2025 RIUP Charter Update - DRAFT

Notes

• Technical Specifications (4): These need to be updated to outline our current work and any new elements we are publishing. (community partners, tech partners, diagrams like Tom’s drawing of the ecosystem, etc.

• Recommendations (5): The draft recommendations seem outdated. Let’s revise them to reflect the current direction and progress. (MAAS update, PCQ, RIUP - User Stories, etc.)

• Missing Elements: It looks like we’re still missing some crucial pieces, like user stories.

• Leadership (6): The leadership section needs to be updated to accurately reflect the current members and roles.

• Scope (3): We should refine the scope to indicate which parts have been achieved so far and revise it based on the work completed. (MAAS update, PCQ, etc.)

• Action Plan for (4) and (5): Let’s also reflect an actionable plan in both the updated technical specifications and recommendations, aligned with our current agenda.

  • Some of this is already in draft or available in the resources area of this wiki.

Additional Notes

• Update finished specifications and include details about the annual reports.

• Edit Draft (2025 RIUP Charter Update - DRAFT)

• Fire Mobile Authentication document re: OneDrive [Mobile Authentication Assurance Statement (MAAS) ]

• Report on Mobile Driving License Privacy (HTML)

• Federated Identities for Resilient Ecosystems

• Health Identity Working Group

• Edit Draft (Kantara Mobile Assurance Statement)

• Usability in the introductory paragraph (Access)

• Update Purpose, and 4 - https://onedrive.live.com/personal/2328183920f4346c/_layouts/15/Doc.aspx?sourcedoc={20f4346c-1839-2028-8023-840700000000}&action=default&redeem=aHR0cHM6Ly8xZHJ2Lm1zL3AvcyFBbXcwOUNBNUdDZ2pqd1MyNDhJY2xTbXQtWWRWP2U9NnVERTRk&slrid=9b7b82a1-e0d9-8000-045f-e9d96c7832ac&originalPath=aHR0cHM6Ly8xZHJ2Lm1zL3AvYy8yMzI4MTgzOTIwZjQzNDZjL1FXdzA5Q0E1R0NnZ2dDT0VCd0FBQUFBQXR1UENISlVwcmZtSFZRP3J0aW1lPXQ5VlR5bzlQM1Vn&CID=3c0d759c-cb17-4686-8edb-d93174e11d68&_SRM=0:G:95&file=KI vision details for RIUP 240416.pptx

Working Draft is located at: Edit Draft (2025 RIUP Charter Update - DRAFT)

Below is for information purposes. Please make comments and edits on the Google Doc. (This is a draft charter, not sure if this is meant for MAAS or other… Please highlight changes with a color on this version of the draft, and or copy it to a Google Doc, readline and share here/with group.

(1) WG RIUP (and any acronym or abbreviation of the name):

Resilient Identifiers for Underserved Populations Work Group (RIUP WG)

(2) PURPOSE:

The Work Group aims to support vulnerable and underserved populations in America. At a high level, these populations include those with physical and cognitive disabilities or who are homeless, impoverished, senior citizens, immigrants, incarcerated, institutionalized, and otherwise underserved minority groups that need digital credentials to access online resources, particularly online healthcare and financial resources. Without an easily reusable identifier, it is nearly impossible for these individuals to gain secure access to the resources and services that may be available to them.

Our goal is to ensure inclusive, usable, and trustworthy digital identity solutions that promote equitable access and reduce harm.

We will work in collaboration with other private sector and public agencies towards establishing identifiers and access management (IAM) solutions that respect privacy, promote efficiency, limit redundancy, reduce barriers to use/adoption, increase interoperability, improve security, enhance safety and trust, eliminate identification errors, support resiliency, and achieve greater empowerment across the entire spectrum of online transactions. The RIUP WG will identify, coordinate, innovate, and harmonize with ongoing and emerging identity initiatives, standards, and technologies, and communicate our findings to all relevant stakeholders, both in the US and, selectively, with other countries, under the leadership of the Kantara Initiative.

In 2023, RIUP focused on defining underserved populations and exploring the use of state-issued IDs and mobile wallets as tools for inclusion. A draft Digital Identifier Inclusion report was circulated internally by the end of the year.

In 2024, the group pivoted to onboarding new members and collecting feedback for version 1.1 of the report, targeted for Q1. Later that year, RIUP released the finalized Digital Identifier Inclusion Report (drafted May 2024, published October 2024), along with the Purpose Consent Query (PCQ) draft. These foundational artifacts inform ongoing work to ensure that future IAM solutions prioritize inclusion, consent, and usability.

Working draft updates and roadmap artifacts are tracked in the KI Vision Deck (OneDrive):
KI Vision Details – April 2024. (tk link)

(3) A SCOPE – Guidelines for Cultivating a User-Centric Trust and Promoting Adoption within Underserved Communities

To advance a user-friendly, authenticated digital identity platform that will elevate online trust for vulnerable and underserved persons, including both adults and children, and accelerate secure, convenient access, the Digital Identifier Inclusion Report provides key insights into ensuring accessibility, accountability, and enhanced user privacy of these populations and their delegated caregivers must be protected. The goal is not to advance more challenges and bottlenecks to exploit but to deliver user-friendly, smart device functions, applications, and training features that, by incorporating recommendations from the Digital Identifier Inclusion Report, along with cultural themes and attributes, will aid vulnerable and underserved users to securely navigate online while protecting their privacy and identity.

To empower an underserved or vulnerable user to engage with needed services, we must be prepared to demonstrate measured success, hence the need to create guidelines and capabilities with unique design approaches, incentives, and dynamic training methods to build a trustworthy accountable messaging process. Aligning with the Digital Identifier Inclusion Report’s framework for digital inclusion so users can have a say in their data management with accountability. This mission will provide data as well as the ability to dissolve existing systemic barriers and bottlenecks faced by vulnerable and underserved populations.

The Healthcare Industry and Banking/Finance are two of the largest industries that experience major problems with underserved and vulnerable populations and should be high priorities for the scope of work. Findings from the Digital Identifier Inclusion Report further emphasize the need to address identity verification gaps in these sectors. This should not exclude other areas where secure, trusted online commerce is essential to societal well-being and advancement.

To further develop the Gateway Provider Trust Network, launched in 2023, collaborating with partners like Entidad to explore integration with state-level digital ID programs such as the California DMV’s digital license. The group also developed comprehensive visuals and journey maps that capture customer experiences, access barriers (e.g., lack of physical ID, internet, or devices), and the digital identity divide among gateway populations. These tools illustrate both the challenges faced by underserved individuals and proposed solutions, such as temporary or limited credentials, offline processes, and Bluetooth Low Energy interactions.

This year, RIUP benefits from additional the technical and community-level contributions from the former Federated Identities for Resilient Ecosystems (FIRE WG) and Health Identity Assurance WG, which were merged in 2022. These collaborations help situate RIUP within a broader identity ecosystem, advancing efforts around mobile authentication and trust frameworks.

(3) B SCOPE – Tools

1. Publish Use Case for Trusted Identifiers for underserved populations, incorporating findings from the Digital Identifier Inclusion Report.

   1. Emphasize, highlight, and prioritize user scenarios/stories from vulnerable and underserved populations to improve services for all users

   2. Test the Use Case and user stories across different verticals and persons of varying backgrounds and cultures

2. Harmonized vocabulary/dictionary informed by insights from the Digital Identifier Inclusion Report.

   1. Understandable by individual/common knowledge

   2. Crosswalk of W3C data privacy vocabulary or similar taxonomies vs human-centric/plain language

   3. Could be a combination of plain language and metaphor/semiotics

3. Integrate considerations from the Digital Identifier Inclusion Report into the classification of Identifiers

   1. It may be necessary to create separate classes of Identifiers for selected, large, regulated industries, e.g., Finance/Banking and Healthcare among others.

4. Liaise with Kantara ANCR WG on transparent and proportional notice of risk

   1. Leverage the Digital Identifier Inclusion Report to enhance methods for identifying and capturing the activity of data controller; exposes surveillance and enables individuals to take action

5. Launch Gateway Provider Trust Network to establish trusted, community-based integration points.
   Publish gateway provider list and associated population metrics.

6. Collaborate with partners like Entidad to explore integration with state digital ID programs, including California DMV’s mobile driver’s license.

7. Reference and incorporate the Mobile Driving License Privacy Report into technical and policy discussions.

8. Inform trust and consent design for digital wallets using real-world gateway engagement and integration efforts.

9. Align gateway participation with broader digital credentialing strategies focused on inclusion and accessibility.

10. Support harmonization of trust signals across state-level programs and community-based providers.
    Use gateway network insights to surface common access barriers and contextual trust requirements.
    Advance user-centric design for mobile identity wallets rooted in transparency, proportionality, and usability.

(4) DRAFT TECHNICAL SPECIFICATIONS: List Working Titles of draft Technical Specifications to be produced (if any), projected completion dates, and the Standards Setting Organization(s) to which they will be submitted upon approval by the Membership.

A full summary of finalized specifications and achievements will be compiled in the 2025 Annual Report. This will include updates to the Digital Identifier Inclusion Report (v1.1), contributions from the Gateway Provider Trust Network, and the revised Mobile Authentication Assurance Statement (MAAS).

Draft updates to the Kantara Mobile Authentication Assurance Statement (MAAS) will be informed by findings from the Gateway Provider Trust Network and field usability testing.
→ MAAS 1.0 (2020)
→ 2025 MAAS WiP (draft link)

IEEE Draft Standard for Machine Readable Personal Privacy Terms

(5) DRAFT RECOMMENDATIONS: Other Draft Recommendations and projected completion dates for submission for All Member Ballot.

The working draft slide deck outlining the RIUP 2025 roadmap is available via KI Vision Details (OneDrive link). Achievements to date will serve as foundational inputs to Version 1.1 of the Digital Identifier Inclusion Report (expected Q2 2025) and the updated Mobile Authentication Assurance Statement (expected Q3 2025).

(6) LEADERSHIP: Proposed WG Chair and Editor(s)

• Chairs & Secretary (initial)

  • Co-Chairs – Jim Kragh and Dr. Tom Sullivan

  • Vice Chair – Justin Byrd

  • Secretary – Noreen Whysel

  • Editor – Noreen Whysel

(7) AUDIENCE: Anticipated audience or users of the work includes

The ultimate goal of the WG is to provide the coordination, leadership, and technical support necessary to ensure widespread adoption of a Trusted Identity Ecosystem Framework across the entire community of individual persons who need these digital credentials and online access to help reduce their vulnerability to the many adverse events of our 21^stcentury life. To this end, we will embrace communities already engaged with vulnerable and underserved populations, along with a select few corporate entities. By engaging with them and achieving some successful measured benchmarks we will be able to influence policy-makers, thought leaders, government agencies, and private sector entities through education and advocacy. To this end the work group deliverables will address the following audiences:

• Software developers, product managers, user experience designers, information architects and others, as a means of achieving accessibility and interoperability across a wide range of identity, security, and privacy of use cases.

  • Also includes software vendors, security and privacy advisors, and digital wallet providers.

• Developers of decentralized governance and next generation internet services.

• Regulators looking for technical controls and solutions to implement legal requirements that scale. In particular to identify gaps in current solutions that ignore or discriminate against vulnerable and underserved populations.

  • Focused on practical usability for all levels, from regulators to frontline professionals.

• Operators of identity, privacy, security and interoperability of EHR, disaster relief and similar systems in the real world.

  • Including healthcare and disaster response professionals, EHR operators, and NGO field practitioners.

• Nurses, case managers, NGO program managers, teachers, physicians, social workers, librarians and other professionals who serve the needs of the underserved, provides something that can be understood by people.

  • Also targeting community leaders, business stakeholders, government agencies, national and local organizations, and DII/PCQ outreach audiences in 2025.

RIUP will also produce educational materials and technical summaries to support developers and decision-makers working in state programs like California DMV and others advancing mobile credentials.

(8) DURATION: Objective criteria for determining when the work of the WG has been completed (or a statement that the WG is intended to be a standing WG to address work that is expected to be ongoing).

The first phase includes the completion of use cases and, in parallel, the development of a harmonized vocabulary. While initial deliverables are expected within one year, there is no defined endpoint for the group, which will continue as a standing body with ongoing work.

A 2025 Annual Report will summarize progress on all chartered deliverables.

(9) IPR POLICY: The Organization approved Intellectual Property Rights Policy under which the WG will operate.

Kantara Initiative IPR Policy - Patent and Copyright, Reciprocal Royalty Free, opt out to RAND,
https://kantarainitiative.org/confluence/pages/viewpage.action?pageId=41025689

(10) RELATED WORK AND LIAISONS: Related work being done in other WGs or other organizations and any proposed liaison with those other WGs or organizations.

Developing off of the prior work of the Federated Identifiers for Resilient Ecosystems work group (FIRE WG) and the Health IT Assurance work group (HIA WG), the RIUP WG will liaise with the following work groups and organizations:

[tk add links]

• HHS ONC (Office of the National Coordinator)

• NIST 800-63-4

• CARIN Alliance, Code of Conduct

• FHIR HL7

• NCPDP

• ID2020

• Kantara Alliance Working Groups

  • ANCR WG

  • PEMC WG

  • IA WG

  • UMA (Healthcare use case)

• Mobile Driving License Privacy Report (under DMV digital ID integration)

• Federated Identities for Resilient Ecosystems (FIRE WG) – foundational work

• Health Identity Assurance WG – alignment for health-sector credentialing

• Mobile Authentication Assurance Statement (MAAS) revisions – coordinated with 800-63-4 recommendations

(11) CONTRIBUTIONS (optional): A list of contributions that the proposers anticipate will be made to the WG.

Ongoing Work (see 2024 achievements above):
– 2023: Definition of Underserved Populations, Draft Digital Identifier Inclusion Report, Use Cases and Personas
– 2024: Gateway Provider Trust Network, Digital Identity Visual Maps, published Digital Identifier Inclusion Report

- 2025.. maas dii, pcq…

(12) PROPOSERS: Names, email addresses, and any constituent affiliations of at least the minimum set of proposers required to support forming the WG. At least 3 proposers must be listed. At least 2 of the proposers must be Kantara Initiative Members - current members list

Addendum:

A VP Trust Framework, starts with an Authenticated Identity

According to Pew Research, April 2021, 97% of Americans own a phone, 19%, with an income below $30k, had a cellphone and 75% had a smart phone; between the ages of 18-64, 90% had smartphones; 61% of seniors over 65 had smartphones. A majority of the vulnerable and underserved population have smartphones for social purposes; not state issued ID or authenticated identifiers and not trust framework platform.

Trust Framework Features and Functions

(Scalable, flexible and mitigates risk)

Features: Currently we are now and, in the future, will be living in an “always on and connected” framework of platforms with end points, human devices, and software-applications that generate data (assets) initiated by a user ID/identifier.

Functions: Users ‘access’ data-assets using technologies that initiate a process in a defined environment that is governed by privacy rules and a policy engine.

Elements of an AAL/IAL onramp for a trusted identity/identifier. The engagement may be a combination of assurance features like attributers, a verification and validation process, possession of a device/key, a unique credential or a biometric the combination of which initiate authentication, authorization and privacy functions.

To protect your identity, privacy and data, start with building your trusted online identity. For a VP user, would enroll for a base level trusted authenticated identity with a receipt feature and be given a beneficial valued incentive. An enrollee seeking a strong online high trust level authenticated identity with digital signing and a non-repudiated functions andreceipts features in addition to a valued incentive.

Kantara’s tools: (including FIRE & HIA docs sent to ONC)

• Federated identity and Identity and Assurance = Privacy

  • Credentials, Policies and Access Controls

  • Identifiers and Matching

  • User Relationships and Exchanges

• Digital notice and Consent-Receipts

• Smart Mobile Devices / Endpoints

  • EHR interface, HL-7/Smart-on FHIR, APIs

  • Data Aggregation, User Data Management

• A Kantara Trustmark for Vulnerable and Underserved Populations

The Vulnerable and Underserved Populations should not experience any barriers to access beyond those that privileged claimants also face. (According to ADA)

A Trust Profile of terms:

According to a national accounting firm, technical trust is “a set of enterprise technical attributes that helps deliver a positive customer experience.” We believe that ‘trust’ a confidence that one has in another that the second will behave as expected. Trusted, indicates that one element relies on the other to fulfill a requirement on its behalf. Technically, a ‘trusted boot’ (NIST) is a system boot where aspects of the hardware and firmware are measured and compared against known good values to verify integrity and trustworthiness; it represents that the technology is worthy of being trusted to fulfill the requirement. A Trustmark is an official seal, authentication feature, certification, license, or logo provided by an identity trust framework operator to certified identity providers within its identity trust framework or federation to signify that the identity provider complies with the written rules and policies of the identity trust framework or federation.

 The vulnerable and underserved should not face more access barriers than any other user.