Last week I attended the Experian Vision Conference. This conference is produced by Experian with attendance from their customers, partners and relying party services. It was a unique opportunity to speak to representatives who are stakeholders in trusted identity services communities – but not necessarily the same stakeholders that often in attend identity management specific events. Attendees were from sectors including but not limited to: risk, fraud, financial, credit, payments, and entertainment. Kantara was invited to contribute to a panel discussing Identity proofing using National Institute of Standards Technology (NIST) level 3 — strong authentication for the public and private sectors.

The panel was well received with many interested attendees who had insightful questions regarding the services coming on line, those that are already active and how compliance is verified to assure Trust. But perhaps one of the most interesting services we learned about was the recent announcement of a service from the US Social Security Administration (SSA) called “my Social Security” (read the SSA Press Release).

“my Social Security” service allows public citizens to create an account through SSA.gov which, upon verification, allows citizen access to earnings histories, social security statements and projected social security benefits upon retirement. What was even more exciting was that I was able to access the service and create a “my Social Security” account within approximately 5 minutes AND using an iPhone!

Here’s how it works
“To get a personalized online Statement, people age 18 and older must be able to provide information about themselves that matches information already on file with Social Security. In addition, Social Security uses Experian, an external authentication service provider, for additional verification. People must provide their identifying information and answer security questions in order to pass this verification. Social Security will not share a person’s Social Security number with Experian, but the identity check is an important part of this new, robust verification process.”

During the verification process I was asked to provide the last digits of a valid credit card. I decided to opt out of that mode and was provided with a number of alternate paths. I choose to verify using some values from my US Tax W-2 forms. The site also offers added security via one time pins sent to users via SMS. I encourage all US citizens/residents to try the service for your own experience.

While the press release indicates that the service is not perfect and some individuals may not be able to pass the Authentication questions, there are currently alternative means of verification via in-person proofing at a local SSA office. Trusted identity services linking citizens to government services still has a long way to go in terms of offerings and adoption, however this service is at the forefront of providing US citizens a view and access in to their benefits via US Gov services and an indicator of the exciting developments to come for trusted and verified Identity Ecosystems.

Relating to these activities I will note that, Experian is a member of the Kantara Initiative and currently has an application registered for Kantara Credential Service Provider Service Approval at Level of Assurance 3 non-crypto for a service they are offering which, once approved, would be listed in the US Federal Identity Credential Access Management (ICAM) Trust Framework which has adopted the Kantara Identity Accreditation and Approval Program based on the Identity Assurance Framework (IAF) as one of the US Gov Approved Trust Framework Providers. We at Kantara look forward to continuing development of the Trust Framework model with the US Government, Experian and all of our public and private sector members.

Hear how citizens and companies do business with the government in Finland. The audio and PDF slides details citizen authentication, attributes, identity providers and various levels of authentication and authorization.

We are happy to share this special presentation deriving from the current work of Kantara Initiative’s eGovernment Work Group.

Many thanks to Keith Uber, Product Manager, Ubisecure Solutions, Inc. for this presentation.

The Government of Canada announced a Request For Information, titled “RFI – Secure Channel”, including a call for Accrediting External Credential Service Providers. As can be read from their release below, they are interested in the Kantara Initiative Service Assessment Criterion and Assurance Assessment Scheme and the related supporting Kantara Initiative Assurance Accreditation and Certification Program.

Respond to the RFI:

• RFI – Secure Channel.

Request for Information – Cyber Authentication Renewal
Accrediting External Credential Service Providers
March 11, 2010

Industry consultations on Cyber Authentication Renewal and IT Security Services were held on February 16 and 17, 2010, with Public Works and Government Services Canada (PWGSC) and Treasury Board Secretariat. Following that consultation session, the Government of Canada (GC) would like to inform private-sector organizations that a Request for Information (RFI) on Accrediting External Credential Service Providers is now available on MERX at this link.

The GC is investigating solutions that would allow individuals the option of using their existing credentials in order to gain online access to government programs and services. This proposed approach would provide flexibility to both departments and agencies, and to individuals who access GC services. It would allow departments and agencies to use credentials that are appropriate to the sensitivity of their service offerings, while allowing individuals to choose the credential they wish to use to access any online GC services.

The GC is considering asking external credential service providers to join its credential federation, with an accreditation framework based initially on the Kantara Initiative‘s Service Assessment Criterion and Assurance Assessment Scheme.

Industry organizations are invited to participate in this RFI in order to validate and refine the GC’s approach to electronic authentication and to provide additional information on how to solicit and accredit external credential service providers using a federated model.

Demande d’information – Le renouvellement de l’authentification électronique
Accréditation des fournisseurs externes de justificatifs d’identité
11 mars 2010

Les consultations avec l’industrie à propos du renouvellement de l’authentification électronique et les services de sécurité de TI ont eux lieux les 16 et 17 février dernier avec Travaux publics et services gouvernementaux (TPSGC) et le Secrétariat du Conseil du trésor (SCT). Afin de donner suite aux séances de consultation, le gouvernement du Canada (GC) désire informer les organisations du secteur privé qu’une demande d’information (DDI) au sujet de l’accréditation des fournisseurs externes de justificatifs d’identité est maintenant disponible sur MERX, au lien suivant.

Le GC est à la recherche de solutions qui offriraient aux utilisateurs la possibilité d’utiliser leurs justificatifs d’identité existant afin d’accéder à des services et à des programmes gouvernementaux en ligne. Cette approche proposée offrirait une plus grande flexibilité aux ministères, aux organismes et aux utilisateurs. Elle permettrait aux ministères et aux organismes d’utiliser les justificatifs d’identité appropriés en fonction de la sensibilité des services offerts tout en permettant aux utilisateurs de choisir le justificatif d’identité qu’ils veulent utiliser pour accéder à tous les services gouvernementaux en ligne.

Le gouvernement du Canada envisage de demander aux fournisseurs de justificatifs de joindre sa fédération d’authentifiant avec cadre d’accréditation basée initialement sur les Service Assessment Criterion (critères d’évaluation de service) et l’Assurance Assessment Scheme (programme d’évaluation de l’assurance) de l’initiative Kantara.

Les organisations de l’industrie sont invitées à participer à cette DDI dans le but de valider et de raffiner l’approche du gouvernement du Canada à l’égard de l’authentification électronique et de fournir des renseignements sur la manière de solliciter et d’accréditer les fournisseurs externes de services de justificatifs en utilisant un modèle fédéré.