2013 IAWG Charter Refresh - Final Draft September 30 2013

Owned by Former user (Deleted)
Last updated: Oct 01, 2013Version comment

This document is the final draft version of the refreshed IAWG Charter as of September 30, 2013. It is awaiting IAWG endorsement.

 

(1) WG NAME:

Identity Assurance Work Group (IAWG)

(2) PURPOSE: 

The purpose of the Kantara Initiative Identity Assurance Work Group (IAWG) is to:

  • be the focal point for Kantara Initiative Identity Assurance Framework (IAF) management and evolution; 
  • understand the business and technical requirements of the global federated online identity services marketplace;
  • inform and influence the global federated online identity services marketplace;
  • determine applicability and equivalence of the Kantara Initiative Identity Assurance Framework and related programs to trade association, regional, national or international Trust Framework schemes;
  • analyze and validate IAF profiles that accommodate other Trust Framework schemes; and,
  • recommend acceptance, recognition or approval of the items listed previously to the Leadership Council or Board of Trustees as appropriate.


NOTE: The definitions of IAF and IAWG will be reconciled to the Glossary versions once the Glossary update is complete.

The IAF encompasses the framework, processes, criteria and program assurance specifications and tools by which identity federation service providers and their assessors are measured. The IAF defines the operational parameters and rules of the Kantara Initiative Identity Assurance Assessment and Approval Program.

The IAWG, through development of the IAF and support of Kantara Initiative governance and assurance programs, defines the standards, processes, practices, guidance and methods by which participants in identity federations establish trusted relationships, agreements and connections. The IAWG defines the techniques by which identity federation Service Providers, Brokers, Federation Operators and other participants gain assurance of the reliability, security, thoroughness and degree of assurance of each others' processes for identity and credential information verification, validation and exchange.

The IAWG creates value by:

  • Maintaining the currency and relevance of the IAF in response to regulatory and market requirements and pressures in order to:
    • maintain the viability of Kantara Approvals and Accreditations to enable inter-party trusted transactions;
    • define a measurable set of criteria against which policies, processes and systems may be built;
    • define standardized assessment policy and processes for auditors;
    • increase consumer confidence in the federated identity and credential marketplace;
  • Being an active forum for discussion about the IAF policies, processes and programs to increase understanding and uptake of the Kantara Trust Mark.

"The Kantara Initiative Identity Assurance Working Group exists to establish and maintain
the methods and mechanisms by which participants in the globalfederated identity and credential marketplace trust each other for transactions."

(3) SCOPE: 

The scope of IAWG is to:

  • Manage, maintain and review the IAF document set;
  • Define assurance frameworks and policy instruments for identity assurance at a global scale;
    • Analyse non-Kantara Trust Framework schemes to determine comparability between those schemes and Kantara IAF;
    • Develop model architectures and patterns for identity and credential federations and participants;
    • Formulate pragmatic guidelines, recommended practices, proposed deployment models and methodologies for organizations to adopt solutions and approaches to online services that leverage identity assurance;
    • Foster trust in online services through security, privacy and choice mechanisms;
  • Support the Kantara Initiative to foster adoption of the Kantara IAF; and,
  • Engage Kantara for expert input and guidance on topics covered by the IAF.

The focus of IAWG will be technology agnostic to the extent possible, and strategy/policy oriented.

The following are not part of the scope of IAWG:

  • Evaluation of technology or products to comply with particular identity assurance specifications – whether this is authentication technology, identity verification services, credentialing technologies, and the like.
  • Management or direct oversight of certification and assessment programs designed to facilitate compliance with the IAWG output.

(4) DRAFT TECHNICAL SPECIFICATIONS: 

As per the scope defined in section (3) above, IAWG will not be producing technical specifications..

(5) OTHER DRAFT RECOMMENDATIONS: 

  • The proposed Draft Recommendations of the IAWG are listed and described in the working group wiki space, Roadmap section. The proposed Draft Recommendations list is reviewed no less than semi-annually by the IAWG.

(6) LEADERSHIP: 

The Kantara-approved Leadership Roles are defined here.

The IAWG will have the following roles:

  • An IAWG Chair – A single individual will hold this role. Its responsibilities are: provide overall coordination, administrative oversight, public representation and decision-making ability over certain topics. This position will be elected by the members of the group in accordance with the Kantara Initiative Operating Procedures and ByLaws. 
  • IAWG Vice-Chair – There should be a minimum of two. The Vice Chair will lead specific areas within the work group as scoped by the Chair. The Vice Chair will be responsible for successful completion of work and deliverables within the specific scope of the area of focus. The initial requirement is a Vice Chair of Technology (to ensure quality review and feedback to the IAF from a technical implement-ability perspective and facilitate appropriate liaisons with outside technical groups) and a Vice Chair of Policy (to ensure quality review and feedback to the IAF and facilitate appropriate liaisons with outside policy groups).
  • IAWG Task Leader – There could be as many of these leaders as deemed appropriate by the group in order to complete specific tasks. These roles will be held by volunteer group members, appointed by either the Chair or Vice Chair under which the particular task falls. The Task Leader is responsible for successful completion of work and deliverables assigned. The Task Leader's terms of reference and duration will be established on appointment and will be driven by the focus of the task.

The leadership team as of September 20, 2013 is:

IAWG Chair: Myisha Frasier-McElveen

Vice-Chair: Rich Furr

Secretary: Andrew Hughes

(7) AUDIENCE: 

  • Credential Service Providers
  • Federation Operators
  • Relying Parties
  • Policy Makers
  • Assessors
  • International standards development organizations focused on identity management
  • Industry consortia and communities of interest focused on either a specific identity management technology or an industry segment building recommendations for identity management best practice

(8) DURATION: 

The IAWG is chartered to be an ongoing Work Group in the Kantara Initiative to maintain the Recommendations it produces over time. The charter will be reviewed and, if deemed necessary, revised on an annual basis. Its charter may be amended from time to time, with changes approved by the Leadership Council.

(9) IPR POLICY: 

Kantara Initiative IPR Option: Patent & Copyright: Reciprocal Royalty Free with Opt-Out to Reasonable And Non-discriminatory (RAND)

(10) RELATED WORK AND LIAISONS: 

Part of the mission and goal of IAWG is the harmonization and collaboration with other industry and standards organizations that have synergy with identity assurance concepts. Therefore it is integral to the success of IAWG, that it maintains active communications, collaboration, contribution and liaison with groups including but not limited to:

  • Industry Consortia: ICF, OIDF, OASIS, GSA-FICAM, EHNAC, DirectTrust, NSTIC IDESG
  • ISO SC27
  • ITU-T SG17
  • INCITS CS1
  • ANSI IDSP (Identity Proofing Standards)
  • tScheme
  • Healthcare Information and Management Systems Society (HIMSS)
  • InCommon
  • TERENA – Trans-European Research and Education Networking Association
  • ETSI ESI (Electronic Signatures and Infrastructure) Technical Committee
  • Kantara Assurance Review Board
  • Kantara Interoperability Review Board
  • Kantara Work Groups and Discussion Groups

(11) CONTRIBUTIONS (optional): 

  • Identity Assurance Framework Set (version 1.1 created by Liberty IAEG in 2008)
  • Identity Assurance Framework - Read Me (created by Liberty IAEG in 2008)

(12) PROPOSERS: 

The original proposers were:

  • Myisha Frazier-Mcelveen, CitiGroup
  • Rich Furr, SAFE Bio-Pharma
  • Nigel Tedeschi, British Telecom
  • Frank Villavicencio, NetStar-1