LC telecon Notes 2013-01-16 - Strategy Call
Â
LC telecon 2013-01-16
Date and Time
- Date: Wednesday, 16 January 2013
- Time: 13:00 PT | 16:00 ET | 21:00 UTC (time chart)
- Dial-in:Â Skype:+99051000000481
- US Dial-In: +1-805-309-2350 | Room Code: 402-2737
- For more dial-in information, see: http://kantara.atlassian.net/wiki/display/GI/Telco+Bridge+Info
Agenda
- Roll Call
- Discussion
- Business model exploration
- AOB
- Adjourn
Attendees
- Eve Maler
- Tom Smedinghoff
- Myisha Frazier-McElveen
- Colin Wallis
- Allan FosterÂ
- Patrick CurryÂ
- Pete Palmer
Staff:
- Heather Flanagan (scribe)
- Andrew Hughes
- Joni Brennan
Notes
See email thread on the LC: "[KI-LC] 2013 Roadmap ideas topic on the LC agenda.."
New ideas: training in the identity ecosystem might be an interesting business opportunity; Kantara to put on seminars? "Market Maker"; a project model or a subscription model?
- In a market model, we can set the rules, and we can assist market participants in coming to the market; if we know of a large constituency that doesn't see the value today of exposing their consumers/citizens to this market, maybe our role is to consult with them to inform them and bring them in
There is a market perhaps more at the high LoA than the lower LoA, both for governments and for Kantara; as governments require higher levels of assurance, then we have a business opportunity to help the suppliers of those governments to be certified at those levels
Note that if Kantara is seen as the right hand of FICAM and tied so tightly to a government, then suppliers don't see a reason to do anything with Kantara
A good point, but if suppliers can work through brokers to get to government, what role does Kantara have at all? We need a high security federation model in highly regulated supply chains
The use cases for assurance may not align well with what the government needs; LoA 1-4 is completely well backed by use cases that are government driven, there are some private sector use cases that can work with that tight progression, but most can't (i.e. strong correlation being more critical to private sector than verification); a huge market for "authentication 3, proofing 0"
That model, between social identity proofing space and the hardcore proofing, is the basis for a presentation Colin W will be doing
So, what does this mean for Kantara? Continue on the current path, or shift to a consumer view of the trust framework, splitting authN from the proofing? Can socialness have a value and how do we offer services? While a certain vendor model might be terrible in one jurisdiction or sector, it might be perfectly reasonable elsewhere - Kantara shouldn't make that call
In our discussion, we're segmenting the marketplace, and the characteristics of each part are different as are the opportunities; Kantara is in 1 or 2 places at the moment, but not everywhere, so we can cherry pick in the others so we can more easily integrate and operationalize the work; we want to be most impactful with the least expenditure of resources
The rigidness of LoA 1-4 may not even work for governments; they are just told they have to fit
Problem is that when talking about suppliers and governments, for interoperability purposes need to have as few options as possible; look at this from the perspective of a company and what they have to pay to be in compliance with; follow the money
Are we resource constrained enough to have to focus only one end of this continuum, or can we focus on two? There is no one sized fits all here. Can we afford not to?
Maybe there is a business model for innovating here, outside the strict LOA?
Levels 1 and 4 seem fairly clear, but it gets grey as people look for some kind of gradient between 2 and 3; the IAF has tried to account for some of that need, but we if we don't have real requirements driving it, it makes it hard to build a business model and a framework out of it
The mandate of Kantara focusing on Community, like the Cloud Space or something, and we are looking for places where trust is essential
Can we coordinate which sectors we are exploring to maximize our investment of time?
Short term: industry standard certification in the UK
Eventually we're going to have to circle around to submit the SAC to ISO; but perhaps ISO is not in a position to recognize to recognize the SAC?
Europe has no Assurance Assessment Criteria; so this is a potential big space; we would need to create an extension for the European space
Patrick to draft an email describing what something could look like from a non-government point of view
Ask Eve to write up something similar for the social space
Trusted Platform computing is set out to publish a module involving device authentication, particularly at low LoA; when that spec comes out, it is being discussed that there is no certification model for operators at the end point; maybe this area could be a business opportunity space for us as well? This could impact all the mobile providers as well as leading in to health care space. Let's reach out to the telco's to get them to provide assessment criteria use cases; this could also be discussed with TechAmerica
- is this market around the assessors or the consumers here? Both markets
Concern is that our core business is not creating the awareness and understanding needed in the market place to create a client base; our core business is the certification and assessment
New Action Items
Action | Assigned To | Description | Comments |
---|---|---|---|
 |  |  |  |
 |  |  |  |
 |  |  |  |
Â
Next meeting
Date: Wednesday, 23 January 2013 - Admin Call
Time: 13:00 PT | 16:00 ET | 21:00 UTC (time chart)
Call-in toll-free number: 1-866-203-0920
Call-in number: 1-206-445-0056
- Conference Code: 5423695925#