The Government of Canada announced a Request For Information, titled “RFI – Secure Channel”, including a call for Accrediting External Credential Service Providers. As can be read from their release below, they are interested in the Kantara Initiative Service Assessment Criterion and Assurance Assessment Scheme and the related supporting Kantara Initiative Assurance Accreditation and Certification Program.

Respond to the RFI:

• RFI – Secure Channel.

Request for Information – Cyber Authentication Renewal
Accrediting External Credential Service Providers
March 11, 2010

Industry consultations on Cyber Authentication Renewal and IT Security Services were held on February 16 and 17, 2010, with Public Works and Government Services Canada (PWGSC) and Treasury Board Secretariat. Following that consultation session, the Government of Canada (GC) would like to inform private-sector organizations that a Request for Information (RFI) on Accrediting External Credential Service Providers is now available on MERX at this link.

The GC is investigating solutions that would allow individuals the option of using their existing credentials in order to gain online access to government programs and services. This proposed approach would provide flexibility to both departments and agencies, and to individuals who access GC services. It would allow departments and agencies to use credentials that are appropriate to the sensitivity of their service offerings, while allowing individuals to choose the credential they wish to use to access any online GC services.

The GC is considering asking external credential service providers to join its credential federation, with an accreditation framework based initially on the Kantara Initiative’s Service Assessment Criterion and Assurance Assessment Scheme.

Industry organizations are invited to participate in this RFI in order to validate and refine the GC’s approach to electronic authentication and to provide additional information on how to solicit and accredit external credential service providers using a federated model.

Demande d’information – Le renouvellement de l’authentification électronique
Accréditation des fournisseurs externes de justificatifs d’identité
11 mars 2010

Les consultations avec l’industrie à propos du renouvellement de l’authentification électronique et les services de sécurité de TI ont eux lieux les 16 et 17 février dernier avec Travaux publics et services gouvernementaux (TPSGC) et le Secrétariat du Conseil du trésor (SCT). Afin de donner suite aux séances de consultation, le gouvernement du Canada (GC) désire informer les organisations du secteur privé qu’une demande d’information (DDI) au sujet de l’accréditation des fournisseurs externes de justificatifs d’identité est maintenant disponible sur MERX, au lien suivant.

Le GC est à la recherche de solutions qui offriraient aux utilisateurs la possibilité d’utiliser leurs justificatifs d’identité existant afin d’accéder à des services et à des programmes gouvernementaux en ligne. Cette approche proposée offrirait une plus grande flexibilité aux ministères, aux organismes et aux utilisateurs. Elle permettrait aux ministères et aux organismes d’utiliser les justificatifs d’identité appropriés en fonction de la sensibilité des services offerts tout en permettant aux utilisateurs de choisir le justificatif d’identité qu’ils veulent utiliser pour accéder à tous les services gouvernementaux en ligne.

Le gouvernement du Canada envisage de demander aux fournisseurs de justificatifs de joindre sa fédération d’authentifiant avec cadre d’accréditation basée initialement sur les Service Assessment Criterion (critères d’évaluation de service) et l’Assurance Assessment Scheme (programme d’évaluation de l’assurance) de l’initiative Kantara.

Les organisations de l’industrie sont invitées à participer à cette DDI dans le but de valider et de raffiner l’approche du gouvernement du Canada à l’égard de l’authentification électronique et de fournir des renseignements sur la manière de solliciter et d’accréditer les fournisseurs externes de services de justificatifs en utilisant un modèle fédéré.

On behalf of Frank Villavicencio, chair of the Identity Assurance WG.  Also published at Frank Villavicencio’s blog page.

First off, I would like to would like to express my sympathy to those affected by the terrible earthquake that hit Chile this past weekend.

Envio mi palabra de aliento y de optimismo al pueblo Chileno. Tengo muy buenos amigos Chilenos y a todos les deseo lo mejor en vista de estas circunstancias, a sus familias y a todos los afectados… Las cosas de Dios son sin duda alguna indescrifrables.

In this blog post, I would like to share with you some recent developments in the world of identity assurance, which as you know from my recent blog posts: “Identity Assurance, an everyday life issue” part 1 and part 2, is a top of mind issue for me and for us here at Identropy. Quite frankly, I could not hope for better timing for these blogs to come about.

On Friday February 26th, 2010 the US Federal Government’s Identity, Credential, and Access Management (ICAM) Trust Framework Evaluation Team (TFET) reviewed Kantara Initiative’s latest submission and granted it Provisional Approval as a Trust Framework Provider at Levels 1, 2 & non-crypto Level 3 under the Open Identity Solutions for Open Government program.  The removal of the provisional status will hinge on the release by TFET of additional guidance for assessors concerning privacy and Kantara’s adoption of this guidance.

This is for me an extraordinary milestone, not only in my role of Chair of the Identity Assurance Work Group, but as an identity assurance activist altogether.  Kantara submitted its application for the US Federal Government adoption of the Identity Assurance Framework (IAF) in November of 2009. Prior to that date, the IAWG has been working very hard, collaborating with Kantara and the Assurance Review Board (who oversees the Kantara Initiative Identity Assurance Certification Program) to achieve this important goal (albeit still under provisional status).

The significance of this milestone is that it represents an important step towards fostering the adoption of identity-enabled Government services at known levels of assurance, relying on identity credentials issued and managed by non-Government parties (referred to as Credential Service Providers in the IAF). It will create the right conditions for the certification program to be adopted in real-life scenarios and for the industry to benefit from a proven, best-of-breed certification program that effectively enables interoperability and trust. This means that the IAF will not be just a “paper” standard, incarnated in a compendium of documents, but an actual technology-agnostic program that organizations can certify against.

With the adoption of risk-based models, identity federation can achieve Internet scale, and facilitate public access to online information at specific levels of assurance.  With adoption will also come economies of scale and further collaboration and interoperability across industries and Governments.

As someone who has been involved in identity management and identity assurance for quite some time, I cannot help but feel excited about the times I live in, and optimistic about what is to come.

I do anticipate and hope for more endorsements of the IAF in the near future by other organizations, and more importantly, the start of a paradigm shift in the way we all think about identity, both within the Enterprise and in a federated environment.  Ultimately, this path will allow the identerati to focus on the real end goal: delivering identity-enabled solutions and services with the level of trust and confidence that is appropriate for the transactions being performed.

But this is just a first step…

Frank

Many thanks to all our sponsors and presenters of Kantara Initiative’s Annual Identity workshop on March 1 at the RSA Security Conference.  We had a full house with interesting presentations, pod demonstrations and dialog throughout the day from our sponsors; CA, FuGen Solutions, Google, NTT, Oracle, PayPal, Ping Identity & the U.S. Government.

If you weren’t there in person, you can review the presentations online:

Kantara Initiative Overview
Kantara Initiative Groups
PayPal KI 2010 RSA 2010 IA and Real World
CA KI Workshop 2010 RSA Conference
NTT KI Workshop 2010 RSA Conference (via prezi.com)
Ping ID KI Workshop 2010 RSA Conference
Oracle KI Workshop 2010 RSA Conference Customer Panel
Google KI Workshop 2010 RSA Conference
FuGen KI Workshop 2010 RSA Conference Demo Pod

Congratulations to John Fraser of MEDNETWorld.com, Rick Moore of eHealth Ohio & Pete Palmer of Surescripts.  All three gentlemen will continue to serve this year as co-leading chairs for Kantara Initiative’s Healthcare Identity Assurance WG.   Previously, John, Rick and Pete led Liberty Alliance’s Healthcare SIG.

We look forward to more great work to come out of the Healthcare Identity Assurance WG in 2010 and encourage you to become involved.

Diverse Market Leaders from the Identity Ecosystem Converge to Stage Kantara Initiative’s RSA Security Pre-Conference Workshop on “Technology, Policy and Compliance for Identity Services in 2010 and Beyond”

Gain State-of-Identity Insight of common Cloud/SaaS scenarios and recent developments in assurance, multi-protocol interoperability, privacy-enablement and more from Enterprise and Consumer Market Leaders.

Piscataway, NJ, 8 February 2010 Kantara Initiative announced today its annual public Identity Workshop at the RSA Security Conference. The one-day event to be held on March 1st from 8:00am- 5:00pm in the Moscone Center in San Francisco is designed to equip attendees with the vital information required to ensure success in employing the right identity management approach with the proper considerations. Recent developments in identity assurance, multi-protocol interoperability, liability models, usability, privacy-enablement and identity services certification will be spotlighted by key market leaders including Google, Oracle, CA, Aetna, NTT and Ping Identity.

“If you run a login system of any type (Enterprise, Consumer, SaaS vendor) you will find this workshop to be packed with information about major changes in the space, both in terms of security design and new functionality that can improve your identity infrastructure,” reveals Eric Sachs, Product Manager for Google Security.

“Since its inception nearly one year ago, Kantara Initiative has built momentum for service deployment across the identity ecosystem,” says Roger Sullivan, Oracle. “This workshop will help deployers understand how to connect the dots between cloud computing and identity management”.

“Identity protocols like SAML, OpenID, OAuth, and Information Cards continue to evolve,” says Paul Madsen, Identity Management Researcher at NTT. “This workshop will discuss recent developments, and present opportunities for combining the protocols in useful ways.”

“Identity Assurance is the key to successful, secure transactions across the emerging National Health Information Network, “ explains Mark Coderre, Head of Security Architecture for Aetna. “At this workshop we will be showcasing what the healthcare industry is doing with Kantara Initiative programs to improve the security of sensitive data transactions across operational boundaries.”

The identity workshop will feature a series of presentations, panels and demonstrations of common Cloud/SaaS deployment scenarios and innovations from various market leaders.

Technology, Policy and Compliance for identity Services in 2010 & Beyond is open to the public and to all RSA Conference attendees. To register for this free Kantara Initiative workshop, please click http://www.emc.com/microsites/rsa-conference/2010/usa/registration-and-rates.htm and use the code: 131 0KANEXPO for the Expo only pass and select Kantara Initiative from the ‘Registration Package’ page. Note that this pass only allows access to the Kantara Initiative workshop on March 1.

About Kantara Initiative

Kantara Initiative is a global, open, public-private, technology-agnostic forum comprised of identity ecosystem stakeholders. Co-founded by Liberty Alliance, Internet Society, and the Information Card Foundation, among others, its inspired mission is to promote technical interoperability and harmonization; to develop policy frameworks for operational interoperability and; to provide certification and assessment programs to grow trust in the standards, products, and service deployments. Kantara Initiative freely provides the governance and resources whereby diverse members of the ecosystem successfully collaborate on a diverse portfolio of common policy frameworks, technical specifications and deployment guidelines driven by the identity community, industry and governments from around the world. For more information about getting involved in Kantara Initiative, visit www.kantarainitiative.org.

Media Contact

Michelle Hunt

Kantara Initiative

Michelle.Hunt@ieee-isto.org

(732) 981.3434 (o)

###

We’re happy to announce the continued leadership of Philippe Clement as Kantara Initiative’s Identity Provider Selection Working Group Chair.  Philippe works at Orange-FT Group and has been involved with Kantara Initiative since it’s inception as Chair of the Identity Provider Selection WG.  In previous years, Philippe actively worked with the Business Marketing Expert Group (BMEG) to move the work of IdP Selection MRD forward.

We congratulate Philippe with his ongoing leadership and look forward to more great work coming from the Identity Provider Selection WG this year.

Organization: Kantara Initiative
Job Title: Executive Director
Job Type: Full Time Contractor

Date Posted: February 6, 2010
To Apply: Send a cover letter and resume to ksearch@elists.isoc.org

Description:

The Executive Director (ED) of the Kantara Initiative is responsible for the successful operation of the organization, including aspects of Operations, Strategy, Business Development, Member Relations, and Marketing. This includes the cultivation of strategic relationships and member recruitment as well as personnel management, all conducted internationally. Additionally, the ED shall perform other activities as required by the Board of Trustees that are commensurate with the duties customarily provided by an Executive Director.

The ED shall be appointed in accordance with the Kantara Initiative Bylaws, report to the Board of Trustees, and operate under guidance provided by the Leadership Council. All permanent Kantara Initiative staff will report directly to the ED, with the reporting relationship of paid contractors depending on the particulars of the project.

The ED position is for a full-time contractor. The Kantara Initiative is flexible regarding work location given the highly distributed and global nature of the organization U.S. residency is not a requirement. In support of the organization’s mission, the ED is expected to travel regularly, both domestically as well as internationally.

Primary Roles & Responsibilities Include:

• Administrative & Infrastructure Operations
  • Oversee the daily operation of the organization according to the Bylaws and Operating Procedures.
  • Work with the Board of Trustees, Leadership Council, and key personnel to formulate and execute on the organization’s strategy, goals, objectives and future vision.
  • Continually improve the operational efficiency and financial viability of the organization.
  • Develop an annual budget in collaboration with the Treasurer, Officers, Board of Trustees, and Leadership Council.

• Group / Program Support
  • Participate in Executive Committee, Leadership Council and Board of Trustees meetings, providing periodic reports on all principle activities such as the Assurance Review Board (ARB), Interoperability Review Board (IRB) and other certification programs.
  • Help organize and lead Kantara Initiative conferences and workshops, seeking and collaborating with co-sponsors as necessary.
  • Continually work to accelerate awareness and adoption of Kantara Initiative Recommendations.
  • Develop, implement, and maintain a forward-looking roadmap for Kantara Initiative that covers key milestones for the organization for a period specified by the Kantara Officers.

• External Liaison / Representation
  • Act as a visible and accessible representative for Kantara Initiative, effectively representing the organization, its programs, work groups, and discussion groups.
  • Actively participate in and present at Industry events, representing the Kantara Initiaive perspectives, goals and activities.
  • Help coordinate activities and projects with other industry consortia, standards bodies, or professional organizations. Act as an executive liaison to other organizations.
  • Help coordinate marketing and other outreach activities to spread the Kantara Initiative perspectives.
  • React quickly to help orchestrate response to Industry news and events that would benefit from Kantara involvement.

• Membership Growth / Evangelism
  • Recruit organizations to join Kantara Initiative as paying Members, especially at the Board of Trustees level, and encourage active participation across all levels.
  • Identify and drive programs that deliver on the Kantara Initiative mission, expand the organization’s financial viability, and increase the benefit of membership.
  • Continually work to expand Kantara Initiative Membership on all levels, increase participation within existing Members, and improve working relationships with other organizations.

For Reference:

• Kantara Initiative Overview
• Kantara Initiative Bylaws
• Kantara Initiative Operating Procedures

Requisite Skills & Experience:

The successful candidate for the position of Kantara Initiative Executive Director will need to have proven successful experience managing a distributed organization, including budget responsibilities, preferably within a technology intensive area. This includes the skills required to build, manage, and otherwise develop an effective team, including contractors, required to support the operational needs of an international organization.

In addition to the operational aspects of the position, the ED will be required to interact appropriately with member companies, government officials, individual contributors, partner organizations, press, and industry analysts. As such, the successful candidate will be required to demonstrate an ability to act diplomatically and respectfully. A key skill of the successful candidate will be the ability to facilitate the building of consensus across stakeholders with distinctly varying points of view. The candidate will also need to have experience speaking in public and be able to react effectively to press inquiries.

Kantara Initiative is a technical organization supporting the development of open standards and related best practices and policies. As such, the successful candidate will need to display an understanding of the interplay between technologies within various standards organizations and their deployers. While the successful candidate is not required to be fluent in the details within the identity industry to be considered, proven experience dealing with similar issues will be required.

The successful candidate for the ED position must have experience:

• Managing distributed operational and technical teams.
• Developing and managing against a budget.
• Working with international entities.
• Public speaking and general diplomacy.
• Designing and executing marketing campaigns.
• Working with Internet-related issues, technologies, and businesses.
• Speaking fluent English in business settings.

The successful candidate for the ED position should have an understanding of:

• Building successful international business relationships.
• Standards development organizations and their processes.
• Technology development and adoption phases.
• Internet technologies.
• Trends within the Internet and security markets.
• How to effectively work with business and government partners.

The successful candidate for the ED position would benefit from experience:

• Working for a not-for-profit organization.
• Working in more than one country.
• Speaking languages in addition to English.
• Chairing long-running, highly distributed, volunteer committees.
• Working with one or more of the following: SAML, OpenID, IMI, OAuth, SSL/TLS

For more information or to apply for the position, please send email to: ksearch@elists.isoc.org

This job description is also available in PDF format for your convenience.

We’re happy to announce the continued leadership of Kenji Takahashi as Kantara Initiative’s Japan WG (Working Group) Chair.  Mr. Takahashi of NTT has worked with Kantara Initiative since it’s launch alongside Toshihiro Suzuki of Oracle Corporation as co-chair of the Japan WG.  Kenji also leads the Japan Discussion Group for Kantara. Both Kenji and Toshihiro have played a significant part in extending the education and adoption in the Japanese market, most recently presenting the Kantara Initiative Symposium.  Kenji also served in previous years as co-chair of the Liberty Alliance Japan Special Interest Group (SIG).

We congratulate Kenji in his continued role and look forward more great work coming from the Japan WG this year.

Kantara Initiative holds it’s annual identity workshop at the RSA Conference, March 1, 2010, 8am-5pm.  Gain state-of-identity insight through a series of presentations, panels & demonstrations of common Cloud/SaaS scenarios from diverse market leaders.

Title: Technology, Policy, and Compliance for Identity Services in 2010 & Beyond

What: Kantara Initiative’s RSA Security Pre-Conference Workshop

When: Monday, March 1, 2010, 8:00am-5:00pm, Room 301

Where: Moscone Center, San Francisco, CA, USA

2010 brings new opportunities for identity services in the enterprise & consumer markets. This workshop is designed to equip attendees with the vital information required to ensure success in employing the right identity management approach with the proper considerations. Recent developments in identity assurance, multi-protocol interoperability, liability models, usability, privacy-enablement and identity services certification will be spotlighted by key market leaders including Google, Oracle, CA, Aetna, NTT and Ping Identity.

Registration for the event has reached capacity.  Access will be granted to those who pre-registered.  We encourage you to arrive on Monday, March 1 and if we have not reached full room capacity will be be happy to have you join us.

Agenda:

Eric Sachs, Product Manager Google Security & Chris Messina, Open Web Advocate will discuss the business value of federated login for consumer websites, Enterprise SaaS vendors, and Enterprises. Google joins CA, NTT, Oracle Corporation & Ping Identity for a series of presentations, panels & demonstrations of common Cloud/SaaS scenarios from diverse market leaders. Kantara’s annual workshop takes place March 1, 2010, 8am-5pm at the RSA Conference. View the full agenda online.

Register now for this free workshop.  Please use the code: 1310KANEXPO for the Expo only pass and select Kantara Initiative from the ‘Registration Package’ page.  This pass only allows access to Kantara Initiative workshop on March 1. Read details about the Conference events March 1-5.