Yesterday The Identity Theft Prevention and Identity Management Standards Panel (IDSP) released a workshop report calling for the development of an American National Standard on identity verification as a tool to help combat terrorism and identity theft. This is work Kantara Initiative supports and looks forward to continue our engagement with as this standards effort progresses to the next level. I serve on the Steering Committee of IDSP and I’d like to commend Jim McCabe, Graham Whitehead and the other contributors for their excellent work.

I’m writing this post from Washington, D.C. where I’m speaking at the Smart Card Alliance’s 8th Annual Smart Cards in Government conference. Yesterday I was on a panel here with Dan Combs, Brian Zimmer, and Tom Lockwood where we had the opportunity to highlight this important milestone in the standards-setting process for identity vetting & proofing. This is an important standard that will improve the efficacy of Kantara’s own Identity Assurance Framework since our Service Assessment Criteria for identity proofing is dependent on source documents (aka “breeder documents”). This new standard that will be developed based on the impetus of yesterday’s ANSI Report will improve the reliability of breeder documents.

Perhaps the most far-reaching benefit of this report’s recommendations will be on the stability of the consumer identity ecosystem that all “online” Americans find themselves in today. In order for electronic credentials like username & password, or more secure credentials like OTP devices or Smart Cards, to trusted at the highest levels of assurance, they must be properly bound to the identity of the user. Our Identity Assurance Framework standardizes a way of doing this but is largely dependent on the validity of the source credentials used during the enrollment process. This is why we support the IDSP efforts to improve the validity of all source credentials issued in the United States, and will support this work moving forward as the foundation for an international standard in this area.

MESSAGE FROM THE PRESIDENT
Kantara Initiative had a very successful inaugural meeting co-located at the DIDW in Las Vegas. CURRENT FORMED GROUPS
The Leadership Council approved the Work Groups (WG) and Discussion Groups (DG) listed below for operation.  Each group has its own workspace (wiki), Google Calendar, and mail list available from the home pages.

UPDATE FROM A FEW DISCUSSION GROUPS FROM RECENT MEETING
Assurance Review Board (ARB) – The Board of Trustees appointed the ARB to over see the activities of the forth coming Identity Assurance Certification Program. Read more information from each group.

INTEROP TEST RESULTS
Kantara Initiative and Liberty Alliance announced that identity products from Entrust, IBM, Microsoft, Novell, Ping Identity, SAP and Siemens have passed Liberty Interoperable(TM) SAML 2.0 interoperability testing.

SPOTLIGHT ON EVE MALER
Eve is Chair of the User-Managed Access (UMA) Work Group. In addition, Eve served as the Project Concordia Chair/community leader for the last number of years. She was also the first Leadership Council Secretary of Kantara Initiative. Read more.

IDDY AWARDS
We congratulate six applications have won a 2009 IDDY (Identity Deployment of the Year) Award. The IDDYs were presented at CSO magazine’s Digital ID World 2009 in Las Vegas, NV.

BLOG HOTSPOT
Our community continues to blog on a regular basis – follow these posts online. We encourage you to blog and become involved.

UPCOMING EVENTS
All upcoming Kantara-related events; conferences, trade events, webcasts, and more.

SOCIAL NETWORKING
Connect with Kantara Initiative with the various ways our individual and collective voice and experience is reaching the extended community. Read more about our networking channels.

PRESS RELEASES
Entrust, IBM, Microsoft, Novell, Ping Identity, SAP and Siemens Pass Liberty Alliance SAML 2.0 Interoperability Testing – September 30, 2009
Michigan Healthcare Information Exchange Adopts Kantara Initiative Identity Assurance Framework – September 24, 2009
Kantara Initiative Announces Winners of the 2009 IDDY Award – September 15, 2009
Aetna, BT, SUNET and the US GSA Lead New Kantara Initiative Identity Assurance Review Board – August 18, 2009

SPEAKING OPPORTUNITIES
We continue to build our speakers bureau. For those of you who are new members, we are looking for experts who can offer their expertise, Kantara-related, at industry trade events, conferences, co-sponsored workshops/events. These opportunities provide exposure for Kantara therefore we would like to broaden our reach by updating our group of expert speakers. If you are interested in representing Kantara Initiative, please contact Dervla O’Reilly, dervla[at]kantarainitiative[dot]org

I recently attended a very engaging lecture at the London School of Economics (LSE) by Prof David Lyon – who spoke about “Identity as Surveillance – Security, Surveillance and Citizenship”.

I do hope he subsequently saw this article from the BBC, on the opening day of the Labour Party Conference: “Lord Mandelson denied entry to conference“, because I’m sure it would give him a good laugh.

Apparently, the Noble Lord, First Secretary of State, Secretary of State for Business, Innovation and Skills, President of the Board of Trade and Lord President of the Council could not, initially, get into the conference because there was a problem with his pass. Maybe they couldn’t fit his title onto it. The press were naturally quick to savour the irony that Peter Mandelson, the man perhaps most identified with New Labour, should be unable to identify himself to the satisfaction of the party’s gatekeepers.

What this has to do with Prof Lyon’s talk is this: one of his themes was the way in which identity systems (particularly national ones) permit, enable and encourage judgements to be made about individuals on the basis of “actuarial criteria”, even if other methods would be more reliable (and more respectful of personal privacy).

An example Prof Lyon gave was this: research work by John Taylor and Miriam Lips (full text of paper available online here) investigated the use of online identity data by the DVLA ([UK] Driver and Vehicle Licensing Agency) when someone applies online for a driving licence. The researchers noted that the DVLA submits the applicant’s details to the credit reference company Experian, which attempts to corroborate the applicant’s identity assertions by matching them against databases of Credit Applications and Addresses. Experian then applies a weighting which assigns a ‘trust score’ to the applicant’s assertions, based on the apparent quality of the applicant’s digital footprint (as revealed by the database enquiries). These actuarial measurements are then used by the DVLA to govern the subsequent processing of the application transaction.

Prof Lyon’s point was that this ‘trust score’ mechanism goes beyond a simple assessment of whether or not the applicant’s address can be corroborated. The score is enhanced more, for instance, if the applicant’s records indicate that they have had a lot of interactions with clearing banks, than if the indication is that the applicant has had a lot of interactions with mail-order companies.

The implication of this is that subsequent processing of the DVLA application is determined not just by past records, but by inferences based on supposed future behaviours of the applicant – whether or not those inferences are in fact accurate.

Basically, this is what starts to happen, the more you architect systems on the basis of actuarial criteria in support of the categorisation of individuals, and the more you remove notions of human judgement and discretion from the process. Admittedly, that’s not always a bad thing – after all, humans are fallible too. But if you design humans into the process rather than out of it, you get fewer embarassing incidents such as the sight of Labour’s “eminence grise” being locked out of his own conference…