Hello everyone
This is the running update from the Executive Director. Have questions or comments? Suggest some added information or edits? Contact Colin at kantarainitiative dot org.
...............................................................................................................................................................................................................................................................................................................
As I begin this on the first day of September, it feels like the intensity of August - both temperature as well as emotions running high over events around the world - is easing back. One thing that did not seem to ease back was the intensity of online webinars. That thought was in my mind yesterday, August 31st, as I readied myself to present Kantara's work to the ONC's Patient Identity and Matching Working Session. With close to 400 attendees at the height of the day there was no pressure! ('yea, right') but I drew some comfort from other Kantara members and supporters presenting as well as publicly shouting-out our efforts. Grateful thanks to Noreen Whysel and Catherine Schulten from the FIRE WG for helping me prepare the slides and to the HIAWG for its efforts in drafting the written submission due later this week.
Just in while I type is the UK's government's response to their call for evidence on digital identity from a year ago (if you read last month's Director's Corner one could be forgiven for thinking their ears were burning..
) ...where Kantara submitted these comments. 'Better late than never', it is great to finally see movement on this judging by industry's reaction here to the indication of new or altered legislation and where additionally, the point was made that Security does not feature in the 6 principles to frame digital identity delivery and policy in the UK - those being Privacy, Transparency, Inclusivity, Interoperability, Proportionality and Good Governance - principles which no-one could argue with. But no Security principle?
Meanwhile in the US, there's industry talk of Congressman Bill Foster (D-IL) proposing a bill with a working title 'to establish a governmentwide approach to improving digital identity, and for other purposes'. I'll keep you posted if I hear more.
The IAWG has a continual slew of similar calls for input on its slate. It works on these around its main role as the steward of the Identity Assurance program and its associated Trust Framework, which has constant maintenance and improvement cycles throughout the year. The current consultation is on the European Union's eIDAS regulation, Implementing Acts and the success or otherwise of the strategy, led by Individual contributor Mark King. Thank you Mark! Globally acknowledged as we are, there is a never ending stream of requests for our input. We need more volunteers to lead work and sponsors to support the effort. If the current global conditions find you with some spare time, please contribute it to Kantara, where, now more than ever, there are more more requests to engage and more work as a result landing on our plate.
Kantara Individual Contributor member, and globally acknowledged privacy expert, John Wunderlich did just that. Juggling his client work, along with a stint temporary stint as Chair of the ISI-WG, John also put his hand up to spin up the much anticipated Kantara mDL Discussion Group. This DG This Director's Corner comes a few days late, such is the level of activity in Kantara in recent weeks. Some of it has been announced but there is another major announcement scheduled for this week with more beyond.
Last month I mentioned how governments around the world are announcing plans to bring in legislation regarding digital identity within a few weeks (even days!) of each other. So, when I was asked by Think Digital Partners to write a piece as part of my role on its Advisory Board, I chose to write about this topic. It is quite intriguing, in one sense, given just how close these announcements are to each other. But, in another sense, it is understandable. In that post, I talk about why that might be, as well as share the scope of planned legislation to the extent of my knowledge. My observations are broadly restricted to the 'five nations' common law countries not only because I am most familiar with them, but also three of the five are Kantara members. You'll hear more on that subject this coming week!
I do think, however, that there is an emerging pattern. Kantara has a highly reputable, globally recognized assurance program for accrediting assessors and approving that applicant service providers' solutions are conformant with a given standard - NIST SP 800-63-3 being most sought after in recent times. COVID-19 has put the spotlight on the need for more digital interaction with government by its citizens and with consumers more broadly. Digital identity is fundamental to addressing those interactions, especially if they are higher risk transactions for payments etc from Government. Ergo, public sector interest in Kantara. That's my theory anyway, but I'd welcome your view! This circle of interdependence is something that the Board recognizes too, as members will see in the next couple of months when its review, and refresh, of Kantara's strategic direction and priorities are presented for wider review and comment.
Remember also that Kantara is structured so as to enable its community working groups and discussion groups to act as the steward for the frameworks and associated assessment criteria for conformance to standards within those frameworks. While not all projects, from all groups, lean this way, when they do, great synergy can be achieved. For example, the IAWG, which is comprised of experts from the private, public and Higher Education sectors as well as individuals and accredited assessors, develop the assessment criteria for Kantara’s Identity Assurance Program. Alongside developing submissions to requests for contributions on digital identity-related matters as part of Kantara’s global civic duty, IAWG also develops the assessment criteria needed for the accredited assessors to consistently assess and report their findings on applicant service provider solutions.
Toward these dual ends, the IAWG has had a huge few months. Firstly, in relation to NIST SP 800-63-3, the IAWG developed criteria for 63C (FAL2 and FAL3), as well as the level 3 criteria for 63A (IAL3) and 63B (AAL3) that are coming to the end of their All Member Ballot period. Thanks to ID.ME for its sponsorship of this effort. (NOTE BENE: If you are the primary representative of your organization, or an individual member, please do your duty to the community by abiding by the email sent to you and casting your vote on this important work). Secondly, last week the IAWG completed and submitted its input to the open public consultation on the European Union's eIDAS regulation. Some of the response was submitted as a response to an online questionnaire (which we can't link to) but our additional responses in support of the online questionnaire is here. Thank you individual contributor member Mark King for leading the active, and animated discussion at meetings and on the list regarding this, and to Staff (Ruth) who took it on the final path to submission.
I'm pleased to announce that material progress had been made on the long-waited Kantara mDL Discussion Group. Kantara Individual Contributor member John Wunderlich successfully proposed a Charter to the Leadership Council. This DG - actually called the 'Privacy & Identity Protection in mobile driving license ecosystems' , the PImDL DG - will focus on rounding out the ISO 18013-5 mDL standard's privacy and security recommendations in Annex E - a critically essential success factor to enable the development of the fledgling global mDL ecosystem. Some of you may have seen and heard John (and Kantara President Matt) speaking on Secure Technology Alliance's Webinar #3 (note that there were some technical issues impacting this session but it is being re-recorded). Our collective hats off to you John Wunderlich. We applaud your quiet resolve and magnanimity. Give John, and the Leadership Council, a few weeks to get the Charter approved and for Staff to build the wiki space and we will let you know when the site is up and the GPA ready for you to acknowledge.
The IAWG also completed work sponsored by ID.ME to develop Service Assessment Criteria (SAC) at Assurance Level 3 for Identity Assurance (IAL3), Authentication Assurance (AAL3), and Federation Assurance (FAL3) of NIST’s SP 800-63 Revision 3. These SAC are currently undergoing Public and IPR Review. Thanks to ID.ME for its support in developing this important part of Kantara’s Identity Assurance Framework.
Kantara Europe was busy as usual
While Kantara Europe remains very busy with coaching existing NGI_Trust projects and, as mentioned last month, working with a large consortium on a new funding bid for 2021. It‘S project name is Demoiselle with a focus on Long Term Security of Systems, Systems of Systems and Organizations & Societies all through policy, process and technology planes. This is more IoT oriented than Kantara's traditionally known core capabilities but, with IDoT becoming so relevant now and having the global reach to expertise that we do, the consortium sought out Kantara to fill this much needed gap in its enviable line-up of partners.
I want to round out this month's blog with a hat-tip to the Board. All summer-long it has been undertaking a deep strategic review of Kantara - the organization’s capabilities, its vision and mission, and its role in the global ecosystem. The last review of this kind took place in 2016, the year I took up the post of ED. In the intervening five years, Kantara has changed in nearly every dimension, with the exception of its foundational ethics and ethos which remains as the Founders chartered it back in 2009. 2020, Kantara's 11th year of operation seemed an entirely appropriate year to review and reset. If you have a futurist view of Kantara please let the Board know by emailing directors at kantarainitiative dot org. It aims to share its initial thoughts on the findings with you all and here on this blog next month.
Grab the last of the sun in the north or the spring skiing in the south, because the last quarter of 2020 looks set to be something of a game-changer for Kantara. , Kantara Initiative Education Foundation reached a milestone by submitting its first ever grant funding application to one of the US DHS grant funding programs, arising out of the FIRE WG. Our thanks to individual contributor members Sal D'Agostino and Tom Jones for the heavy lifting on this.
I could not sign off on this blog without particular mention of Kantara's announcement last week that Kantara and SAFE Identity have entered into a non financial, non exclusive agreement to co-market and recognize each others non-PKI and PKI Trust Marks respectively where reciprocity exists. This news is not only foundational for the organizations themselves but also profound for the industry. For as many years as I have been in this industry (over 15 years now), I have seen continuous fragmentation and 'gold rush' self interest prevail. Collaboration amongst competitors, when it did happen, was usually around standardization and development of best practice in the neutral venues such as Kantara or standards setting organizations that suit multiple parties objectives. The Kantara-SAFE collaboration is a major change. By recognizing and respecting each organizations' strengths and capabilities we both have recognized that complementing rather than competing is a rational approach. To me it signals - at last! - that this industry is capable of removing friction for the betterment of its stakeholders and consumers and that we are here, in this ecosystem, to serve.
Onwards!
Kind regards,
Colin
...
Follow us online: https://twitter.com/KantaraNews and https://twitter.com/UMAWG and https://twitter.com/KantaraCISWG.
- Miss something? See our press releases here.
Want to start a Kantara local chapter in your town? We are happy to help. Just Contact us.
Program, Work Group and Discussion Group Updates:
You can always keep up with the latest news from the Work and Discussion Groups directly on the Leadership Council's Blog. See the list of public groups here.
...
Not sure where to find things? Membership Bella, Ruth, Armin, Chris and myself, together with the Kantara IT team consisting of Sebastian and Gonzalo led by Armin are only too willing to assist. Contact them here.
...