Blog

Blog

IAWG Update
  • Updates to the SAC to accommodate challenges that have been encountered during assessments using NIST 800-63 Rev3 are being developed. IAWG has endorsed the proposed changes and recommended that they be adopted as “minor” updates. As such, the updates will not have to undergo a public review.
  • The IAF Overview (IAF1000) is being revised to make it more current (currently dated 2009). The IAF Glossary (IAF1100) will be the next document to be revised.
UMA WG Update
  • The Work Group welcomed the news of the RedHat Keycloak UMA2 implementation coming out of beta, and discussed some of its extensions as potential fodder for standardization. Another UMA2 implementation announcement is expected in October.
  • The Work Group is continuing its business model effort, and is now working to set up a meeting with a representative of an insurance company interested in the outlines of the new Vermont Personal Information Protection law and how UMA might be of assistance to the captive insurance market related to this law. We anticipate the major portion of our work in the fall will be dedicated to this and other concrete examples of the business model.

Presented the demo of interoperable consent receipts from the Kantara Initiative Information and Sharing workgroup at the MyData Global Network Conference in Helsinki. Five Kantara member companies got together and in under 7 weeks coded exchangeable consent receipts - potentially for management of data subject rights from a 'privacy dashboard'. Very strong positive response & many interested in getting involved.

https://www.slideshare.net/AndrewHughes6/kantara-initiative-consent-receipt-interoperability-demo-v4

eGov WG Update

eGov hosted a webinar on August 16, 2018: The Australian DTA has been working on their new Trusted Digital Identity Framework (TDIF). It is a comprehensive set of documents[1] for digital identity in Australia. It covers a range of topics from IDM, Authentication, security privacy, fraud control, etc. DTA are presenting the trust framework aspects on Thursday, August 16 at 14:00 UTC. Webinar recording will be available after the event.

https://kantarainitiative.org/events/?event_id1=8041

Progress has been slow on the primary deliverables of this WG. The overall plan is to develop a document outline to capture Consent Management common practices, develop an interview protocol and survey, then gather data from as many organizations as possible. Then, the results will be analysed for common practices and areas where standardization could help. We have renewed committments of participant time starting in September, so hope to increase the rate of progress at that time.

The WG will be presenting a demo at MyData in Helsinki on August 29, 2018. 

Over the last couple months, digi.me, OpenConsent, Consentua, Ubisecure and Trunomi have been designing and building functions into their systems to create or consume Kantara Consent Receipts. The demo concept is to show off interoperable Consent Receipts. In this first round, we show that an individual can ask for a receipt as part of a service interaction; the receipt given to that person and then viewed in a viewer of the person's choosing. The accompanying presentation and discussion will cover how the receipt fits into exercising individual data rights as set out in GDPR and other privacy regulations. This is a great opportunity to showcase Kantara members at an international conference.

UMA WG Update
  • The Work Group is on a "summer time" schedule, meeting every two weeks or even less often until September.
  • We held leadership team elections; Eve and Maciej have been re-elected in the chair and vice-chair roles respectively.
  • We discussed novel solutions to the "multiple portals problem" (so-called in healthcare but applicable to other sectors), and novel ways UMA or UMA++ may be used to tackle the challenge.
IAWG Update

IAWG is currently working on the following items:

  • Developing NIST 800-63-3 implementation guidance with other members of the TFS Coordination Group; and
  • Reviewing, with the objective of updating, the Identity Assurance Framework: Overview (IAF1000) and the Identity Assurance Framework: Overview (IAF1100).
UMA WG Update
  • The business model design is now fairly solid. Chair Eve Maler presented it at the EIC conference, along with a set of "cradle-to-grave" business scenarios. Jim Hazard is proposing a specific use case to which to apply our POC efforts.
  • The group has been analyzing the Open Banking use case called "decoupled" and what it might look like if UMA were applied to it. (The MODRNA extension spec called CIBA was specially designed to solve it.) Both CIBA and UMA may potentially solve different aspects; Mike Schwartz is planning to put together a proposal that combines them.

A good turnout for the Member plenary - we talked about the strategic direction of the Group work and some work planning for 2018-2019.

2018-05-14 Member Plenary, Unterschleißheim (Munich), Germany


The Consent & Information Sharing WG approved the Consent Receipt Specification v1.1 to go forward. The Leadership Council has certified the draft to go to All-Member Ballot. 

Watch your email for the notification to vote!

IAWG Update

IAWG is currently working on the following items:

  • Developing NIST 800-63-3 implementation guidance with other members of the TFS Coordination Group;
  • Preparing comments on the recently released OMB Policy Draft; and
  • Reviewing, with the objective of updating, the Identity Assurance Framework: Overview (IAF1000) and the Identity Assurance Framework: Overview (IAF1100).
UMA WG Update
  • The Work Group has consolidated its two meeting series (Legal subgroup and main Work Group).
  • It is working in earnest on its formal "business model", which is designed to enable:
    • The auditing of technical artifacts (such as tokens) in a privacy-sensitive way during a run of the protocol to be able to prove the claimed consent/permission/delegation/licensing happened
    • How the artifacts can link out to the relevant legal devices (contracts and licenses)
    • Determining patterns of which artifacts need to be dissolved (e.g., tokens to revoke) and then remade (issued) to serve various complex business use cases
  • It is also considering potential protocol extensions.
  • The draft formal model was presented at IIW 26, which evinced some interest.
IAWG Update
  • The SAC developed to meet the requirements expressed in NIST SP800-63 rev 3 are currently undergoing an all member vote which closes March 19, 2018. We are on schedule to meet the NIST deadline of March 21st.
  • IAWG has approved a repackaged KIAF 1400 (current SAC) that enable parts of it to be used with the SAC it has developed for 800-63 Rev3 to enable a CSP to be granted either an 800-83 Rev 3.0 Approval or a NIST 800-63 Rev 3 Technical Approval. As the effort focused on ensuring that the changes were “immaterial changes” they do not require a public review or all member ballot.
UMA WG Update
  • The Work Group has completed a roadmapping exercise for the next year and refreshed its charter.
  • The Legal subgroup's Proposed License-Based Model paper was certified for publication by the LC and has been published on the Reports & Recommendations page.