Last month I mentioned how governments around the world are announcing plans to bring in legislation regarding digital identity , within a few weeks (even days!) of each other. So So, when I was asked by Think Digital Partners to write a piece as part of my role there on its Advisory Board, I chose to write about this topic. It It is quite intriguing, in one sense, given just how close these announcements are to each other. But, in another sense, it is understandable. In In that post, I talk about why that might be, as well as share the scope of planned legislation to the extent of my knowledge. My My observations are broadly restricted to the 'five nations' common law countries not only because I am most familiar with them, but also three of the five are Kantara members. You You'll hear more on that subject this coming week!
I do think, however, that there is a an emerging pattern emerging here. Kantara Kantara has a highly reputable, globally recognized assurance program for accrediting assessors and approving that applicant service providers' solutions to be are conformant with a given standard - NIST SP 800-63-3 being most sought after in recent times. COVID COVID-19 has put the spotlight on the need for more digital interaction with government by its citizens and with consumers more broadly. Digital Digital identity is fundamental to addressing those interactions, especially if they are higher risk transactions for payments etc from Government. Ergo Ergo, public sector interest in Kantara. That's my theory anyway, but I'd welcome your view! This This circle of interdependence is something that the Board recognizes too, as members will see in the next couple of of months when its review, and refresh, of Kantara's strategic direction and priorities are presented for wider review and comment.
Remember also that Kantara is structured so as to enable its community working group groups and discussion group support for its Assurance Programs. Not all projects groups to act as the steward for the frameworks and associated assessment criteria for conformance to standards within those frameworks. While not all projects, from all groups, lean this way, but where when they do, great synergy can be achieved. For For example, the IAWG develop the assessment criteria and is , which is comprised of experts from the private, public and Higher Ed Education sectors as well as individuals and accredited assessors. And all the working groups have the potential to act as steward for the frameworks and the assessment criteria for conformance to standards within those frameworks, just as the IAWG does for the Identity Assurance Framework. Alongside developing submissions to calls , develop the assessment criteria for Kantara’s Identity Assurance Program. Alongside developing submissions to requests for contributions on digital identity-related matters as part of its Kantara’s global civic duty, it IAWG also develops the assessment criteria needed for the accredited assessors to consistently assess and report their findings for on applicant service provider solutions. To
Toward these dual ends, the IAWG has had a huge few months. Firstly Firstly, in relation to NIST SP 800-63-3, the IAWG developed criteria for 63C , (FAL2 and FAL3), and as well as the level 3 criteria for 63A (IAL3) and 63B , IAL3 and (AAL3) that are coming to the end of their All Member Ballot period. Thanks to ID.ME for its sponsorship of this effort. (NOTE BENE: If you are the primary representative of your organization, or an individual member, please do your duty to the community by abiding by the email sent to you and casting your vote on this important work). Secondly Secondly, last week the IAWG completed and submitted its input to the open public consultation is on the European Union's eIDAS regulation. Some of the response was submitted as a response to an online questionnaire (which we can't link to) but our additional responses to in support of the online questionnaire is here. Thank you individual contributor member Mark King for leading the active, and animated discussion at meetings and on the list regarding this, and to Staff (Ruth) who took it on the final path to submission.
I'm pleased to announce that material progress had been made on the long-waited Kantara mDL Discussion Group. Kantara Kantara Individual Contributor member John Wunderlich successfully proposed a Charter to the Leadership Council. This DG - actually called the 'Privacy & Identity Protection in mobile driving license ecosystems' , the PImDL DG - will focus on rounding out the ISO 18013-5 mDL standard's privacy and security recommendations in Annex E.
I could not sign off on this blog without particular mention of Kantara's announcement last week. The news that that Kantara and SAFE Identity have entered into a non - financial, non exclusive agreement to co-market and recognize each others non-PKI and PKI Trust Marks respectively where reciprocity exists, . This news is not only foundational for the organizations themselves but also profound for the industry. For as many years as I have been in this industry (over 15 years now), I have seen continuous fragmentation and 'gold rush' self interest prevail. Collaboration amongst competitors, when it does did happen, is was usually around standardization and development of best practice in the neutral venues such as Kantara or standards setting organizations that suit multiple parties objectives. The The Kantara-SAFE collaboration is direct - a major change. By recognizing and respecting each organizations' strengths and capabilities such we both have recognized that complementing rather than competing is a rational approach. It To me it signals - at last! - that this industry is capable of removing friction for the betterment of its stakeholders and consumers and that we are here, in this ecosystem, to serve.