2013 IAWG Charter Refresh - Fall 2013 - markup working draft

(1) WG NAME (and any acronym or abbreviation of the name): The WG name, acronym and abbreviation must not include trademarks not owned by the Organization, or content that is infringing, harmful, or inappropriate.

Identity Assurance Work Group (IAWG)

(2) PURPOSE: Please provide a clear statement of purpose and justification why the proposed WG is necessary.

The purpose of the Kantara Initiative Identity Assurance Work Group (IAWG) is to:

• be the focal point for Kantara Initiative Identity Assurance Framework (IAF) management and evolution; 
• understand the business and technical requirements of the global federated online identity services marketplace;
• inform and influence the global federated online identity services marketplace;
• determine applicability and equivalence of the Kantara Initiative Identity Assurance Framework and related programs to trade association, regional, national or international Trust Framework schemes;
• analyze and validate IAF profiles that accommodate other Trust Framework schemes; and,
• recommend acceptance, recognition or approval of the items listed previously to the Leadership Council or Board of Trustees as appropriate.

The IAF encompasses the framework, processes, criteria and program assurance specifications and tools by which identity federation service providers and their assessors are measured. The IAF defines the operational parameters and rules of the Kantara Initiative Identity Assurance Assessment and Approval Program.

The IAWG, through development of the IAF and support of Kantara Initiative governance and assurance programs, defines the standards, processes, practices, guidance and methods by which participants in identity federations establish trusted relationships, agreements and connections. The IAWG defines the techniques by which identity federation Service Providers, Brokers, Federation Operators and other participants gain assurance of the reliability, security, thoroughness and degree of assurance of each others' processes for identity and credential information verification, validation and exchange.

The Identity Assurance Work Group (IAWG) within the Kantara Initiative fosters the adoption of trusted online identity services aligned to levels of assurance (LOA) ranging from low to very high.

To advance this goal, the IAWG will provide a forum for evolving the Identity Assurance Framework (IAF) and furthering market adoption of federated identity services at a global scale by working with the Board of Trustees to establish the necessary support programs for accrediting and certifying various roles in the ecosystem, such as Credential Service Providers and Federation Operators.

The framework and processes will be defined in a way that scales, enables business processes and benefits individual users of services provided at specific identity LOA. The final deliverables will be a suite of harmonized, best-of-breed industry standards for the assessment of identity services, and support for inter-party trust and inter-federation, as well as policies, operating rules, guidelines and recommended practices to foster adoption of identity assurance-based solutions.

The IAWG creates value by:

• Maintaining the currency and relevance of the IAF in response to regulatory and market requirements and pressures in order to:
  • maintain the viability of Kantara Approvals and Accreditations to enable inter-party trusted transactions;
  • define a measurable set of criteria against which policies, processes and systems may be built;
  • define standardized assessment policy and processes for auditors;
  • increase consumer confidence in the federated identity and credential marketplace;
  • 
    
• Being an active forum for discussion about the IAF policies, processes and programs to increase understanding and uptake of the Kantara Trust Mark;
• 
  
• <<Myisha to add text about knitting together multiple TF Schemes>>

"The Kantara Initiative Identity Assurance Working Group exists to establish and maintain the methods and mechanisms by which participants in the global federated identity and credential marketplace trust each other for transactions."

(3) SCOPE: Explain the scope and definition of the planned work.

The IAWG's goal is to provide public and private sector organizations with well-defined means of relying on identity credentials and assertions issued by a variety of identity service providers for both authentication and authorization, in order to advance trusted identity federation and thereby facilitate broad user acceptance. In line with this goal, here is IAWG’s scope:

The scope of IAWG is to:

• Manage, maintain and review the IAF document set;
• Define assurance frameworks and policy instruments for identity assurance at a global scale;
  
  • Analyse non-Kantara Trust Framework schemes to determine comparability between those schemes and Kantara IAF;
  • Develop model architectures and patterns for identity and credential federations and participants;
  • Formulate pragmatic guidelines, recommended practices, proposed deployment models and methodologies for organizations to adopt solutions and approaches to online services that leverage identity assurance;
  • Foster trust in online services through security, privacy and choice mechanisms;
• Support the Kantara Initiative to foster adoption of the Kantara IAF; and,
• Engage Kantara for expert input and guidance on topics covered by the IAF.
• Define standards and frameworks for identity assurance policy for both the public and private sectors at a global scale
• Promote wider use of identity credentials at various LOA.
• Analyze technology, policies, standards, and solutions relating to identity federation and identity assurance.
• Identify opportunities where adoption of the IAF could save time and resources in implementing identity federations
• Seek harmonization and standardization – avoid "re-inventing the wheel" or needlessly duplicating effort by identifying best practices across multiple industry sectors in this globally diverse working group and investing in productive liaison relationships across industries and geographies.

The focus of IAWG will be technology agnostic to the extent possible, and strategy/policy oriented.

The following areas are not considered part of the scope of IAWG:

• Definition of technical standards, whether for identity assurance or authentication assurance – the focus of IAWG will remain technology agnostic to the extent possible, and strategy/policy oriented.
• Evaluation of technology or products to comply with particular identity assurance specifications – whether this is authentication technology, identity verification services, credentialing technologies, and the like.
• Management or direct oversight of certification and assessment programs designed to facilitate compliance with the IAWG output.

(4) DRAFT TECHNICAL SPECIFICATIONS: List Working Titles of draft Technical Specifications to be produced (if any), projected completion dates, and the Standards Setting Organization(s) to which they will be submitted upon approval by the Membership.

As per the scope defined in section (3) above, IAWG will not be producing technical specifications..

(5) OTHER DRAFT RECOMMENDATIONS: Other Draft Recommendations and projected completion dates for submission for All Member Ballot.

• The proposed Draft Recommendations of the IAWG are listed and described in the working group wiki space, Roadmap section. The proposed Draft Recommendations list is reviewed no less than semi-annually by the IAWG.
• A set of strategic recommendations to the Kantara Initiative Board of Trustees regarding the development and operation of an Identity Assurance Certification program to advance the adoption of the IAF that would serve to foster inter-federation deployments on a global scale. (Summer, 2009).
• The Identity Assurance Framework (IAF) – which is a compendium of documents including guidelines, procedural and technical trust criteria for identity service providers, relying parties and federations, and assessment methodologies for determining conformance to trust criteria. The IAF will be based on broad input from both public and private industry stakeholders with relevant experience.

Here are the currently identified deliverables that are part of the IAF along with their expected publication timeline:

• Overview (Summer, 2009)
• Glossary (Summer, 2009)
• Assurance Levels (Summer , 2009)
• Assurance Assessment Scheme (Summer, 2009
• Assessor Qualification & Requirements (Summer, 2009)
• Service Assessment Criteria (Summer, 2009)
• Service Approval Authority Requirements (Summer, 2009)
• Federation Operator Rules and Guidelines (Q4, 2009)
• Relying Party Guidelines (Q1, 2010)

Note: Estimated completion dates accompanying each deliverable are subject to change.

(6) LEADERSHIP: Proposed WG Chair and Editor(s) (if any) subject to confirmation by a vote of the WG Participants.

The Kantara-approved Leadership Roles are defined here.

The IAWG will have the following roles:

• An IAWG Chair – A single individual will hold this role. Its responsibilities are: provide overall coordination, administrative oversight, public representation and decision-making ability over certain topics. This position will be elected by the members of the group in accordance with the Kantara Initiative Operating Procedures and ByLaws. 
• IAWG Vice Chair – There should be a minimum of two. The Vice Chair will lead specific areas within the work group as scoped by the Chair. The Vice Chair will be responsible for successful completion of work and deliverables within the specific scope of the area of focus. The initial requirement is a Vice Chair of Technology (to ensure quality review and feedback to the IAF from a technical implement-ability perspective and facilitate appropriate liaisons with outside technical groups) and a Vice Chair of Policy (to ensure quality review and feedback to the IAF and facilitate appropriate liaisons with outside policy groups).
• IAWG Task Leader – There could be as many of these leaders as deemed appropriate by the group in order to complete specific tasks. These roles will be held by volunteer group members, appointed by either the Chair or Vice Chair under which the particular task falls. The Task Leader is responsible for successful completion of work and deliverables assigned. Examples: specific documents within the IAF set, such as the Relying Party guidelines or attribute level identity assurance. The Task Leader's terms of reference and duration will be established on appointment and will be driven by the focus of the task.

Note: During the transition phase of the Liberty Alliance Identity Assurance Expert Group (IAEG) into IAWG, Frank Villavicencio, current member of IAEG and registered member of Kantara Initiative, will act as the primary liaison and point of contact for the Leadership Council, as well as “convener” during the initial formation of the work group, until a Chair is elected.

The leadership team as of September 20, 2013 is:

Chair: Myisha Frasier-McElveen

Vice-Chair: Rich Furr

Secretary: Andrew Hughes

(7) AUDIENCE: Anticipated audience or users of the work.

• Credential Service Providers
• Federation Operators
• Relying Parties
• Policy Makers
• Assessors
• International standards development organizations focused on identity management
• Industry consortia and communities of interest focused on either a specific identity management technology or an industry segment building recommendations for identity management best practice

(8) DURATION: Objective criteria for determining when the work of the WG has been completed (or a statement that the WG is intended to be a standing WG to address work that is expected to be ongoing).

The IAWG is chartered to be an ongoing Work Group in the Kantara Initiative to maintain the Recommendations it produces over time. The charter will be reviewed and, if deemed necessary, revised on an annual basis. Its charter may be amended from time to time, with changes approved by the Leadership Council.

(9) IPR POLICY: The Organization approved Intellectual Property Rights Policy under which the WG will operate.

Kantara IPR Policy - Option Liberty

Kantara Initiative IPR Option: Patent & Copyright: Reciprocal Royalty Free with Opt-Out to Reasonable And Non-discriminatory (RAND)

(10) RELATED WORK AND LIAISONS: Related work being done in other WGs or other organizations and any proposed liaison with those other WGs or organizations.

Part of the mission and goal of IAWG is the harmonization and collaboration with other industry and standards organizations that have synergy with identity assurance concepts. Therefore it is integral to the success of IAWG, that it maintains active communications, collaboration, contribution and liaison with groups including but not limited to:

• Industry Consortia: ICF, OIDF, OASIS, GSA-FICAM, EHNAC, DirectTrust, NSTIC, IDESG
• ISO SC27
• ITU-T SG17
• INCITS CS1
• ANSI IDSP (Identity Proofing Standards)
• tScheme
• Healthcare Information and Management Systems Society (HIMSS)
• InCommon
• TERENA – Trans-European Research and Education Networking Association
• ETSI ESI (Electronic Signatures and Infrastructure) Technical Committee
• Kantara Assurance Review Board
• Kantara Interoperability Review Board
• Kantara Work Groups and Discussion Groups

(11) CONTRIBUTIONS (optional): A list of contributions that the proposers anticipate will be made to the WG.

• Identity Assurance Framework Set (version 1.1 created by Liberty IAEG in 2008)
• Identity Assurance Framework - Read Me (created by Liberty IAEG in 2008)

(12) PROPOSERS: Names, email addresses, and any constituent affiliations of at least the minimum set of proposers required to support forming the WG.

The original proposers were:

• Myisha Frazier-Mcelveen, CitiGroup
• Rich Furr, SAFE Bio-Pharma
• Nigel Tedeschi, British Telecom
• Frank Villavicencio, NetStar-1