Kevin Cox is a participant in the Kantara Initiative’s User-Managed Access (UMA) Work Group. His interest in User-Managed Access stems from a long experience in user interface design and the construction of information systems with a user focus.

Kevin blogs at http://cscoxk.wordpress.com. The blog is subtitled “the implications of giving users control over their online information”. In 2004 Kevin founded Edentiti a company whose objective is to give users control over electronic information about themselves. The first Edentiti product greenID gives an individual tools to verify their own electronic identities. With this product the individual becomes their own Identity Provider. The tools for a person being their own Identity Provider are the same as the tools used by third party Identity Providers. However, the resulting system is less expensive to operate while protecting privacy and increasing trust.

In UMA terminology Edentiti is currently designing and developing tools to allow an individual to be their own Authorisation Manager (AM). It is believed that the same advantages of a person being their own Identity Provider will hold when a person becomes their own Authorising Manager. The underlying software and user interface components will be the same or similar but the emergent properties of increased trust, privacy protection and lower cost will emerge because the person is their own AM.

Kevin wrote his first program in 1962 and ran it on a machine, in a chocolate factory, that was a commercial development of the computer used in code cracking during the second world war. Kevin has been an active participant, in many roles, as computers have changed from helping calculations to systems that expand our intellect and enhance our ability to communicate with others.

We’re very happy to have Kevin’s leadership and knowledge.

Last week I attended the Experian Vision Conference. This conference is produced by Experian with attendance from their customers, partners and relying party services. It was a unique opportunity to speak to representatives who are stakeholders in trusted identity services communities – but not necessarily the same stakeholders that often in attend identity management specific events. Attendees were from sectors including but not limited to: risk, fraud, financial, credit, payments, and entertainment. Kantara was invited to contribute to a panel discussing Identity proofing using National Institute of Standards Technology (NIST) level 3 — strong authentication for the public and private sectors.

The panel was well received with many interested attendees who had insightful questions regarding the services coming on line, those that are already active and how compliance is verified to assure Trust. But perhaps one of the most interesting services we learned about was the recent announcement of a service from the US Social Security Administration (SSA) called “my Social Security” (read the SSA Press Release).

“my Social Security” service allows public citizens to create an account through SSA.gov which, upon verification, allows citizen access to earnings histories, social security statements and projected social security benefits upon retirement. What was even more exciting was that I was able to access the service and create a “my Social Security” account within approximately 5 minutes AND using an iPhone!

Here’s how it works
“To get a personalized online Statement, people age 18 and older must be able to provide information about themselves that matches information already on file with Social Security. In addition, Social Security uses Experian, an external authentication service provider, for additional verification. People must provide their identifying information and answer security questions in order to pass this verification. Social Security will not share a person’s Social Security number with Experian, but the identity check is an important part of this new, robust verification process.”

During the verification process I was asked to provide the last digits of a valid credit card. I decided to opt out of that mode and was provided with a number of alternate paths. I choose to verify using some values from my US Tax W-2 forms. The site also offers added security via one time pins sent to users via SMS. I encourage all US citizens/residents to try the service for your own experience.

While the press release indicates that the service is not perfect and some individuals may not be able to pass the Authentication questions, there are currently alternative means of verification via in-person proofing at a local SSA office. Trusted identity services linking citizens to government services still has a long way to go in terms of offerings and adoption, however this service is at the forefront of providing US citizens a view and access in to their benefits via US Gov services and an indicator of the exciting developments to come for trusted and verified Identity Ecosystems.

Relating to these activities I will note that, Experian is a member of the Kantara Initiative and currently has an application registered for Kantara Credential Service Provider Service Approval at Level of Assurance 3 non-crypto for a service they are offering which, once approved, would be listed in the US Federal Identity Credential Access Management (ICAM) Trust Framework which has adopted the Kantara Identity Accreditation and Approval Program based on the Identity Assurance Framework (IAF) as one of the US Gov Approved Trust Framework Providers. We at Kantara look forward to continuing development of the Trust Framework model with the US Government, Experian and all of our public and private sector members.

May 2, 2012 Mountain View, California – At this week’s Internet Identity Workshop, Kantara Initiative’s Information Sharing Work Group (http://InformationSharingWorkGroup.org) released a proposed Standard Information Sharing Label designed to help people understand how the information we share online gets used.

The label replaces confusing legalese typically buried in multi-page Terms of Service agreements with clear, simple language about who is requesting what information, for what purpose. The label can be used by any website with minimal effort and at no cost. The team has launched a Kickstarter project to fund the graphic design of the new label and seeks feedback and input in its weekly conference calls.

Website Terms of Service (TOS) agreements often go unread as website visitors ignore links and “click-through” without actually reading the fine print. As a result, most people have no idea what they are agreeing to. Typically these agreements are isolated from the primary user experience and filled with complex language and details that most people don’t understand. However, with the rise of privacy risks from sharing personal information online, people are increasingly concerned about how their information is used.

The Standard Information Sharing Label works in conjunction with existing practices to give individuals a clear, unambiguous picture of what is happening with the information they are about to share. Using a consistent design across all websites makes it easier for individuals to understand before they share, just like the USDA Nutrition Facts label helps consumers understand their nutritional options before they buy packaged foods.

The Working Draft of the proposed specification can be found at http://kantarainitiative.org/confluence/display/infosharing/Standard+Information+Sharing+Label

The group has produced a short video and launched a Kickstarter project to promote and finance the graphic design of the Standard Label. The video and information for backing the project can be found at http://standardlabel.org

The Information Sharing Work Group formed in April of 2009 to create a way to use contract law to make it easier and safer for people to share information online. Focusing on the narrow use case of information individuals voluntarily give to websites, the group’s approach avoids both the challenge of “solving” online privacy and the herculean task of standardizing general Terms of Service agreements. Bootstrapping a contractual Data Transaction agreement at the point of sharing is simpler and easier to understand, allowing both individuals and organizations to agree on the essential details for any online exchange. The Standard Information Sharing Label is the visible portion of that new framework and the first component to be released for public comment. The Work Group is co-Chaired by Iain Henderson and Joe Andrieu.

Kantara Initiative (http://kantarainitiative.org) is an industry and community organization which enables trust in identity services through our compliance programs, requirements development, and information sharing among communities including: industry, research & education, government agencies and international stakeholders.

Contact:
Joe Andrieu
+1(805)705-8651
joe@switchbook.com

Kantara Summit at EIC – April 17, 2012

• Mapping The Identity Ecosystem: A multi-national perspective – Christine Runnegar, Senior Policy Advisor, ISOC - slides
• Trust Frameworks: Tools to build the Identity Ecosystem – It takes a village! – Joni Brennan, Executive Director, Kantara Initiative - slides
• eGov SAML 2: Verifying Interoperability in eGovernment Scenarios – Colin Wallis, Authentication Standards Manager, DIA New Zealand Government - slides
  • Managing Profiles – David Simonsen, WAYF - slides
• Federation Interoperability, SAML2INT, Listing Service – John Bradley, Identity Domain Expert - slides
• OpenID Connect Deployment Verification Tool Demo – Roland Hedberg, Umeå University, Sweden, GEANT3, Terena - slides
• Edentity presenting “Experience of Federating Personal Data with User-Managed Access – Kevin Cox - link to preso
• UMA Interop – Mario Hoffmann, Fraunhofer AISEC - slides

Kantara Workshop, Garching, Munich – hosted by Fraunhofer AISEC – April 13-14, 2012

• Fraunhofer AISEC – introduction and overview - slides
• Demo 1: Mikael Ates, Entr’ouvert – Authentic 2 - slides
• Demo 2: Mikael Ates, Entr’ouvert – roleID Project; European Collaborative Project - slides
• Demo 3: Mario Hoffmann, Fraunhofer AISEC – Location Aware Recommendation Service - demo slides
• Demo 4: David Simonsen, WAYF – Calculating the Economic Benefit of ID Federation – demo recording
• Kantara: Building a Healthy ID Ecosystem - slides
• UMA Interop – Mario Hoffmanm, Fraunhofer AISEC - demo video

April 18, 2012, Piscataway, NJ – Kantara Initiative is proud to announce that Electrosoft is the latest Kantara-Accredited Assessor able to perform Kantara Service Assessments at Assurance Levels 1, 2, 3 and 4. The Identity Assurance Framework (IAF) provides a means to enable relying parties to understand the trustworthiness of electronic identity credentials issued at commonly agreed levels of assurance. The IAF specifies the verification and proofing checks that Credential Service Providers (CSPs) carry out on entities, the way that CSPs run their services, and how the CSPs, themselves, are assessed by accredited assessors to verify they are operating their services in conformance with their proclaimed level(s) of assurance and the stated terms of service.

Joni Brennan, Kantara Executive Director said, “Kantara Initiative is dedicated to enabling verified trust in identity services via our CSP Approval Program. We are pleased to welcome Electrosoft as the latest Kantara-Accredited Assessor.” View our Kantara-Accredited Assessors and Approved Services.

“Electrosoft is excited to be part of the Kantara Initiative and a Kantara-Accredited Assessor. We are already engaged in one of the first Kantara assessments and view this as a core business offering. We have established ourselves as thought leaders and subject matter experts in the Identity Management arena. Our employees were part of the core team that authored FIPS 201, Personal Identity Verification for Federal Employees and Contractors, in support of NIST and are named authors on related NIST guidelines” said Electrosoft President Sarbari Gupta. “By choosing Electrosoft, an organization can be assured that world-class subject matter experts in the identity management space are involved and can quickly understand and assess the target system against the appropriate requirements.”

To learn more about Electrosoft, please visit the company’s website.

Based on adoption of the IAF, Kantara Initiative has been approved by the US Federal Government Federal Identity Credential and Access Management team as a Trust Framework Provider qualified to operate at Assurance Levels 1, 2 and 3 non-crypto. Kantara-Approved Services are qualified to issue and manage credentials that can interoperate and access US Government on-line services such as National Institute of Health (NIH) research libraries or Veterans Association (VA) benefits. Kantara Initiative also actively works with international governments in regions including North America, Europe and Pan-Asia, to align this program for multi-jurisdictional adoption.

The Kantara Initiative Assurance Review Board (ARB) reviews applicant Assessors to ensure applicants have the skills, knowledge, experience and processes necessary to reliably perform assessments of CSPs on the behalf of Kantara Initiative.

Kantara-Accredited Assessors perform assessments of CSPs based on the IAF’s Service Assessment Criteria (SAC) and provide a Kantara Assessment Report (KAR) to the ARB. The ARB uses the KAR report as the basis for a recommendation to the Board of Trustees concerning the grant of Kantara-Approved Service status to a CSP, for its given Credential Service.

Kantara is accepting applications for Assessor Accreditation and Credential Service Approval. Visit our Accreditation and Approval Center for more information. Please address queries regarding your application to staff (at) kantarainitiative.org or via our Contact Us form.

Kantara Initiative is an industry and community organization which enables trust in identity services through our compliance programs, requirements development, and information sharing among communities including: industry, research & education, government agencies and international stakeholders.

Join us next week in Munich for the Kantara Spring Workshop, April 13-14, 2012.  The event is kindly hosted by Fraunhofer AISEC in Garching, just outside Munich, Germany.

The focus for the workshop is; strategic planning, Interoperability, eGovernment, NSTIC and more. Kantara’s Board of Trustees and Working/Discussion Groups will meet to focus on forward planning and future goals.

We hope you can join us in Munich. Contact dervla[at]kantarainitiative[dot]org if any questions.

Registration: http://kantaramunichmtg.eventbrite.com/

Agenda: http://kantarainitiative.org/confluence/display/GI/Kantara+Initiative+Conferences

Please Note: Non-member Independents/Contributors/Students who register by the early-bird deadline are entitled to credit their meeting registration towards an Individual Contributor level membership.

Early bird registration ends March 16 for the Kantara Initiative meeting April 13-14, 2012. Many thanks to Fraunhofer SIT who will facilitate us at their meeting offices in Garching, just outside Munich, Germany.

We invite you to join us at our 2-day event where Kantara’s Board of Trustees (BoT), Leadership Council (LC), Discussion Groups (DGs) and Working Groups (WGs) will convene.

With our pricing structure, you can sign up for 1 day or the full 2-day event.

Please Note: Non-member Independents/Contributors/Students who register by the early-bird deadline are entitled to credit their meeting registration towards an Individual Contributor level membership.

Review the current agenda and specific event logistics in detail at our events wiki space.

Registration: http://kantaramunichmtg.eventbrite.com

We look forward to seeing you in Germany.

What: Kantara Initiative Summit
When: Tuesday, April 17, 2012, 8:00am-1:30pm, Room location TBD
Where: Dolce Ballhaus Forum, Andreas-Danzer-Weg, 85716 Unterschleißheim, Munich, Germany
(at the European Identity Conference 2012)

Description: 2012 brings new opportunities for identity services in the eGovernment and private markets.
Gain “state-of-identity” insights through a series of presentations of common scenarios from diverse market leaders.

We will focus on Trust Framework Model, deployment interoperability, and what your organization can do to get involved. We also look forward some open-time Q&A as well as learning more about the experiences the attendees would like to share.

The User Managed Access (UMA) Interop will show some UMA real-world implementations including: SMARTAM.org and Fraunhofer AISEC.

We are also looking forward to hearing feedback and questions from the audience as input to the discussions.

Registration: Register for the Kantara Summit via EIC Conference.  40 persons max. capacity.

Agenda:

We invite you to join us for the second ID Collaboration Day, February 27,2012 in San Francisco, prior to the RSA Conference.

Regular registration at $175 ends on February 20, the fee thereafter is $225.

Registration: http://idcollab2.eventbrite.com/

Breakfast/Registration begins at 8am.   Agenda creation begins at 9am and the event closes at 5pm.

Last year’s event was a successful collaboration between IIW/IDCommons and Kantara Initiative. This year IDTrust & OASIS are additional collaborating organization.

We are excited about the opportunity that RSA brings with the wide range of security professionals in town that week.

Managed and organized by and like IIW – the agenda will be created live and in real time the morning of the event.  This provides the opportunity for a range of real work to be done in real time about key emerging topics and issues.

You can see topics from previous events on the IIW wiki - http://iiw.idcommons.net

The venue is the same location as last year – close to downtown and a short cab, subway or taxi ride from Moscone Center.

Draft Agenda:

8:00 Registration & Breakfast
9-10 Agenda Creation
10-11 Session 1
11-12 Session 2
12-1 Lunch
1-2 Session 3
2-3 Session 4
3-4 Session 5
4-5 Closing