Page Comparison

Hello everyone 

This is the running update from the Executive Director. Have questions or comments? Suggest some added information or edits? Contact Colin at kantarainitiative dot org.

...............................................................................................................................................................................................................................................................................................................

Welcome to this February the April 2021 posting of Director's Corner.  

All around the world, as we come to terms with the virus and start to get ahead of it, we continue to strive towards life as it once was.  February has seen great swings in weather - from unusually blizzard conditions in Texas to unusually warm temperatures in Europe.  Whatever the weather, the beat goes on inside and around the Kantara community. 

It was great to welcome Neustar as our most recent Trust Mark holder for a component service that conformed to Kantara's NIST 800-63-3 Class of Approval under Kantara's Identity Assurance Trust Framework.  There are several more services under assessment as I write, so 2021 is set to be a pivotal year as Kantara's Trust Framework goes mainstream.  Why now you might ask?  I've asked myself the same question in recent months.  In discussions with Assurance Director Ruth, Assurance Review Board Chair Leif, the main Board and regulars on the Identity Assurance Work Group calls, we have put it down to the 'perfect storm' that the current climate has created.  So in no particular order...

1. There's the 'noise' around Trust Frameworks.  That is good, because Kantara has been promulgating and operating a Trust Framework for conformity assessment and assurance since 2011 when the very first Trust Framework in this space (FICAM (Federal Identity, Credential, and Access Management) was launched by the US Federal Government.  By design Kantara's Trust Framework was built to operate both as stand-alone, as it is seen today, or as the conformance and assurance sub-set of another Trust Framework as it was under FICAM (the Trust Framework Solutions portion officially deprecated January 31st).  As folks look at the other Trust Frameworks operating today such as eIDAS (electronic IDentification, Authentication and trust Services) in Europe, or the TDIF (Trusted Digital Identity Framework) in Australia, and they hear about the PCTF (Pan Canadian Trust Framework) in Canada in MVP this year, and the Trust Frameworks being drafted in the United Kingdom, New Zealand and elsewhere, they are better able to understand the crucial role that Kantara's Trust Framework plays.  That role is the crux of a Trust Framework - conformance, governance, responsibilities written into fully executed contracts.  Structured policy, rules and requiring conformance to standards is all very well, but when 'the rubber hits the road', a jurisdiction considering cross recognition looks first and last at the veracity of the service providers' conformance as its baseline confidence indicator.
2. There's a growing realization that NIST SP 800-63 Rev 3 (and soon revision 4) remains as the de-jure de-facto standard just as its predecessor 800-63 Rev 2 (or in its international guise ISO/IEC 29115 or ITU-T's x.1254 Entity Authentication Assurance) was.  You can find elements of them in the eIDAS Implementing Acts, in the UK's GPGs, in Canada's early work on CATS (Cyber Authentication Technology Solutions) Interface Architecture and Specification, in New Zealand's Authentication standards for online services.  Authentication requirements in Australia's TDIF are pulled straight from 63-3.  Slam dunk.  So what standard are you going to choose to build your product against if you are an international IDaaS brand that is looking for the most cost effective conformance that gets you most of the way, in most jurisdictions, to minimize the incremental lift for in-country conformance? It’s 800-63. It's akin to a prime number or form factor in mathematics, or the US dollar in currency where it's tradeable anywhere.
3. In the US, there is emerging evidence that those federal agencies charged with obligations under the OMB M 19-17 executive memo - which stipulate the adoption of 63-3 - are actively moving on those obligations.  While we have not yet seen many of these downstream directives published in policy, there seems to be some informal industry chatter that points to a formal position being announced in coming months.
4. Globally, add the COVID effect where more people are needing more access to more services online - in healthcare, in Education, in Financial Services, in Government services, in essence everywhere.

And there you have it; the perfect storm that is evidenced by the steadily increasing adoption of Kantara's Trust Framework and in particular 800-63-3 (most cases at IAL2 and AAL2).

There's a sense of this phenomenon emerging in membership too. Please join me in welcoming new members Beruku Identity from the UK, and the Digital Identification Bureau from Papua New Guinea.  Thanks to the continued support from renewing members Board Director Presidency holder IDEMIA, MIT Trust :: Data Consortium, Accredited Assessor KUMA, Accredited Assessor Seadot from Sweden, and Individual Contributors Janelle Allen, Lisa LeVasseur and Ross Foard.  Thank you all!  It's great to have you back!  

Regular readers of this blog may recall my mention of the US Treasury's Financial Sector Policy Roundtable on February 9th.  It was a great session (closed to most associations) where members Easy Dynamics, ForgeRock, IDEMIA, ID.me, Mastercard International and MIT Trust :: Data Consortium, together with myself representing Kantara, covered a range of topics across digital identity solutions, Trust Frameworks and certification, Digital Ledger Technologies (DLTs) and Blockchain, Risk and Fraud, and latest implementations.  It was another great session where Kantara was referenced a number of times in the context of go-to best practice.  

Speaking of events, the last week of February and into this first week of March, saw an onslaught of events that Kantara has been approached to speak or exhibit at.  Keep an eye on Kantara's events page as the near-term ones get loaded.  Included in them are

• FinTech Talent Identity March 17 (Kantara moderating),
• ONC's Annual Meeting March 29-30  (thank you ONC's Carmen Smiley! for helping with our virtual booth featuring IDENTOS, Patient Centric Solutions and the FIRE WG),
• Think Digital Identity of Government UK May 21 (Kantara speaking and supporting), and
• Identiverse 2021 June 21 -23 (ForgeRock, ID.me, ID Machines and Kantara speaking).   

The All-Member-Ballot for the slate of four Directors-at-Large was successful, and they were fully engaged on the February Board call. Some have settled into the Board priority areas and I'll keep you updated on progress there. 

There was so much more that went on in February that we can talk more about in March, but you have the highlights in this nutshell. 

Stay safe, well and above all happy.!  

Like many of us, I'm pleased to beckon in the new month, tho' March had plenty to offer.

For me, it was a watershed month as I notified staff and members, in advance of it going public, of my intention to step back from leading Kantara in a few months time.  (Apply here!).  I'm at that time of life where attention is needed on personal finance, assets and property ... and life really.  While I have thoroughly enjoyed the challenge of surmounting hurdles as they arose, Kantara has been all consuming.  But life balance is important too, and mine is overdue for a reset.  Also overdue is my need to switch my residency back to my home country of New Zealand for at least three years.  So the time feels right to hit the reset button.  Rather than having to work much of the night in New Zealand to operate in Kantara's primary time zones, it is time to to take a step back.  It's only a step back (semi-retirement) ... it is not retirement!  I will remain in and around Kantara, as well as around the industry, for quite a while yet.  My involvement, however, will be at a more relaxed tempo than the deadline driven cadence that comes with leading a global community of three Kantara branded organizations.   

My impending move wasn't Kantara's only news for March.  Far from it. 

Joining Kantara in March were new members Zenia Vasquez, Dedra Chamberlin, Manvendra Kumar and Roger Quint, together with renewing members Hindle Consulting and John Wunderlich.  Thank you all!  And for renewing members it's great to have your continued support!  

The new Board including, as I announced last month, Directors at Large 2keys, Airside, Easy Dynamics and Wedacon, has started to work in earnest.  Board members Experian, Airside and Wedacon, led by LC Board representative Andrew Hughes, have met several times to begin framing what the future might look like for Kantara’s Work and Discussion Groups.  The results of their work will be put to the Membership for consideration later in this year.  While they have worked on this, president Matt and myself have been working on the ED succession plan.  The results of our our efforts members received before it went public.  If you have a potential candidate for the ED job, please follow the instructions in the job advertisement to submit them.

March was book-ended with virtual events that featured Kantara.

The FinTechTalents Identity conference aired on March 17th.  But, of course, the preparation and pre-record activity started as the month opened.  I had the pleasure of moderating a panel with Dai Banerji representing Women in Identity, our friend and fellow mDL journeyer Gail Hodges from the Future Identity Council, Andrew Black from Natwest Bank, and David Pollington from the GSMA.  We developed discussion themes around the topic of ‘Privacy Enhancing, Consent Based Digital Identity'.  Our discussion and debate focused on three points:

• should the financial service sector embrace a decentralised ID mode;
• how we can ensure that we build Digital Identity that enhances privacy and consent as well as granting users control over how their personal credentials are shared; and
• whether users are actually ready to take control of their digital identity.

March 29-30 saw Kantara undertake something very different.  We were honored to be asked to have a virtual booth in the virtual exhibit hall of the virtual ONC Annual meeting.  This was a significant undertaking that we accomplished in a short time period.  Kantara is indebted to members Identos, Patient Centric Solutions, Airside, ForgeRock, Tom Jones and Dr Tom Sullivan as well as non member participant Jim Kragh who prepared new videos, modified existing presentations, project managed and attended the booth over the two days.  As I tweeted at the time, it was a surreal experience and, though quieter than organizers and participants alike had hoped, we were, nonetheless, delighted to receive interest and a qualified prospect for conformance to Kantara's 63-3 Class of Approval under our Identity Assurance conformity assessment and certification scheme.  We will endeavour to republish the material on the website soon.  

April's schedule of events is a lighter lift for Kantara with its support of the inaugural International Identity Management Day on April 13th and the Internet Identity Workshop 32 April 20-22 with VRM day curtain-raising on April 19.  Several members are presenting sessions at IIW 32.  However, I am only aware of Identos's details.  They will be showcasing their work in the HealthCare space in Canada, which has received significant press coverage recently, during the Demo hour.  As a reminder, if you want Kantara to amplify your activities, you have to inform it of those activities!  Finally, we have Think Digital Identity of Government UK May 21 where Kantara is participating in two panels as well as supporting the event through partnership.    

Beyond events, Kantara expects to make several important announcements in April arising from its exciting collaboration with, and between, members in different parts of the world.  If you are not a member, and don't have access to news before it breaks, sign up to receive KantaraNews and follow @KantaraNews on Twitter as well as Kantara on LinkedIn.  

As I sign off this month's post on Good Friday in the Christian calendar, I feel excited as I have just, in a different context for Kantara and another two members, finished an exciting (potentially dial-moving!) call regarding a new project.

Stay safe, get vaccinated if you can, and keep happy!  

Kind regards,

Colin

Around the Houses:

...

• Follow us online: https://twitter.com/KantaraNews and https://twitter.com/UMAWG and https://twitter.com/KantaraCISWG.  

• Miss something? See our press releases here.    

• Want to start a Kantara local chapter in your town? We are happy to help. Just Contact us.         

Program, Work Group and Discussion Group Updates:

• You can always keep up with the latest news from the Work and Discussion Groups directly on the Leadership Council's Blog. See the list of public groups here.

...