Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 11 Next »

Hello everyone 

This is the running update from the Executive Director. Have questions or comments? Suggest some added information or edits? Contact Colin at kantarainitiative dot org.

...............................................................................................................................................................................................................................................................................................................

Welcome to this February 2021 posting of Director's Corner. All around the world we continue to strive towards life as it once was as we come to terms with the virus and start to get ahead of it. February has seen great swings in weather - from unusually blizzard conditions in Texas to unusually warm temperatures in Europe. Whatever the weather the beat goes on inside and around the Kantara community. 

It was great to welcome Neustar as our most recent Trust Mark holder for a component service conforming to Kantara's NIST 800-63-3 Class of Approval under Kantara's Identity Assurance Trust Framework. There are several more in assessment as I write, so 2021 is set to be a pivotal year as Kantara's Trust Framework goes mainstream. Why now you might ask? I've asked myself the same question in recent months. In discussions with Assurance Director Ruth, Assurance Review Board Chair Leif, the main Board and regulars on the Identity Assurance Work Group calls, we have put it down to the 'perfect storm' that the current climate has created. So in no particular order...

1) There's the 'noise' around Trust Frameworks. That's good, because Kantara has been operating a Trust Framework for conformity assessment and assurance since 2011 when the very first Trust Framework in this space (FICAM) was launched by the US Federal Government. By design Kantara's was built to operate stand-alone as it is seen by most today, or operate as the conformance and assurance sub-set of another Trust Framework as it was under FICAM.  As folks look at the other Trust Frameworks operating today such as eIDAS in Europe, at the TDIF (Trust Digital Identity Framework) in Australia, and they hear about the PCTF in Canada coming on-stream soon, and the Trust Frameworks being drafted in the UK, New Zealand and elsewhere, they are better able to understand the crucial role that Kantara's Trust Framework plays. That role is the crux of a Trust Framework - conformance, governance, responsibilities written into fully executed contracts. Structured policy, rules and requiring conformance to standards is all very well, but when 'the rubber hits the road' jurisdiction cross recognition looks first and last at the veracity of the service providers' conformance, as a confidence baseline.         

2) There's a growing realization that NIST SP 800-63-3 (and soon revision 4) remains as the de jure de facto standard just as its predecessor 800-63-2 (or in its international guise ISO/IEC 29115 or ITU-T's x.1254 Entity Authentication Assurance) was. You can find elements of these in eIDAS Implementing Acts, in the UK's GPGs, in Canada's early work on CATS, in New Zealand's Authentication standards for online services. Authentication requirements in Australia's TDIF are pulled straight from 63-3. Slam dunk. So if you are an international IDaaS brand and looking for the most cost effective conformance that gets you most of the way in most jurisdictions to minimize the in-country conformance lift, what standard are you going to choose to build your product against?   

3) In the US, there is emerging evidence that those federal agencies charged with obligations under OMB M 19-17 are actively moving on those obligations which stipulate the adoption of 63-3. While we have not yet seen many of these downstream directives published in policy, there seems to be some informal industry chatter that points to a formal position being announced in coming months. 

4) Globally, add in the COVID effect - more people needing more access to more services online - in healthcare, in Education, in Financial Services, in Government services, in essence everywhere.  And you there you have it. The perfect storm that is evidenced by the increasing adoption of Kantara's Trust Framework and in particular 800-63-3 (most cases at IAL2 and AAL2) .

There's a sense of this phenomenon emerging in membership too. Please join me in welcoming new members Beruku Identity from the UK, and the Digital Identification Bureau from Papua New Guinea. Thanks to the continued support from renewing members Board Director holding the Presidency, IDEMIA, MIT Trust :: Data Consortium, Accredited Assessor KUMA, Accredited Assessor Seadot from Sweden, and Individual Contributors Janelle Allen, Lisa LeVasseur and Ross Foard. Thank you all!  It's great to have you back.  

The All-Member-Ballot for the slate of 4 Directors-at-Large was successful, and were fully engaged on the February Board call. some have settled into the Board priority areas and I'll keep you updated on progress there. 

Kantara community Groups and staff alike, had packed agendas over January.  Kantara joined forces with the Future Identity Council (FIC) to submit a detailed response to AAMVA's RFI regarding setting up a Digital Trust Service, essentially a public key store, in their pursuit of rolling out mDL across the US, though a sizable portion of our joint response was directed to what global mDL Governance might look like (think ICAO for passports for a sense of the scale).  Given how busy both organizations were, FIC's Gail Hodges and myself brought it home largely ourselves (the exception being the Privacy questions - thank you again John Wunderlich!) within the very tight timeframe.  Both organizations will use February to play it back into our respective communities to ensure that we captured your perspectives correctly, and if not, make any changes known to AAMVA.  And while mentioning the US, Treasury reached out to invite Kantara, along with a range of private sector companies and industry associations, to a US Financial Sector Policy Roundtable on February 9th.  While unfortunately a closed session, members can take some comfort from the fact that around 25% of invited guests are Kantara members and liaisons, and are on the slate to speak (as well as Kantara itself).

We celebrated International Data Privacy Day wonderfully, with the launch of the Advanced Notice & Consent Receipt (ANCR) WG along with related events continuing through the weekend.  It was fitting therefore that Sunday, January 31st was the deadline for comments on the 2nd Working Draft of ISO/IEC TS 27560 Consent Record Information Structure, and it was the ANCR WG that developed the comments fed back to ISO through Kantara's Liaison with ISO SC27 Working Group 5.  As we circle the globe, I should mention the interactions we had with Australian, New Zealand, UK and US Government agencies this past month.

Do you like the new website? Take a look and please let us know. 

Kind regards,

Colin

Around the Houses:

Marketing:

Program, Work Group and Discussion Group Updates:

  • You can always keep up with the latest news from the Work and Discussion Groups directly on the Leadership Council's Blog. See the list of public groups here.

  • As always, our Specifications, Recommendations and Reports are available for download from our Reports and Recommendations web repository - now with frictionless access.  

  • Not sure where to find things? Membership Bella, Trust Framework Operations & Assurance Director Ruth, Business Development Ambassador Chris and myself, together with the Kantara IT team consisting of Sebastian and Gonzalo led by Armin  are only too willing to assist.  Contact them here.

Events: See them all here! 

  • No labels