Martin Smith; Ken Dagg; Mark King; Mark Hapner; Richard Wilsher. Jimmy Jung; Colin Wallis, Ruth Puente
Quorum: As of 2020-08-13, quorum is 4 of 6. There was quorum
a. Next steps to UK DCMS Digital Identity policy development - See draft responses/comments to the questionnaire HERE.
b. Criteria Guidance (Any participant suggestions for adding or enhancing guidance for understanding assessment criteria).
3. Any Other Business
- Motion: To Approve 2020-10-01 DRAFT Minutes. Moved: Martin Smith; Seconded: Mark Hapner. Unanimous Approval.
Staff reports and updates
- Colin was asked by Think Digital Partners to write a piece as part of his role on its Advisory Board, he chose to write about legislation regarding digital identity. His observations are broadly restricted to the 'five nations' common law countries not only because he is most familiar with them, but also three of the five are Kantara members.
- He commented that members of Kantara have received an email and others may have seen press coverage that GSA is rejoining Kantara, this is a major step forward. In addition, he mentioned that Mastercard has also joined Kantara, it is good news considering the size of a company like this one.
- Ruth added that the interest in 800-63-3 is growing, mostly every week there is a call with a potential CSP and ARB agenda is getting very busy. A new CSP will be approved soon (Neustar). In relation to GSA, in the last meeting they stressed that they will support only the 63-3 and no longer the Classic as rev.4 is coming soon.
- Colin mentioned that earlier today there was a call between the three government members of Kantara, New Zealand, Australia and the USA joined on a call.
LC reports and updates
- Ken said that the mDL privacy Discussion Group is standing up. It is called “Privacy & Identity Protection in mobile driving license ecosystems” and it will focus on rounding out the ISO 18013-5 mDL standard's privacy and security recommendations in Annex E. He opened the invitation to collaborate and participate.
Next steps to UK DCMS Digital Identity policy development
- Ken reminded the group that Mark K. sent responses to the questionnaire a couple of days ago Quest_Kantara_MK.odt
- Mark K. explained that there are companies and businesses that have responded to last year call to participate in further sessions with the government. Kantara was selected for being part of the next round of discussions. They have asked for this particular survey to be filled in. He explained that his comments in red represent his own interest on this.
- Ken suggested to start with those applicable to Kantara providing a response.
- The critical one in Mark K. opinion is the question #2, about legislation. It was suggested to also add NIST SP 800-63-3.
- Ken asked if there is anything like a privacy act or something along that line within the UK. Mark K. responded the general data protection regulation is the overriding issue in that area at the moment.
- Question #3: Colin asked if the group feels like Kantara should offer itself for the oversight. The group supported the idea. It was also commented that it has to happen, but it is necessary to compare it with the particular problems of tScheme and OIX. tScheme was essentially the first on the block in the UK and it was created to do things in the private sector. It lost fashion parade and OIX was chosen as being the preferred way of having an interface with industry from the cabinet office; but after 10 years it has not delivered on that. Therefore, it is needed to explain what Kantara offers that others do not. Ken said that it puts Kantara in direct competition with OIX and in his opinion, it is not a bad thing. Colin added that OIX is not operational as Kantara.
- Mark K. asked the group if Kantara is good for the fuzzy matching. Colin answered it does not. It was added that CSPs do it.
- Mark K. explained that the idea is to see in what area Kantara has something to say.
- Question #5: Ken suggested to consider the financial sector rather than payment sector. Mark K. responded his idea was to distinguish that. Banking is not the same as payment. Ken also suggested open banking, healthcare, insurance and mDL.
- Mark K. clarified that in the UK nothing is based on citizenship. If you are a resident, you will not be treated differently than anybody else.
- Question #6: Ken pointed out he would agree on removing the legislation and to include privacy and inclusion. It was commented that adding item 4 “Attribute checking of government data” there would be learning involved.
- It was added that staff will be circulating the information on the Scottish government request for comments.
- Colin suggested to add this on the agenda for next meeting.