Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.
titleWorking Draft

This page is a Working Draft subject to further revision and has not yet been approved by the Leadership Council.  

(1) WG NAME (and any acronym or abbreviation of the name): The WG name, acronym and abbreviation must not include trademarks not owned by the Organization, or content that is infringing, harmful, or inappropriate.

Identity Assurance and Accreditation Work Group (IAWG)

(2) PURPOSE: Please provide a clear statement of purpose and justification why the proposed WG is necessary.

The Identity Assurance Work Group (IAWG) has been formed within the Kantara Initiative to foster fosters the adoption of trusted on-line identity services aligned to four levels of assurance (LOA) ranging from low to very high.
To advance this goal, the Identity Assurance Worg Group IAWG will provide a forum for identifying and resolving obstacles to market and commercial acceptance that have limited broad deployment and adoption of trusted identity services thus far. The first step will be development of a global standard framework and the necessary support programs for assessing identity service providers (IdSPs) against criteria that determine the level of assurance that a relying party (RP) may assume in evaluating identity claims provided by those IdSPs. evolving the Identity Assurance Framework (IAF) and furthering market adoption of identity-enabled services at a global scale by working with the Board of Trustees to establish the necessary support programs for accrediting and certifying various roles in the ecosystem, such as Credential Service Providers and Federation Operators.
The framework and processes will be defined in a way that scales, empowers enables business processes and benefits individual users of identity assurance services. The framework will be the basis upon which IdSPs, RPs and their services can be certified as compliant with common policies, business rules and baseline commercial terms, avoiding redundant compliance efforts and market confusion about the substance and value of identity assurance delivered.The work of IAWG will begin by consolidating, updating and enhancing the Trust Framework of the EAP (Electronic Authentication Partnership), the Credential Assessment Framework of the US E-Authentication Federation, and other industry contributions. The final deliverable will consist of services provided at specific identity assurance levels. The final deliverables will be a suite of harmonized, best-of-breed industry standards for the assessment of identity services, relying parties management of identity information, and identity federations support for inter-party trust . The standards will consist of an identity credential and attribute policy, business procedure and security rules, and minimal baseline commercial terms (e.g. risk, impact and liability allocation) supporting mutual acceptance, validation and lifecycle maintenance across identity federations. An important goal is to foster interoperability among identity federations on a global scale (i.e. inter-federation).The scope of the IAWG is not just to create a standard framework for identity assurance, but to move beyond pure policy development and into development of actionable and measurable programs (starting with certified assessment) including certification education, industry marketing and broad market promotion. The scope includes support for individual, organizational and machine entity identity services.
The and inter-federation, as well as guidelines to foster adoption of identity assurance-based solutions.

(3) SCOPE: Explain the scope and definition of the planned work.

IAWG's goal is to provide public and private sector organizations with a well defined means of relying on digital credentials and assertions issued by a variety of identity service providers (aka credential service providers) for both authentication and authorization, in order to advance trusted identity federation and thereby facilitate broad user acceptance of this means to manage access to online services and information. Interoperability of e-authentication systems, mutual acceptance of rules, policies and supporting business processes is essential to the cost-effective operation of safe and secure systems that perform critical electronic transactions and tasks across industry lines.

(3) SCOPE: Explain the scope and definition of the planned work.

The IAWG does not seek to duplicate the e-authentication work of other organizations nor does it seek to develop authentication protocols. The IAWG output will be relevant to operational practices and will not be normative to any specific software implementation of authentication or federation protocols.
Members of this EG have the opportunity to:


In line with this goal, here is IAWG's scope:

  • Define standards and frameworks for identity assurance policy for both the public and private sectors .
  • Better understand the needs of online users of member's services.
  • Expand markets by promoting at a global scale
  • Promote wider use of identity credentials .
  • Stay abreast of government policy worldwide that will have an impact on identity assurance.
  • Discuss the latest technology, at various assurance levels.
  • Analyze technology, policies, standards, and solutions in the e-authentication identity federation and identity assurance industry with their peers.
  • Get to know public and private sector leaders in e-authentication.
  • Identify opportunities to Identify opportunities where adoption of the identity assurance framework could save time and resources in implementing identity federations
  • Vote on all aspects of the IAF and associated accreditation program as it evolves within IAWG deliberations
  • Participate in all IAWG activities, such as meetings, email discussions, conference calls, etc.
  • Avoid Formulate pragmatic guidelines, recommended practices, proposed deployment models and methodologies for organizations to adopt solutions and approaches to online services that leverage identity assurance
  • Seek harmonization and standardization - avoid "re-inventing the wheel" or needlessly duplicating effort by identifying best practices across multiple industry sectors in this globally diverse working group and investing in productive liaison relationships across industries and geographies.
  • The following areas are not considered part of the scope of IAWG:
  • Definition of technical standards, whether for identity assurance or authentication assurance - the focus of IAWG will remain technology agnostic, and strategy/policy oriented.
  • Evaluation of technology or products to comply with particular identity assurance specifications - whether this is authentication technology, identity verification services, credentialing technologies, and the like.
  • Management and direct oversight of the certification programs designed to facilitate compliance with the IAWG output.

(4) DRAFT TECHNICAL SPECIFICATIONS: List Working Titles of draft Technical Specifications to be produced (if any), projected completion dates, and the Standards Setting Organization(s) to which they will be submitted upon approval by the Membership.

As per the scope defined in section (3) above, IAWG will not be producing technical specifications, as the focus of the group is to remain technology agnostic and focus on policy, business best practices, deployment models and strategy.

(5) OTHER DRAFT RECOMMENDATIONS: Other Draft Recommendations and projected completion dates for submission for All Member Ballot.

  • A set of strategic recommendations to the Kantara Initiative Board of Trustees regarding the development and operation of an Identity Assurance Certification program to advance the adoption of the IAF that would serve to foster inter-federation deployments on a global scale. (Summer, 2009).
  • The Identity Assurance Framework (IAF) - which is a set compendium of concepts documents including business rulesguidelines, procedural and technical trust criteria for identity service providers, relying parties and federations, and assessment methodologies for determining conformance to trust criteria. The IAF will be based on broad input from both public and private industry stakeholders with relevant experience and contributions to this effort.
  • Identity Assurance Framework - Service Assessment Criteria
  • Identity Assurance Framework - Here are the currently identified deliverables that are part of the IAF along with their expected publication timeline.
  • Here are the currently identified deliverables that are part of the IAF along with their expected publication timeline:
  • Overview (Summer, 2009)
  • Glossary (Summer, 2009)
  • Assurance Levels (Summer , 2009)
  • Assessment and Certification Scheme (Summer, 2009)
  • Assessor Qualification & Requirements (Summer, 2009)
  • Service Assessment Criteria (Summer, 2009)
  • Service Approval Authority Requirements (Summer, 2009)
  • Federation Operator Rules and Guidelines (Q4, 2009)


  • A uniform set of standards based on the IAF that will be used to accredit assessors who can in turn be relied upon by communities of interest in evaluating participants
  • A set of strategic recommendations to the Kantara Initiative Management Board regarding the development and operation of an assessor accreditation program to advance the adoption of the IAF that would serve to foster inter-federation deployments on a global scaleRelying Party Guidelines (Q1, 2010)

Note: Estimated completion dates accompanying each deliverable are subject to change.

(6) LEADERSHIP: Proposed WG Chair and Editor(s) (if any) subject to confirmation by a vote of the WG Participants.



The IAWG will have the following roles:

  • An IAWG Chair - A single individual will hold this role. Its responsibilities are: provide overall coordination, administrative oversight, public representation and decision-making ability over certain topics. This position will be elected by the members of the group in accordance with the Kantara Initiative Operating Procedures and ByLaws. The initial election for all leadership positions should be called approximate 2 weeks after the Leadership Council approves the charter so membership quorum is gathered.
  • IAWG Vice Chair - There should be a minimum of two, to lead specific areas within the work group as scoped by the Chair. The Vice Chair will be responsible for successful completion of work and deliverables within the specific scope of the area of focus. The initial requirement is a Vice Chair of Technology (to ensure quality review and feedback to the IAF from a technical "implement-ability" perspective and facilitate appropriate liaisons with outside technical groups) and a Vice Chair of Policy (to ensure quality review and feedback to the IAF and facilitate appropriate liaisons with outside policy groups).
  • IAWG task leader - There could be as many of these leaders as deemed appropriate by the group in order to complete specific tasks. These roles will be held by volunteer group members, appointed by either the chair or vice-chair under which the particular tasks falls. The IAWG leader will lead specific tasks or deliverables within the work group. The task leader is responsible for successful completion of work and deliverables assigned. Examples: specific documents within the IAF set, such as the Relying Party Guidelines, attribute level identity assurance. No pre-defined terms, the duration of service is driven by the focus of the task.

Note: During the transition phase of the Liberty Alliance Identity Assurance Expert Group (IAEG) into IAWG, Frank Villavicencio, current member of IAEG and registered member of Kantara Initiative, will act as the primary liaison and point of contact for the Leadership Council.

(7) AUDIENCE: Anticipated audience or users of the work.

  • Identity Credential Service Providers
  • Federation Operators
  • Relying Parties
  • Policy Makers (National Government and State Services Organizations)
  • Accreditation AssessorsAssessors
  • International standards development organizations focused on identity management
  • Industry consortia and communities of interest focused on either a specific identity management technology or an industry segment building recommendations for identity management best practice

(8) DURATION: Objective criteria for determining when the work of the WG has been completed (or a statement that the WG is intended to be a standing WG to address work that is expected to be ongoing).<INSERT TEXT> The Kantara Initiative Leadership Council charters the Identity Assurance Work Group for five years. It

The IAWG is chartered to be an ongoing Work Group of Kantara Initiative to maintain the Recommendations it produces over time. Its charter may be amended from time to time, with changes approved by the Leadership Council. This charter will expire on <INSERT DATE>.

(9) IPR POLICY: The Organization approved Intellectual Property Rights Policy under which the WG will operate.

Kantara IPR Policy - Option Liberty

(10) RELATED WORK AND LIAISONS: Related work being done in other WGs or other organizations and any proposed liaison with those other WGs or organizations.

Part of the mission and goal of IAWG is the harmonization and collaboration with other industry and standards organizations that have synergy with the concept of identity assurance. Therefore, it is integral to the success of the group, that it maintains active communications, collaboration, contribution and liaison with groups including but not limited to:

  • Industry Consortia: ICF, OIDF, and OASIS
  • ISO SC27
  • ITU-T SG17
  • ANSI IDSP (Identity Proofing Standards)
  • Healthcare Information and Management Systems Society (HIMSS)
  • InCommon
  • TERENA - Trans-European Research and Education Networking Association
  • Kantara work groups: Concordia, Identity Assurance Interoperability, Privacy & Public Policy, Consumer Identity, Healthcare Identity Assurance, etc.
  • Kantara Identity Assurance Review Board

(11) CONTRIBUTIONS (optional): A list of contributions that the proposers anticipate will be made to the WG.

  • Identity Assurance Framework Set (Liberty IAEG)
  • Identity Assurance Framework - Read Me (Liberty IAEG)

(12) PROPOSERS: Names, email addresses, and any constituent affiliations of at least the minimum set of proposers required to support forming the WG.

  • Myisha Frazier-Mcelveen, CitiGroup
  • Rich Furr, SAFE Bio-Pharma
  • Nigel Tedeschi, British Telecom
  • <insert>
  • <insert>
  • <insert>Frank Villavicencio, NetStar-1