken last month, I'm pleased to announce Kantara is an associate partner of the Future Trust consortium to promote the implementation of and integration with eIDAS across the world. near Munich. You can read more about it here. Kantara is also in three other consortium bids for European Commission funding grants.

With all this activity, it will come as little surprise that beyond the Assurance program already mentioned, Kantara is adding staff resources to support the demand. During April we took on an additional contractor, Armin, to support Oliver in managing our increasing basket of IT and web assets. This is the first 'new hire' in five years, but certainly won't be the last.  I am in the final stages of securing our first 'Kantara ambassador' to develop Kantara's ethos and membership in the Washington DC area, one of several geographically and strategically placed ambassadors you may see in coming years.  More details will be forthcoming soon.  

Regarding April's events, while ISO SC27 meetings tool up the first week, we finished the month and this week with a clash of events - IIW in Mountain View and Connect:ID in Washington DC. The Leadership Council working group Chairs Eve Maler, Andrew Hughes, Jim Pasquale and John Wunderlich took IIW,  variously leading sessions on current state and future work on UMA, Consent Receipts and related interests with the support of a sizable number of Kantara members and non member participants. While they were there, I headed to DC to simultaneoulsy man the Kantara booth, moderate a panel 'Managing privacy, ownership and trust: Building strong digital identity' and do a presentation 'Build Customer Confidence with Assurance Trust Marks' that showed the current state of industry Trust Marks and making the case for the IDESG logo to be re-crafted as a consumer Trust Mark - something that members Mary Hodder and Andrew Hughes had been quietly advocating for some time now. Both events generated exceptionally good value for Kantara and I look forward to sharing the fruits of those labors in due course.

Looking forward, the next big event is Kantara's European Members Plenary near Munich on Monday May 13th, which curtain-raises the Kantara pre-conference workshop at the European Identity Conference the following day where the agenda is all set - see it here (remember the chunky ticket discount if you use the code shown on Kantara's events page!) - and even before that ConnectID in DC Monday April 30 through Wednesday May 2nd which is FREE OF CHARGE for attendees.  IIW in Mountain View is on at the same time and many Kantarians will be attending as usual.   June has a slew of events too, starting with Identity North in Toronto, then Identity Week in the UK, EEMA in the UK, Think Digital Identity in the UK, Whitehall Media IDM in the UK, and in the last week of June, Identiverse in Washington DC. If you are attending the EIC in Munich in May, please make sure you arrive a day early and register here for the Kantara Members Plenary on Monday May 13th. community discounts and planning our participation at Conferences and Events too. Of course our participation is your participation. 

Please join me in welcoming David Kelts and Jason Nuce as new individual member joining in March, and Janelle Allen for renewing. Thank you to you all for your support of Kantara.

We have some major announcements regarding new joining corporate members in the coming months.We are pretty successful at getting community discounts for participation at all our Conferences and Events too.  

It's been hectic month for marketing communications too. Let's give a special shout-out to the Marketing team at our Boston-area based association service management company Virtual who has done a stellar job with the 10th Anniversary promotion, first seen on the Keeping up with the Kantarians' monthly email blast a week or so ago (note: if you are not receiving these and want to, just Contact us). See the Infographic and celebration video here, straight off the homepage of the website. Also, look out for a steady stream of press releases over coming weeks. Kantara has so much news to share right now, that we are having to stagger the press releases.  

It's been a fantastic month for membership renewals. Please join me in welcoming back Datafund, Board member digi.me, Board member Experian, Inflection Risk Solutions, Internet2, Lockstep Technologies, Ubisecure and Verizon 

On the community side of the house:

  • the Consent & Information Sharing WG (CISWG) is gathering contributions for the first draft of Consent Receipt v2.0 and collaborating with members on the Consent Receipt Generator and developing the demo with its requisite privacy dashboard. It is also gathering contributions on the DIACC's (the Digital Identification and Authentication Council of Canada) document out related to Notice and Consent https://diacc.ca/2019/04/03/notice-consent-overview-conformance-discussion-drafts/ as a component of the Pan-Canadian Trust Framework to set a baseline of public and private sector interoperability of identity services and solutions.  If you want to contribute you must join the CIS working group (no charge)
  • the UMA WG is preparing its presentations for UMA v2.0 at the forthcoming IIW, EIC and Identiverse conferences as well as the 105th IETF meeting in Canada later in the year to helpfully confirm it on the standards track - we learn about more new implementations every month!.
  • the Identity Assurance Work Group (IAWG) is about to release a refreshed Overview and Glossary for the Identity Assurance Framework (IAF) and is monitoring the new NIST standards FIPS 140 and FIPS 201 for any impact or implications for the Kantara IAF. 

The good news is expected to continue into the comings months, so until then, keep well, keep hustling and keep championing Kantara's ethics, ethos & services to the industry and community we serve - You!

Kind Regards,

Colin

Around the Houses:

...

Program, Work Group and Discussion Group Updates:

  • You can always keep up with the latest news from the Work and Discussion Groups directly on the Leadership Council's Blog. See the list of public groups here.

...