Skip to end of metadata
  • Created by Former user, last modified by Former user on Apr 22, 2009
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 6 Next »

DRAFT CHARTER SUBJECT TO FURTHER REVISION AND APPROVAL

(1) WG NAME (and any acronym or abbreviation of the name): The WG name, acronym and abbreviation must not include trademarks not owned by the Organization, or content that is infringing, harmful, or inappropriate.

Identity Assurance Work Group

(2) PURPOSE: Please provide a clear statement of purpose and justification why the proposed WG is necessary.

The Identity Assurance Work Group (IAWG) has been formed within the Kantara Initiative to foster the adoption of trusted on-line identity services. To advance this goal, the Identity Assurance Worg Group will provide a forum for identifying and resolving obstacles to market and commercial acceptance that have limited broad deployment and adoption of trusted identity services thus far. The first step will be development of a global standard framework and the necessary support programs for assessing identity service providers (IdSPs) against criteria that determine the level of assurance that a relying party (RP) may assume in evaluating identity claims provided by those IdSPs. The framework and processes will be defined in a way that scales, empowers business processes and benefits individual users of identity assurance services. The framework will be the basis upon which IdSPs, RPs and their services can be certified as compliant with common policies, business rules and baseline commercial terms, avoiding redundant compliance efforts and market confusion about the substance and value of identity assurance delivered.

The work of IAWG will begin by consolidating, updating and enhancing the Trust Framework of the EAP (Electronic Authentication Partnership), the Credential Assessment Framework of the US E-Authentication Federation, and other industry contributions. The final deliverable will consist of a suite of harmonized, best-of-breed industry standards for the assessment of identity services, relying parties management of identity information, and identity federations support for inter-party trust. The standards will consist of an identity credential and attribute policy, business procedure and security rules, and minimal baseline commercial terms (e.g. risk, impact and liability allocation) supporting mutual acceptance, validation and lifecycle maintenance across identity federations. An important goal is to foster interoperability among identity federations on a global scale (i.e. inter-federation).

The scope of the IAWG is not just to create a standard framework for identity assurance, but to move beyond pure policy development and into development of actionable and measurable programs (starting with certified assessment) including certification education, industry marketing and broad market promotion. The scope includes support for individual, organizational and machine entity identity services.
The IAWG's goal is to provide public and private sector organizations with a well defined means of relying on digital credentials issued by a variety of identity service providers (aka credential service providers) in order to advance trusted identity federation and thereby facilitate broad user acceptance of this means to manage access to online services and information. Interoperability of e-authentication systems, mutual acceptance of rules, policies and supporting business processes is essential to the cost-effective operation of safe and secure systems that perform critical electronic transactions and tasks across industry lines.

(3) SCOPE: Explain the scope and definition of the planned work.

The IAWG does not seek to duplicate the e-authentication work of other organizations nor does it seek to develop authentication protocols. The IAWG output will be relevant to operational practices and will not be normative to any specific software implementation of authentication or federation protocols.
Members of this EG have the opportunity to:

  • Help shape identity assurance policy for both the public and private sectors.
  • Better understand the needs of online users of member's services.
  • Expand markets by promoting wider use of identity credentials.
  • Stay abreast of government policy worldwide that will have an impact on identity assurance.
  • Discuss the latest technology, standards, and solutions in the e-authentication and identity assurance industry with their peers.
  • Get to know public and private sector leaders in e-authentication.
  • Identify opportunities to save time and resources in implementing identity federations
  • Vote on all aspects of the IAF and associated accreditation program as it evolves within IAWG deliberations
  • Participate in all IAWG activities, such as meetings, email discussions, conference calls, etc.
  • Avoid "re-inventing the wheel" or needlessly duplicating effort by identifying best practices across multiple industry sectors in this globally diverse working group.


(4) DRAFT TECHNICAL SPECIFICATIONS: List Working Titles of draft Technical Specifications to be produced (if any), projected completion dates, and the Standards Setting Organization(s) to which they will be submitted upon approval by the Membership.

  • The Identity Assurance Framework (IAF) - a set of concepts including business rules, procedural and technical trust criteria for identity service providers, relying parties and federations, and assessment methodologies for determining conformance to trust criteria. The IAF will be based on broad input from both public and private industry stakeholders with relevant experience and contributions to this effort.
  • Identity Assurance Framework - Service Assessment Criteria
  • Identity Assurance Framework - Federation Operator Rules and Guidelines


(5) OTHER DRAFT RECOMMENDATIONS: Other Draft Recommendations and projected completion dates for submission for All Member Ballot.

  • A uniform set of standards based on the IAF that will be used to accredit assessors who can in turn be relied upon by communities of interest in evaluating participants
  • A set of strategic recommendations to the Kantara Initiative Management Board regarding the development and operation of an assessor accreditation program to advance the adoption of the IAF that would serve to foster inter-federation deployments on a global scale.


(6) LEADERSHIP: Proposed WG Chair and Editor(s) (if any) subject to confirmation by a vote of the WG Participants.

  • Myisha Frazier-Mcelveen, CitiGroup
  • Rich Furr, SAFE Bio-Pharma
  • Nigel Tedeschi, British Telecom

(7) AUDIENCE: Anticipated audience or users of the work.

  • Identity Service Providers
  • Federation Operators
  • Relying Parties
  • National Government and State Services Organizations
  • Accreditation Assessors

(8) DURATION: Objective criteria for determining when the work of the WG has been completed (or a statement that the WG is intended to be a standing WG to address work that is expected to be ongoing).<INSERT TEXT> The Kantara Initiative Leadership Council charters the Identity Assurance Work Group for five years. It may be amended from time to time, with changes approved by the Leadership Council. This charter will expire on <INSERT DATE>.

(9) IPR POLICY: The Organization approved Intellectual Property Rights Policy under which the WG will operate.

Kantara IPR Policy - Option Liberty

(10) RELATED WORK AND LIAISONS: Related work being done in other WGs or other organizations and any proposed liaison with those other WGs or organizations.

(11) CONTRIBUTIONS (optional): A list of contributions that the proposers anticipate will be made to the WG.

  • Identity Assurance Framework Set (Liberty IAEG)
  • Identity Assurance Framework - Read Me (Liberty IAEG)

(12) PROPOSERS: Names, email addresses, and any constituent affiliations of at least the minimum set of proposers required to support forming the WG.

  • Myisha Frazier-Mcelveen, CitiGroup
  • Rich Furr, SAFE Bio-Pharma
  • Nigel Tedeschi, British Telecom
  • <insert>
  • <insert>
  • <insert>
  • No labels