Congratulations to Rich Furr who will serve as the new Identity Assurance WG Vice Chair.

The focus of the Identity Assurance WG is to foster the adoption of trusted on-line identity services. To advance this goal, the group will provide a forum for identifying and resolving obstacles to market and commercial acceptance that have limited broad deployment and adoption of trusted identity services thus far.

As Head, Global Regulatory Affairs, Policy & Compliance, SAFE-BioPharma, Association since September 2007, Rich is the SAFE point of contact for activities with the FDA, EMA, EU National Competent Authorities and the PMDA in Japan. He is also the liaison for ongoing activities with the other health related standards organizations such as HL7 and the Electronic Health Initiative (eHI).

Rich can be reached at rfurr[at]safe-biopharma[dot]org

Please join in welcoming Rich – we look forward to the continued work of the Identity Assurance WG.

Catch the round up of recent updates from Kantara Initiative:

• Authorization Standards Workshop at Burton Catalyst San Diego, July 27, 12:30-2:30pm
• Merger of Kantara’s IdP Selection WG into ULX WG
• Kantara Initiative Meeting, Oct. 19-21, Paris, France hosted by Orange-FT
• Kantara Initiative announces the formation of the Federation Interoperability Work Group (FIWG)
• Kantara Initiative Announces Identity Assurance Framework 2.0
• Announcing Yasuhisa Sakamoto & Toshihiro Suzuki as Kantara Initiative’s Japan WG co-chairs
• Kantara Initiative Engages Drummond Group to Manage Global Interoperability Program
• Comparing OAuth and UMA – by Eve Maler
• Kantara speakers featured at Burton Catalyst Prague, June 21-24, 2010
• Kantara Initiative Webcast via BrightTALK: Identity Assurance Frameworks within Federated IAM Systems, May 6 - listen and view the audio of this Webcast
• Catch up on recent activities at industry events: UMA at EIC 2010, IIW X round-up
• What exactly is “open” in Open Identity?
• Industry events – contact Dervla O’Reilly regarding discounted conference rates: pii2010, August 17-19, Seattle, Hacker Halted October 9-15 Miami, WHIT 6.0 Nov. 8-10 Washington D.C., Gartner Identity & Access Management Summit November 15-16 San Diego

We invite you to join us for the Kantara Initiative Webcast “Identity Assurance Frameworks within Federated IAM Systems” presented by Joni Brennan, Program Director, Kantara Initiative.

The live Webcast is part of the Identity & Access Management Summit and takes place Thursday, May 6, 7-7:45am PDT. Register via the BrightTALK website: http://bit.ly/IAF_Webcast

On behalf of Frank Villavicencio, chair of the Identity Assurance WG.  Also published at Frank Villavicencio’s blog page.

First off, I would like to would like to express my sympathy to those affected by the terrible earthquake that hit Chile this past weekend.

Envio mi palabra de aliento y de optimismo al pueblo Chileno. Tengo muy buenos amigos Chilenos y a todos les deseo lo mejor en vista de estas circunstancias, a sus familias y a todos los afectados… Las cosas de Dios son sin duda alguna indescrifrables.

In this blog post, I would like to share with you some recent developments in the world of identity assurance, which as you know from my recent blog posts: “Identity Assurance, an everyday life issue” part 1 and part 2, is a top of mind issue for me and for us here at Identropy. Quite frankly, I could not hope for better timing for these blogs to come about.

On Friday February 26th, 2010 the US Federal Government’s Identity, Credential, and Access Management (ICAM) Trust Framework Evaluation Team (TFET) reviewed Kantara Initiative‘s latest submission and granted it Provisional Approval as a Trust Framework Provider at Levels 1, 2 & non-crypto Level 3 under the Open Identity Solutions for Open Government program.  The removal of the provisional status will hinge on the release by TFET of additional guidance for assessors concerning privacy and Kantara’s adoption of this guidance.

This is for me an extraordinary milestone, not only in my role of Chair of the Identity Assurance Work Group, but as an identity assurance activist altogether.  Kantara submitted its application for the US Federal Government adoption of the Identity Assurance Framework (IAF) in November of 2009. Prior to that date, the IAWG has been working very hard, collaborating with Kantara and the Assurance Review Board (who oversees the Kantara Initiative Identity Assurance Certification Program) to achieve this important goal (albeit still under provisional status).

The significance of this milestone is that it represents an important step towards fostering the adoption of identity-enabled Government services at known levels of assurance, relying on identity credentials issued and managed by non-Government parties (referred to as Credential Service Providers in the IAF). It will create the right conditions for the certification program to be adopted in real-life scenarios and for the industry to benefit from a proven, best-of-breed certification program that effectively enables interoperability and trust. This means that the IAF will not be just a “paper” standard, incarnated in a compendium of documents, but an actual technology-agnostic program that organizations can certify against.

With the adoption of risk-based models, identity federation can achieve Internet scale, and facilitate public access to online information at specific levels of assurance.  With adoption will also come economies of scale and further collaboration and interoperability across industries and Governments.

As someone who has been involved in identity management and identity assurance for quite some time, I cannot help but feel excited about the times I live in, and optimistic about what is to come.

I do anticipate and hope for more endorsements of the IAF in the near future by other organizations, and more importantly, the start of a paradigm shift in the way we all think about identity, both within the Enterprise and in a federated environment.  Ultimately, this path will allow the identerati to focus on the real end goal: delivering identity-enabled solutions and services with the level of trust and confidence that is appropriate for the transactions being performed.

But this is just a first step…

Frank

Yesterday The Identity Theft Prevention and Identity Management Standards Panel (IDSP) released a workshop report calling for the development of an American National Standard on identity verification as a tool to help combat terrorism and identity theft. This is work Kantara Initiative supports and looks forward to continue our engagement with as this standards effort progresses to the next level. I serve on the Steering Committee of IDSP and I’d like to commend Jim McCabe, Graham Whitehead and the other contributors for their excellent work.

I’m writing this post from Washington, D.C. where I’m speaking at the Smart Card Alliance’s 8th Annual Smart Cards in Government conference. Yesterday I was on a panel here with Dan Combs, Brian Zimmer, and Tom Lockwood where we had the opportunity to highlight this important milestone in the standards-setting process for identity vetting & proofing. This is an important standard that will improve the efficacy of Kantara’s own Identity Assurance Framework since our Service Assessment Criteria for identity proofing is dependent on source documents (aka “breeder documents”). This new standard that will be developed based on the impetus of yesterday’s ANSI Report will improve the reliability of breeder documents.

Perhaps the most far-reaching benefit of this report’s recommendations will be on the stability of the consumer identity ecosystem that all “online” Americans find themselves in today. In order for electronic credentials like username & password, or more secure credentials like OTP devices or Smart Cards, to trusted at the highest levels of assurance, they must be properly bound to the identity of the user. Our Identity Assurance Framework standardizes a way of doing this but is largely dependent on the validity of the source credentials used during the enrollment process. This is why we support the IDSP efforts to improve the validity of all source credentials issued in the United States, and will support this work moving forward as the foundation for an international standard in this area.

Applications in the global identity, eCommerce, eGovernment, social networking and telecom sectors win Identity Deployment of the Year Awards

Las Vegas, NV – September 15, 2009 — Kantara Initiative, a global identity community working to solve harmonization and interoperability challenges among identity-enabled enterprise, Web 2.0 and Cloud applications and services, today announced that six applications have won a 2009 IDDY (Identity Deployment of the Year) Award. The IDDY Deployment award winners include Google and Plaxo; Signicat; and the U.S. Department of Defense.  The winning IDDY Proof of Concept (POC) awards include fun communications; Gemalto and Vodafone; and NRI, NTT and Oracle. The IDDYs were presented today at CSO magazine’s Digital ID World 2009 in Las Vegas, NV. 

“Winners of the 2009 IDDY Award reflect the evolving identity landscape, where applications are leveraging a wide range of protocols and collaboration is key to moving the global identity industry forward,” said Brett McDowell, executive director, Kantara Initiative. “With more joint submissions than any other year and nominations spanning industries and regions, we congratulate the six winning applications from ten different organizations for demonstrating some of the most innovative and diverse identity solutions in the marketplace today.”

Now in its fourth year, the IDDY program has grown within Kantara Initiative to recognize the individuals and organizations developing identity-enabled applications built using any open identity technology. Judges evaluate nominations based on criteria that include the benefits applications deliver to communities, businesses, governments and people; the ROI the application demonstrates; and how the solution may successfully address identity issues such as reducing identity theft, meeting regulatory requirements, and providing users with increased security and privacy protection.

Winners in the Deployment Category:

Google and Plaxo – Google and Plaxo have won an IDDY Deployment award for their collaborative work in the development of a “hybrid onboarding” solution designed to increase the success rate of users finishing the registration process with a social network. The solution uses a combination of open technologies referred to as the “OpenStack,” which includes OAuth, OpenID, Portable Contacts and XRDS. Because the implementation uses open technologies, the solution can be easily replicated by others to optimize onboarding between any OpenID Provider (OP) and Relying Party (RP) pairing.  With a success rate of 92 percent, the application enhances the user experience while providing increased security and privacy protections. The service was deployed by Google and Plaxo in early 2009 and is currently available to hundreds of millions of Google users. A presentation reviewing the application is available at http://tinyurl.com/ok8u9x

Signicat – Signicat has won an IDDY Deployment award for the development of an online hosted Identity Provider that is offered as a managed service to private and public sector enterprises and organizations in the Nordic Region (Norway, Sweden, Denmark and Finland). The service acts as an intermediary to provide organizations with easy and secure access to the region’s eID (electronic ID) infrastructure. The solution supports SAML for strong authentication and SAML and OpenID for Web Single Sign On, as well as eSignature for workflow and long-time archiving of signed documents. The Identity Provider went live in October 2005, and is currently used by approximately thirty organizations giving access to over 12 million pre-authenticated identities. More information is available at www.signicat.com.

U.S. Department of Defense – The U.S. Department of Defense (DoD) has won an IDDY Deployment Award for SPOT (Synchronized Pre-Deployment and Operational Tracker), a Web-based enterprise networking solution used by the DoD for precise tracking and management of assets supporting US forces deployed overseas. The contractor cross-credentialing with SPOT has been developed and launched in collaboration between the U.S. Department of Defense and the Federation for Identity and Cross-Credentialing Systems, Inc. (FiXs). The system recognizes identity credentials issued by various government entities as well as compatible, standards-based, certified identity credentials issued by industry to support identity-based transactions between the U.S. Government, various international coalition governments, and supporting industry contractors and suppliers. SPOT provides visibility into contingency contracts accounting for 10,439 companies and 3,783 active contracts, with the system currently supporting more than 12,650 end users. More information is available by visiting http://www.bta.mil/products/spot.html and http://fixs.org/.

Winners in the Proof of Concept Category:

fun communications – fun communications has won an IDDY in the POC category for the development of its WebCard Loyalty solution, a public portal that can be used worldwide. WebCard Loyalty let’s anyone create their own customer loyalty system for the Internet using “virtual loyalty cards” and is based on Information Card Technology. The application combines user-centric identity management and customer loyalty programs such as bonus points, coupon promotions and discounts on partner websites, into a single application. Retailers and portal operators can issue their own virtual loyalty cards that can serve as a reliable means of authentication and authorization. The portal can be adapted to meet individual requirements, and is suitable for issuing all types of virtual identification cards such as student ID cards, library cards and discount cards. More information is available by visiting http://www.fun.de and http://www.webcard-loyalty.com.

Gemalto and Vodafone – Gemalto and Vodafone Group R&D have won an IDDY in the POC category for the development of a solution that adds strong authentication capabilities to OpenID using a Universal Integrated Circuit Card (UICC, typically a SIM card) inserted in a handset or inside a USB token, and is using either public key infrastructure (PKI) or a one-time password (OTP) as the underlying authentication technology. The application allows the use of distinct devices to access the service and to authenticate. The UICC (SIM) is used as a networked cryptographic computer exposing authentication services accessible via IP protocols. This provides users with new and convenient options for securely accessing OpenID-enabled sites from devices such as a PC, handset or game station.  Mobile network operators could offer a service to allow end users to leverage UICC-based OpenID single-sign-on to secure access to Web applications. More information is available by visiting http://www.betavine.net.

NRI, NTT and Oracle – NRI, NTT and Oracle have won an IDDY in the POC category for an application that demonstrates the possibility and practicality of achieving policy interoperability between OpenID and SAML. Both technologies include mechanisms designed to carry identity assurance information; OpenID uses the Provider Authentication Policy Extension (PAPE), while SAML uses its Authentication Context. While the two mechanisms are logically similar, until this proof of concept, they had not been demonstrated to be compatible. The application demonstrates how the number of services where an existing OpenID or SAML credential might be used could be effectively increased. A presentation reviewing the application is available at http://tinyurl.com/q5egag

This year’s winners join the growing list of IDDY Award recipients who have been at the forefront of successfully addressing some of the most challenging technology and policy issues in the global identity sector, with each winner delivering unique benefits to organizations and users. Previous winners of the IDDY include Aetna, Citi, Deutsche Telekom AG (a two-time winner), eBIZ.mobility, EduTech, NTT Labs, UNINETT, the New Zealand Government, Rearden Commerce and the UK Government Authentication Gateway. Kantara Initiative will issue the call for nominations for the 2010 IDDY Awards during 2Q 2010.

About the Kantara Initiative 2009 IDDY Award Judging Panel

The following individuals served on the 2009 Judging Panel: J. Trent Adams, trust & identity outreach specialist, Internet Society and chair of the Kantara Initiative Leadership Council; Mike Beach, CISSP, chief security designer, information security, The Boeing Company; Bob Bragdon, Publisher, CSO magazine; John Fontana, senior editor, Network World; Gerry Gebel, VP & service director, identity and privacy strategies, Burton Group; Paul Madsen, chair of the Kantara Initiative ID-WSF Evolution Work Group and identity standards researcher, NTT; RL Bob Morgan, senior technology architect, University of Washington; Nat Sakimura, senior researcher, Nomura Research Institute (NRI); Toby Stevens, director, Enterprise Privacy Group; Roger Sullivan, president of the Kantara Initiative Board of Trustees, president of Liberty Alliance and vice president Oracle Identity Management; and Phil Windley, founder and chief technology officer, Kynetx. Panelists recused themselves from judging in categories where their organization had submitted a nomination. More information about the IDDY Award’s is available at http://tinyurl.com/ldteb2

###

The Kantara Initiative yesterday announced the formation of the Identity Assurance Review Board (ARB).  This is a tangible example of the Kantara Initiative delivering on the non-technology related, identity meta-issues that I alluded to in my last Kantara Initiative blog.  

I think in a few years we will look back to this and see it as a key step toward making the Internet a more useful and safe place for conducting commerce.  And when I say commerce I don’t mean just buying and selling stuff on the Internet. I mean using the Internet to provide the underlying wiring for cross-organizational ecosystems – supply chains, distribution partnerships, outsourcing – all needing to operate in real-time and without organizational boundaries getting in the way. 

That is a place where I believe tremendous economic value is currently trapped – between organizations.  I believe this inter-organizational friction holds back billions of dollars in potential value.  Organizations certainly do interoperate today using the Internet as the communication network, but it is currently way too hard, expensive, and slow to make this happen for large value release.  The force of friction won’t let this ball really start rolling.

Why is this type of commerce hard?  In part it is due to the existence of non-standard technologies and APIs on both sides which are tricky to integrate.  But this issue is fading with standards and APIs which often leverage XML.  So in many ways the technology hurdles for interoperation on the Internet have been addressed. 

What hasn’t been sufficiently addressed is trust and the establishment of trust.  If you are with an organization that would like to interoperate in real-time with your 100 distribution partners, a key problem is how you establish and enforce trust across this particular ecosystem?  And it needs set it up in days, not years. 

Today we don’t even have a common way of communicating certain facts which can lead to the establishment of trust, let alone the fast establishment of trust itself.  If we solve this in a widely deployable way, the tremendous economic value I mentioned can be released.  More grease will be applied to this friction problem through the establishment of the ARB.

Check out Matthew’s blog at  http://tinyurl.com/ner8cf

Organizations take leadership role in driving trusted identity-enabled enterprise, SaaS and Cloud applications based on certified identity services

August 18, 2009 – Kantara Initiative, a global identity community working to solve harmonization and interoperability challenges among identity-enabled enterprise, Web 2.0 and Cloud applications and services, today announced that representatives from Aetna, BT, SUNET/NORDUNet and the US GSA have taken leadership positions on the Kantara Initiative Assurance Review Board (ARB). The ARB oversees the Grant of Rights for use of the Kantara Initiative Assurance Mark, a mark of quality demonstrating that organizations have met stringent identity management criteria outlined in the protocol independent Identity Assurance Framework (IAF).

Marks will initially be awarded in two categories, one to industry assessors indicating they meet requirements to assess identity services for compliance to the IAF, and one to identity services that have been certified by these assessors against the four identity assurance levels detailed in the IAF. Services earning the Kantara Initiative Assurance Mark have successfully satisfied the organizational management, identity proofing, and credential management criteria associated with each identity assurance level. 

“With today’s news, Kantara Initiative is moving to reduce the business, governance and liability challenges organizations face when adding new partners and customers to their ‘trusted Cloud’ of external services,” said Mark Coderre, head of security architecture for Aetna. “Robust Kantara Initiative certification of identity services across a range of risk assessment criteria allows businesses to quickly establish trust with external parties, and to grow the value of these trusted relationships dynamically.”

Certified identity services eliminate the need for organizations to “reinvent the wheel” each time they need to assess the risk of accepting identity credentials from an outside party, making it easier and faster to deploy new services.

About the ARB

The ARB works with the Kantara Initiative Board of Trustees overseeing the Kantara Initiative Identity Assurance Certification Program, developed by Liberty Alliance and now moving forward within Kantara Initiative. The open membership structure of Kantara Initiative is bringing the right mix of identity assurance stakeholders together to advance certified identity services collaboratively. The first Kantara Initiative Identity Assurance Certification cycle is currently underway. The ARB will award Kantara Initiative Assurance Marks based on the results of this event. More information is available here http://tinyurl.com/r6le4r

Representatives from Internet Society and Oracle elected to leadership positions as growing membership base works to bridge identity technologies, initiatives and organizations

 

Washington DC, June 17, 2009 – Nearly 45 organizations from the global identity and Internet communities today announced the launch of Kantara Initiative, a new organization formed to solve the harmonization and interoperability challenges that currently exist among identity-enabled enterprise, Web 2.0 and Web-based applications and services. Kantara Initiative has been founded to collaboratively foster the innovation required for broad adoption of interoperable identity-enabled solutions across industries, regions and fixed and mobile networks. As of today’s launch, nearly 20 initial work and discussion groups have been proposed by the growing Kantara Initiative community. Kantara Initiative will hold a public webcast to overview the new organization on Wednesday, June, 24 at 8:00am US PT (3:00pm UTC).

 

The launch of Kantara Initiative comes after a year of strategic planning involving stakeholders representing the entire identity ecosystem. This planning focused on how to best move the industry forward as the enterprise identity landscape continues to evolve and use of social networking and Web 2.0 applications rapidly proliferates, with growing interaction between these three markets driving new use cases and identity requirements. With zero barriers to participation and founding principles based on transparency, inclusion, empowerment, innovation, collaboration and openness, members of the community are leveraging the successes and experiences of each other to drive holistic, interoperable and trusted identity solutions into the global marketplace.

 

“The identity product and service market grows more complex every month, and as the market gets more moving parts, there are more and more requirements for all those parts to work together. The parts aren’t going to work together unless the part makers work together – and that’s why today’s announcement is important,” said Bob Blakley, principal analyst, The Burton Group. “The Kantara Initiative is helping to bridge identity initiatives and organizations, which can help set the stage for better collaboration in the global identity sector.”

 

Board of Trustees and Leadership Council – Fostering Innovation and Collaboration Based on a Bicameral Governance Model

 

The Kantara Initiative has been established based on a bicameral governance model where the Board of Trustees and Leadership Council work hand-in-hand as peers in steering the direction of the organization. The bicameral model ensures that all members and participants can have a voice within Kantara Initiative.

 

With today’s news, Roger Sullivan, vice president Oracle Identity Management, has been elected president of the 2009 Kantara Initiative Board of Trustees and J. Trent Adams, outreach specialist, trust & identity, Internet Society, has been elected chair of the Leadership Council. Initial Board of Trustee members include AOL, BT, CA, Intel, Internet Society, Fidelity Investments, Novell, NRI, NTT, Oracle, PayPal and Sun Microsystems. Representatives from Intel and the New Zealand government have Leadership Council seats on the Board of Trustees.

 

According to Sullivan, “The problems the global identity industry faces today are not just about technology, but rather a combination of business policy and privacy requirements, balanced against interoperability, usability, as well as technology harmonization. All of these issues need to be addressed for identity-enabled solutions to succeed and for deployers to leverage their benefits. Kantara Initiative is uniquely positioned to address these needs.”

 

A Holistic View – Technology, Policy and Proven Interoperability

 

The Kantara Initiative structure has been designed to foster the development of new identity-related technology and policy initiatives from initial proof-of-concept and incubation, to go-to-market and long-term adoption strategies. Existing projects moving into Kantara Initiative will benefit from additional community input which will include identifying new use cases, support for adding functionality, and opportunities for proving interoperability with other projects, initiatives and technologies.

 

All output from Kantara Initiative will be based on open standards with the goal of ensuring end user convenience, security and privacy. A commitment to open standards means the Kantara Initiative community will collaborate on projects that make use of all of the identity frameworks, protocols and specifications in the marketplace today. This means solutions could be built based on one or a combination of several IAF, ID-WSF, IGF, Information Card, OAuth, OpenID

SAML 2.0, WS-*, XACML and XDI standards.

 

Focus Spanning Identity Initiatives – Nearly 20 Work and Discussion Groups in Progress Today

 

The Kantara Initiative name, which is Swahili for “bridge” and has Arabic roots in “harmony,” was announced at the April 2009 RSA Conference and since then members of the identity community have proposed nearly 20 initial work and discussion groups. All groups are open to every Kantara Initiative member as well as to the public, and anyone can suggest a new group to the Leadership Council at any time. Groups are formed by members and participants to address common issues and problems related to specific industries.

 

Proposed groups, which are being approved on an ongoing basis by the Leadership Council, include Concordia Use Cases, eGovernment, Federated Identity Model Agreement & Commentary (FIMAC), Health Identity and Assurance, Identity Assurance and Accreditation, Identity Provider Selection, Identity Theft Prevention, ID-WSF Evolution (OAuth Extensions), Japan, Multi-Protocol Identity Selector, Multi-Protocol Relying Party Deployment, Privacy and Public Policy, Telecommunications Identity, User Driven Information Technology and Volunteered Personal Information (VPI). A list of all of the groups in progress is available at http://kantarainitiative.org/wordpress/?page_id=6 

 

“It’s clear that Kantara Initiative brings together the right mix of collaborators to help shepherd the next generation of identity solutions. Specifically, our goal is to facilitate the development of solutions that are interoperable, secure and privacy-respecting.  And importantly, the work is being done in an open and transparent fashion,” said Adams. “Collaboration between identity communities and initiatives within Kantara Initiative will lead to more trusted identity-enabled applications and services. This fits squarely into the Internet Society vision of an Internet Ecosystem where the continued development and adoption of Internet technologies includes a broad range of participants with dispersed ownership and control.”

 

About Kantara Initiative

Kantara Initiative has been formed by Concordia Project, DataPortablity Project, Information Card Foundation, Internet Society, Liberty Alliance, OpenLiberty.org and XDI.org. The Kantara Initiative membership structure is unique in that it has been organized to ensure that there are zero barriers to participation. Membership levels allow for maximum industry-wide participation and include Participant, Member and Trustee categories, which individuals and organizations join depending on the size of the organization and type of desired participation. The Kantara Initiative membership structure, levels, fees and governance model are outlined at http://kantarainitiative.org/wordpress/?page_id=8 . A complete membership and chair list is available at http://kantarainitiative.org/confluence/display/GI/Current+Members.

 

About the June 24 Kantara Initiative Public Webcast

Hosted by Brett McDowell, executive director, Kantara Initiative, Roger Sullivan and J.Trent Adams, the public webcast, Kantara Initiative, Shaping the Future of Digital Identity, takes place on Wednesday, June, 24 at 8:00am US PT. The one-hour event will provide participants with an overview of Kantara Initiative including a review of goals, structure and opportunities for all members of the global identity community to participate in the organization. Registration and more information is available at http://tinyurl.com/nsw3n5

 

Follow Kantara Initiative (#Kantara) on Twitter:

http://twitter.com/KantaraNews

 

Follow Kantara Initiative on YouTube:

http://www.youtube.com/user/KantaraInitiative

 

Follow Kantara Initiative on Flickr:

http://www.flickr.com/photos/kantarainitiative/

 

Follow Kantara Initiative on SlideShare:

http://www.slideshare.net/kantarainitiative

 

Follow the Kantara Initiative Blog:

http://kantarainitiative.org/wordpress/?page_id=29

 

 

###

 

CONTACT:

 

Russ DeVeau

Kantara Initiative

www.kantarainitiative.org

Mobile: 908-251-1549

Office – 954-530-2850

russd@projectliberty.org

russdeveau@comcast.net

 

 

Project Concordia, a Kantara Initiative co-founder, recently responded to a need of one of its members and issued a simple survey to learn more about the community’s use of identity federation. 112 respondents viewed the survey (which weeded-out organizations who were not participating in a federation, resulting in 103 survey respondents). Some interesting highlights (the full survey is available here) include:

• The most popular federation protocol was SAML 2.0 (75.6%). The next highest response category (respondents could select all that applied) was SAML 1.x at 53.5%.
• Between two and ten federated relationships, for both Service Providers and Identity Providers, was the most popular number of relationships, although the next most popular category for both was “more than 10”, so clearly where there’s traction, it’s growing (proving getting over that first hump is often the hardest task).
• Commercial federation products were popular (59.8% of respondents using), although open-source toolkits also had a strong showing (46.3%).
• Many recognized benefits had more than 50% of respondents, including single sign-on benefits (87.8%), enhanced user experience (64.6%), greater security (63.4%), and reduced costs to support partners (63.4%).
• But there are still challenges, chief among them potential partners lacking identity federation technology (78%) and lack of experience in implementing federation technology (65.9%)

Most telling of all was the ending free response area, which is best summed up with the very first comment: “[We] need to find ways to make people realize [federation is] a business partnership first before technical; more emphasis gets placed on technical, but should be placed on business.” Several others went on to point to the importance of trust, legal relationships, clear administrative boundaries, and a common identity assurance framework (yes, some of our prospective members have some thoughts here!).

Clearly the time is ripe for federation. Where the audience is educated and relationships exist, benefits are being realized. But we still have a huge opportunity ahead of us to better educate and make it easier to “do” federations by solving some of those business partnership issues in a more consistent way. Those who are succeeding seem very happy and realizing great results—they just want more partners to federate with—now!

Looking forward to some more research from the Concordia community! Survey suggestions appear to be welcome on the survey page.