This is the running update from the Executive Director. Have questions or comments? Suggest some added information or edits? Contact ED Colin at kantarainitiative dot org.
As the weather warms up in the northern hemisphere, there's more than just the flowers blooming!
Wow... what a month for Kantara. It will take some more time to be able to reveal the full extent of progress in April, but together with the first days in May, it has been intensely satisfying.
It's great to see Kantara's 'NIST 800-63-3 Class of Approval' receive so much fresh interest. I think that this is in part due to US Federal agencies finally having the cycles to include it in procurement requests, together with the cumulative effect of its reference in the April announcement from HHS that TEFCA v2.0 was open for public comment, and ONC's announcement of the opening of competitive bids for the Recognized Coordinating Entity (RCE). But interest goes beyond the current Classes of Approval as organizations are seeing new and revised standards emerging from organizations. For example, they are recognizing that the electronic driving licence standard from ISO requires assurance and support operations, similar to those offered by Kantara, to extract the full potential from mDL programs. It's also not just a US phenomenon anymore. In April we received SOIs from a global telco, two global IT companies and two smaller market leading innovation companies in the US. But in addition, Kantara received government and corporate interest in its Assurance program from Europe and Asia during April also.
With this in mind, you'll appreciate that we need more prospective Assessors to come forward to seek Accreditation from Kantara's Assurance Review Board. Once an Assessor goes through the process, they will stand in the marketplace of Accredited Assessors and be able to undertake assessments of credential and service solution providers seeking assurance approval and Trust Marks for their applicable products and services. If you have, or know, an individual or organization who has ISMS audit experience, strong digital Identity implementation experience and holds current a valid CISSP qualification or similar from a recognized Certification Body, please Contact us!
At the start of April, I was traveling again, this time to Tel Aviv. Together with Leadership Council Chair Andrew Hughes and other Kantara members sprinkled amongst national bodies, we attended the ISO SC27 meetings - specifically Working Group 5 Identity Management and Privacy. At these meetings it was formally proposed to include an example from Kantara's Consent Receipt v1.1 in Annex B of ISO 29184 Online privacy notices and consent. Not only did we come away with this great result, but also came away as appointed rapporteurs of a new Study Period to look into the feasibility of a consent receipts and records standard. Drafting a v2.0 of the consent receipt has understandably taken on a new sense of urgency for the Consent & Information Sharing Work Group. Recognizing this urgency, I'm pleased to report that a volunteer who works for a large consulting company has agreed to lead the v2.0 project.
In other ISO news Kantara's IDVP Use Case contributions were well received. Kantara’s contribution constituted the vast majority of the report. It's hard to overestimate the significance of this given that the report lays the foundation for the future posture of the identity standards coming from ISO. You can be involved too, just as long as you are a Kantara member in good standing (a requirement from ISO), in order to gain access to and contribute to the draft standards sent to us from ISO SC27 Working Group 5. Contact us if you meet the criteria so you can join the group.
It has been hot, hot hot for Mittetulundusühing Kantara Initiative Europe as well. A whooping 109 responses were received in response to the first call for proposals in its NGI_Trust project that closed April 30th! And following my meetings in Garmisch-Partenkircken last month, I'm pleased to announce Kantara is an associate partner of the Future Trust consortium to promote the implementation of and integration with eIDAS across the world. near Munich. You can read more about it here. Kantara is also in three other consortium bids for European Commission funding grants.
With all this activity, it will come as little surprise that beyond the Assurance program already mentioned, Kantara is adding staff resources to support the demand. During April we took on an additional contractor, Armin, to support Oliver in managing our increasing basket of IT and web assets. This is the first 'new hire' in five years, but certainly won't be the last. I am in the final stages of securing our first 'Kantara ambassador' to develop Kantara's ethos and membership in the Washington DC area, one of several geographically and strategically placed ambassadors you may see in coming years. More details will be forthcoming soon.
Regarding April's events, while ISO SC27 meetings tool up the first week, we finished the month and this week with a clash of events - IIW in Mountain View and Connect:ID in Washington DC. The Leadership Council working group Chairs Eve Maler, Andrew Hughes, Jim Pasquale and John Wunderlich took IIW, variously leading sessions on current state and future work on UMA, Consent Receipts and related interests with the support of a sizable number of Kantara members and non member participants. While they were there, I headed to DC to simultaneoulsy man the Kantara booth, moderate a panel 'Managing privacy, ownership and trust: Building strong digital identity' and do a presentation 'Build Customer Confidence with Assurance Trust Marks' that showed the current state of industry Trust Marks and making the case for the IDESG logo to be re-crafted as a consumer Trust Mark - something that members Mary Hodder and Andrew Hughes had been quietly advocating for some time now. Both events generated exceptionally good value for Kantara and I look forward to sharing the fruits of those labors in due course.
Looking forward, the next big event is Kantara's European Members Plenary near Munich on Monday May 13th, which curtain-raises the Kantara pre-conference workshop at the European Identity Conference the following day where the agenda is all set - see it here (remember the chunky ticket discount if you use the code shown on Kantara's events page!). June has a slew of events too, starting with Identity North in Toronto, then Identity Week in the UK, EEMA in the UK, Think Digital Identity in the UK, Whitehall Media IDM in the UK, and in the last week of June, Identiverse in Washington DC. We are pretty successful at getting community discounts for participation at all our Conferences and Events too.
It's been hectic month for marketing communications too. Let's give a special shout-out to the Marketing team at our Boston-area based association service management company Virtual who has done a stellar job with the 10th Anniversary promotion, first seen on the Keeping up with the Kantarians' monthly email blast a week or so ago (note: if you are not receiving these and want to, just Contact us). See the Infographic and celebration video here, straight off the homepage of the website. Also, look out for a steady stream of press releases over coming weeks. Kantara has so much news to share right now, that we are having to stagger the press releases.
It's been a fantastic month for membership renewals. Please join me in welcoming back Datafund, Board member digi.me, Board member Experian, Inflection Risk Solutions, Internet2, Lockstep Technologies, Ubisecure and Verizon
On the community side of the house:
- the Consent & Information Sharing WG (CISWG) is gathering contributions for the first draft of Consent Receipt v2.0 and collaborating with members on the Consent Receipt Generator and developing the demo with its requisite privacy dashboard. It is also gathering contributions on the DIACC's (the Digital Identification and Authentication Council of Canada) document out related to Notice and Consent https://diacc.ca/2019/04/03/notice-consent-overview-conformance-discussion-drafts/ as a component of the Pan-Canadian Trust Framework to set a baseline of public and private sector interoperability of identity services and solutions. If you want to contribute you must join the CIS working group (no charge)
- the UMA WG is preparing its presentations for UMA v2.0 at the forthcoming IIW, EIC and Identiverse conferences as well as the 105th IETF meeting in Canada later in the year to helpfully confirm it on the standards track - we learn about more new implementations every month!.
- the Identity Assurance Work Group (IAWG) is about to release a refreshed Overview and Glossary for the Identity Assurance Framework (IAF) and is monitoring the new NIST standards FIPS 140 and FIPS 201 for any impact or implications for the Kantara IAF.
The good news is expected to continue into the comings months, so until then, keep well, keep hustling and keep championing Kantara's ethics, ethos & services to the industry and community we serve - You!
Around the Houses:
Program, Work Group and Discussion Group Updates:
Events: See them all here!