Last week I attended the Experian Vision Conference. This conference is produced by Experian with attendance from their customers, partners and relying party services. It was a unique opportunity to speak to representatives who are stakeholders in trusted identity services communities – but not necessarily the same stakeholders that often in attend identity management specific events. Attendees were from sectors including but not limited to: risk, fraud, financial, credit, payments, and entertainment. Kantara was invited to contribute to a panel discussing Identity proofing using National Institute of Standards Technology (NIST) level 3 — strong authentication for the public and private sectors.

The panel was well received with many interested attendees who had insightful questions regarding the services coming on line, those that are already active and how compliance is verified to assure Trust. But perhaps one of the most interesting services we learned about was the recent announcement of a service from the US Social Security Administration (SSA) called “my Social Security” (read the SSA Press Release).

“my Social Security” service allows public citizens to create an account through SSA.gov which, upon verification, allows citizen access to earnings histories, social security statements and projected social security benefits upon retirement. What was even more exciting was that I was able to access the service and create a “my Social Security” account within approximately 5 minutes AND using an iPhone!

Here’s how it works
“To get a personalized online Statement, people age 18 and older must be able to provide information about themselves that matches information already on file with Social Security. In addition, Social Security uses Experian, an external authentication service provider, for additional verification. People must provide their identifying information and answer security questions in order to pass this verification. Social Security will not share a person’s Social Security number with Experian, but the identity check is an important part of this new, robust verification process.”

During the verification process I was asked to provide the last digits of a valid credit card. I decided to opt out of that mode and was provided with a number of alternate paths. I choose to verify using some values from my US Tax W-2 forms. The site also offers added security via one time pins sent to users via SMS. I encourage all US citizens/residents to try the service for your own experience.

While the press release indicates that the service is not perfect and some individuals may not be able to pass the Authentication questions, there are currently alternative means of verification via in-person proofing at a local SSA office. Trusted identity services linking citizens to government services still has a long way to go in terms of offerings and adoption, however this service is at the forefront of providing US citizens a view and access in to their benefits via US Gov services and an indicator of the exciting developments to come for trusted and verified Identity Ecosystems.

Relating to these activities I will note that, Experian is a member of the Kantara Initiative and currently has an application registered for Kantara Credential Service Provider Service Approval at Level of Assurance 3 non-crypto for a service they are offering which, once approved, would be listed in the US Federal Identity Credential Access Management (ICAM) Trust Framework which has adopted the Kantara Identity Accreditation and Approval Program based on the Identity Assurance Framework (IAF) as one of the US Gov Approved Trust Framework Providers. We at Kantara look forward to continuing development of the Trust Framework model with the US Government, Experian and all of our public and private sector members.

April 18, 2012, Piscataway, NJ – Kantara Initiative is proud to announce that Electrosoft is the latest Kantara-Accredited Assessor able to perform Kantara Service Assessments at Assurance Levels 1, 2, 3 and 4. The Identity Assurance Framework (IAF) provides a means to enable relying parties to understand the trustworthiness of electronic identity credentials issued at commonly agreed levels of assurance. The IAF specifies the verification and proofing checks that Credential Service Providers (CSPs) carry out on entities, the way that CSPs run their services, and how the CSPs, themselves, are assessed by accredited assessors to verify they are operating their services in conformance with their proclaimed level(s) of assurance and the stated terms of service.

Joni Brennan, Kantara Executive Director said, “Kantara Initiative is dedicated to enabling verified trust in identity services via our CSP Approval Program. We are pleased to welcome Electrosoft as the latest Kantara-Accredited Assessor.” View our Kantara-Accredited Assessors and Approved Services.

“Electrosoft is excited to be part of the Kantara Initiative and a Kantara-Accredited Assessor. We are already engaged in one of the first Kantara assessments and view this as a core business offering. We have established ourselves as thought leaders and subject matter experts in the Identity Management arena. Our employees were part of the core team that authored FIPS 201, Personal Identity Verification for Federal Employees and Contractors, in support of NIST and are named authors on related NIST guidelines” said Electrosoft President Sarbari Gupta. “By choosing Electrosoft, an organization can be assured that world-class subject matter experts in the identity management space are involved and can quickly understand and assess the target system against the appropriate requirements.”

To learn more about Electrosoft, please visit the company’s website.

Based on adoption of the IAF, Kantara Initiative has been approved by the US Federal Government Federal Identity Credential and Access Management team as a Trust Framework Provider qualified to operate at Assurance Levels 1, 2 and 3 non-crypto. Kantara-Approved Services are qualified to issue and manage credentials that can interoperate and access US Government on-line services such as National Institute of Health (NIH) research libraries or Veterans Association (VA) benefits. Kantara Initiative also actively works with international governments in regions including North America, Europe and Pan-Asia, to align this program for multi-jurisdictional adoption.

The Kantara Initiative Assurance Review Board (ARB) reviews applicant Assessors to ensure applicants have the skills, knowledge, experience and processes necessary to reliably perform assessments of CSPs on the behalf of Kantara Initiative.

Kantara-Accredited Assessors perform assessments of CSPs based on the IAF’s Service Assessment Criteria (SAC) and provide a Kantara Assessment Report (KAR) to the ARB. The ARB uses the KAR report as the basis for a recommendation to the Board of Trustees concerning the grant of Kantara-Approved Service status to a CSP, for its given Credential Service.

Kantara is accepting applications for Assessor Accreditation and Credential Service Approval. Visit our Accreditation and Approval Center for more information. Please address queries regarding your application to staff (at) kantarainitiative.org or via our Contact Us form.

Kantara Initiative is an industry and community organization which enables trust in identity services through our compliance programs, requirements development, and information sharing among communities including: industry, research & education, government agencies and international stakeholders.

Congratulations to Rich Furr who will serve as the new Identity Assurance WG Vice Chair.

The focus of the Identity Assurance WG is to foster the adoption of trusted on-line identity services. To advance this goal, the group will provide a forum for identifying and resolving obstacles to market and commercial acceptance that have limited broad deployment and adoption of trusted identity services thus far.

As Head, Global Regulatory Affairs, Policy & Compliance, SAFE-BioPharma, Association since September 2007, Rich is the SAFE point of contact for activities with the FDA, EMA, EU National Competent Authorities and the PMDA in Japan. He is also the liaison for ongoing activities with the other health related standards organizations such as HL7 and the Electronic Health Initiative (eHI).

Rich can be reached at rfurr[at]safe-biopharma[dot]org

Please join in welcoming Rich – we look forward to the continued work of the Identity Assurance WG.

Kantara Initiative is happy to announce the formation of the Trust Framework Meta Model Work Group (TFMM WG).

The Trust Framework Meta Model will define the components of a Trust Framework and provide a mechanism for comparing Trust Frameworks developed by communities. Also, the Trust Framework Meta Model will be a reference resource, not only within Kantara Initiative activities, but also for any community seeking to understand the Trust Framework concept and for potential use as guidance toward the development of Trust Framework components. The group will also serve as a point of convergence for Trust Framework activities within Kantara Initiative as well as for external groups (referenced under Related Work and Liaisons) so that such work will be understood in terms of placement according to the TFMM.

For more information on the TFMM WG, please visit the home page here: http://kantarainitiative.org/confluence/display/TFMMWG/Home

See the video and slide introduction and learn more about use cases and the meta model.

Join the Group: http://signup.kantarainitiative.org/?selectedGroup=29
Review the Charter: http://kantarainitiative.org/confluence/display/TFMMWG/Charter
Mail list and Archives: http://kantarainitiative.org/pipermail/wg-tfmm/
Designated IPR Policy options for operation – Option Creative Commons Attribution-Share Alike: http://kantarainitiative.org/confluence/download/attachments/2293776/Kantara+Initiative+IPR+Policies?version=1&modificationDate=1263257933000

We are happy to announce that the Federation Operator Guidelines (FOG) Version 1.0 has passed the All-Member Ballot and is now an official Kantara Initiative Recommendation.

The document provides guidelines for an identity federation operator, an entity that defines and oversees a collective of cooperating credential service providers and relying parties. If you want to get a better understanding of the FOG Recommendation, the document can be found on the Kantara Initiative site.

Congratulations to the Identity Assurance Work Group (IAWG) and it’s members for their diligent work in completing this Recommendation.  Thanks to all who voted — this is a major milestone for Kantara Initiative with more to come in 2011.

Congratulations to Frank Villavicencio and Myisha Frazier-McElveen on their elections as Co-chairs of Kantara Initiative’s Identity Assurance Work Group (IAWG).

This is an exciting time in the IAWG. As we charge forward with an aggressive 2011 agenda, we look forward to their strong leadership in working toward the common goal of accelerating Kantara’s visibility and contributions to the Identity Management / Privacy Communities.

Congratulations again to Frank and Myisha.

Join a great lineup of thought leaders & industry professionals at BrightTALK’s free, online Authentication Summit on October 7, 2010. The live, vendor-neutral, interactive webcasts will cover the new threats to authentication and the impact of emerging technologies like mobile and online banking, web applications, email, etc. They will also look into new tools to meet the new demands for user authentication, as well as best practices on finding the right balance and the appropriate level of authentication for your organization.

REGISTER: http://www.brighttalk.com/r/SHf

WHEN: Thursday, October 7, 2010, attend live online throughout the day or afterward on-demand at your convenience

TOPICS AND PRESENTERS:
“Identity Assurance in Everyday Life” – 9am PDT
Frank Villavicencio, EVP, Identropy & Chair of Kantara Initiative’s Identity Assurance Work Group

“Authentication and Strong Authentication in Web Applications”
Sylvain Maret, Authentication Evangelist & Swiss Chapter Leader, OpenID

“Identity and Access Management in the Real World: Getting it Done”
Jonathan Sandar, Identity and Security Analyst, Quest Software

“Balance between Security and Convenience”
Rachael Stockton, Principal Product Marketing Manager, RSA, The Security Division of EMC

“Privileged Access Management and the Cloud Drive Innovation”
Richard Stiennon, Chief Research Analyst, IT-Harvest

“Meeting New Demands for User Authentication”
Steven Furnell, Head of School of Computing, Plymouth University

Review the full schedule and register to attend any or all of the free summit webcasts at http://www.brighttalk.com/r/SHf

You will be able to attend any or all of the presentations, submit real-time questions to presenters, and vote in audience polls. If you are unable to attend the webcasts live, you can also view them afterward on-demand.

Kantara Initiative is proud to announce eValid8 as their first Accredited Assessor for the Identity Assurance Accreditation and Certification Program.

The Identity Assurance Accreditation and Certification Program is committed to helping drive organizational interoperability in order to assure trust in the identity-based experience of end users, Relying Parties and Federation Operators. Kantara-Accredited Assessors perform Assessments of Credential Service Providers based on the Kantara Initiative Identity Assurance Framework and provide a Kantara Assessment Report (KAR) to the Kantara Initiative Assurance Review Board (ARB). The ARB then makes its recommendations to the Board of Trustees concerning the granting of Kantara-approved service status based on the KAR.

The Certification Program assesses applicants against strict criteria according to the Level of Assurance desired to be attained, and grants to candidates of the program the right to use the Kantara Initiative Mark, a symbol of trustworthy identity and credential management services at specified Assurance Levels. The results of this certification program are maintained electronically on the Kantara Initiative website in the Kantara Initiative Trust Status List, which lists both approved services and accredited assessors.

Kantara Initiative is pleased to begin work with eValid8.  The Kantara Initiative Identity Assurance Accreditation and Certification program is now accepting Credential Service Provider applications for Certification. Please address queries regarding the Identity Assurance Accreditation and Certification Program to staff[at]kantarainitiative[dot]org or via our Contact Us form.

eValid8 are a certified IT auditing firm and recognized as a leader in the field of identity management, IT auditing, privacy impact assessment, and regulatory compliance.

The Government of Canada announced a Request For Information, titled “RFI – Secure Channel”, including a call for Accrediting External Credential Service Providers. As can be read from their release below, they are interested in the Kantara Initiative Service Assessment Criterion and Assurance Assessment Scheme and the related supporting Kantara Initiative Assurance Accreditation and Certification Program.

Respond to the RFI:

• RFI – Secure Channel.

Request for Information – Cyber Authentication Renewal
Accrediting External Credential Service Providers
March 11, 2010

Industry consultations on Cyber Authentication Renewal and IT Security Services were held on February 16 and 17, 2010, with Public Works and Government Services Canada (PWGSC) and Treasury Board Secretariat. Following that consultation session, the Government of Canada (GC) would like to inform private-sector organizations that a Request for Information (RFI) on Accrediting External Credential Service Providers is now available on MERX at this link.

The GC is investigating solutions that would allow individuals the option of using their existing credentials in order to gain online access to government programs and services. This proposed approach would provide flexibility to both departments and agencies, and to individuals who access GC services. It would allow departments and agencies to use credentials that are appropriate to the sensitivity of their service offerings, while allowing individuals to choose the credential they wish to use to access any online GC services.

The GC is considering asking external credential service providers to join its credential federation, with an accreditation framework based initially on the Kantara Initiative‘s Service Assessment Criterion and Assurance Assessment Scheme.

Industry organizations are invited to participate in this RFI in order to validate and refine the GC’s approach to electronic authentication and to provide additional information on how to solicit and accredit external credential service providers using a federated model.

Demande d’information – Le renouvellement de l’authentification électronique
Accréditation des fournisseurs externes de justificatifs d’identité
11 mars 2010

Les consultations avec l’industrie à propos du renouvellement de l’authentification électronique et les services de sécurité de TI ont eux lieux les 16 et 17 février dernier avec Travaux publics et services gouvernementaux (TPSGC) et le Secrétariat du Conseil du trésor (SCT). Afin de donner suite aux séances de consultation, le gouvernement du Canada (GC) désire informer les organisations du secteur privé qu’une demande d’information (DDI) au sujet de l’accréditation des fournisseurs externes de justificatifs d’identité est maintenant disponible sur MERX, au lien suivant.

Le GC est à la recherche de solutions qui offriraient aux utilisateurs la possibilité d’utiliser leurs justificatifs d’identité existant afin d’accéder à des services et à des programmes gouvernementaux en ligne. Cette approche proposée offrirait une plus grande flexibilité aux ministères, aux organismes et aux utilisateurs. Elle permettrait aux ministères et aux organismes d’utiliser les justificatifs d’identité appropriés en fonction de la sensibilité des services offerts tout en permettant aux utilisateurs de choisir le justificatif d’identité qu’ils veulent utiliser pour accéder à tous les services gouvernementaux en ligne.

Le gouvernement du Canada envisage de demander aux fournisseurs de justificatifs de joindre sa fédération d’authentifiant avec cadre d’accréditation basée initialement sur les Service Assessment Criterion (critères d’évaluation de service) et l’Assurance Assessment Scheme (programme d’évaluation de l’assurance) de l’initiative Kantara.

Les organisations de l’industrie sont invitées à participer à cette DDI dans le but de valider et de raffiner l’approche du gouvernement du Canada à l’égard de l’authentification électronique et de fournir des renseignements sur la manière de solliciter et d’accréditer les fournisseurs externes de services de justificatifs en utilisant un modèle fédéré.