Blog

HIAWG Update
  • Prepared and approved a draft report entitled Healthcare Design Guidelines which is currently undergoing approval by Leadership Council.
ISI WG Update


We are pleased to inform the Board of the successful creation of the Information Sharing Interoperability Work Group (ISI WG), continuing and expanding on the work previously accomplished in the Consent Information & Sharing Work Group.
The Group successfully archived the Consent Information & Sharing Work Group (CIS WG). ISI WG is expanding new concepts and information flows towards record-keeping control and management for both the service provider side and the individual side of information sharing between two or more entities.
ISI WG has organized into several project teams, working on specific solutions to accomplish expanded goals. The WG has taken the current Consent Receipt (CR) specification version 1.1 and will be developing and clarifying fields and field definitions aligning them with other standards, which have emerged since the CIS WG inception.
The project teams are working around specifications for Notice and Consent, the manifestation of consent using standard definitions and labels. Information sharing through two mechanisms, profiles individuals create and use to proffer the information to others called Standard Information Sharing Agreements. Intent Casting, whereby individuals can infer an intent for suppliers to quote a value exchange, often referred to as a deal or trade. These two projects and the output specifications created contribute to the concept of a Personal Data Use Records (PDR) framework.
The PDR Framework publication will be contributed through Kantara's official liaison agreement with ISO SC 17/WG 5 "Identity management, privacy technologies and biometrics" into the new ISO 27560 standards project "Consent Record Information Structure" which will be led by Kantara members.
ISI WG continues our outreach and awareness efforts at industry events and conferences. Following on our success at Identiverse 2019, we have secured a masterclass session at Identiverse 2020 in June where we will showcase progress in the specification publications and implementations by members.

FIRE WG Update

The FIRE WG has continued to meet and is collaborating with the HIAWG and IAWG. Recent work has focused on health care use cases aligned with the activities of the Office of the National Coordinator (ONC) and the Trust Exchange Framework Common Agreement (TEFCA). In particular the FIRE WG has established a set of draft requirements https://wiki.idesg.org/wiki/index.php/High_Assurance_ID_Token#ID_Token  and scope for high assurance tokens. We have created a sandbox open to all Kantara WGs, detailing a test suite that will allow developers of code and user experience to assure the compliance of their products to the  Health Care Profile of the basic framework.

The FIRE WG representative to the Kantara Initiative Education Foundation (KIEF) also provided an update to the KIEF Board on the intention of the FIRE WG to seek funding to support the pursuit of a grant to:

UMA WG Update
  • The Work Group has consolidated and revamped its meeting schedule so that we're meeting only on alternate Thursdays.
  • We recently discussed a forthcoming contributions from company IDENTOS of an UMA extension that ties in self-sovereign identity technologies and concepts. We'll take a look and consider whether it's something worth standardizing within the group.
  • We are also once again discussing how to set up an interop testing environment.
IAWG Update
  • Provided input to UK Government Digital Services on their GPG44 (Using authenticators to protect an online service).
  • Provided input to DIACC on the Organization component of the Pan Canadian Trust Framework.
  • Preparing input to DIACC on the Individual and Privacy components and the Glossary of the Pan Canadian Trust Framework.
  • Preparing guidance for the Classic Class of Approval Service Assessment Criteria to reduce the risk of phishing attacks.
  • Developing Service Assessment Criteria for NIST 800-63Rev3 Federation Assurance Level 2 (FAL2) Requirements.
IAWG Update
  • The IAF Overview was approved by an All Member Ballot and will be published shortly.
  • IAWG is preparing a response to the Digital Identification and Authentication Council of Canada’s (DIACC’s) call for comments on the second version of the Verified Login Component of the Pan Canadian Trust Framework (PCTF).
  • Kantara Initiative members identified a number of instances where interpretation of SP 800-63 rev.3 requirements has proven to be challenging. In response to these challenges, IAWG developed five Implementation Guidance Reports and submitted these comments to NIST. NIST provided a response and has held several discussions with IAWG to clarify and discuss how these shortcomings can be addressed by Kantara. Based on these discussions IAWG will,develop modifications or guidance concerning its current SAC.
IAWG Update
  • The IAF Overview was approved by LC and is currently undergoing an All Member Ballot.
  • IAWG submitted a response to the UK Department of Digital, Culture, Media and Sports (DCMS) Call for Evidence on Digital Identity.
  • Kantara Initiative members identified a number of instances where interpretation of SP 800-63 rev.3 requirements has proven to be challenging. In response to these challenges, IAWG developed five Implementation Guidance Reports and submitted these comments to NIST. NIST provided a response and has held the first of several discussions with IAWG to clarify and discuss how these shortcomings can be addressed by Kantara. Based on these discussions IAWG will,develop modifications or guidance concerning its current SAC.
HIAWG Update
  • The HIAWG Charter has been approved by LC.
UMA WG Update
  • In the business-legal framework work stream, the Work Group is editing a document as a companion for the draft Report previously published. Notes, status, and links can be found on this page.
  • The technical work stream does not have many active work items at present, but the Work Group is about to analyze the transactional/rich authorization IETF drafts.
IAWG Update
  • IAWG received comments on the IAF Overview during the 45 day All Member and IPR Review. These comments have been considered and, where appropriate, updates to the document have been made. The document is going to LC for approval shortly.
  • IAWG is preparing comments for DIACC (Digital Identification and Authentication Council of Canada) on the Privacy Component and the Privacy Conformance Criteria of their Pan Canadian Trust Framework (PCTF).
  • IAWG is preparing a response to the UK Department of Digital, Culture, Media and Sports (DCMS) Call for Evidence on Digital Identity.
  • Kantara Initiative members identified a number of instances where interpretation of SP 800-63 rev.3 requirements has proven to be challenging. In response to these challenges, IAWG developed five Implementation Guidance Reports. IAWG submitted these comments to NIST requesting that they review the reports and provide feedback as to the correctness of Kantara’s interpretation and therefore of its recommended action(s). It should be noted that, in the interests of progressing adoption and encouraging provision of services which meeting the requirements of SP 800-63 rev.3, Kantara has adopted and is already applying the recommendations.
UMA WG Update
  • The Work Group has decided how to proceed on its UMA2 IETF Internet-Drafts, which are expiring next week. The current plan is to proceed with an "independent submission" and see Informational RFC status for the drafts, which we anticipate would enable the Kantara Recommendations to be published as RFCs in substantially similar form.
  • The business-legal framework effort has produced a draft state diagram reflecting how real-world changes or transitions in the situations of a data subject and/or resource rights administrator could change the number of either of them. The Work Group is still working on this. More to come in this work stream, possibly including multiple state diagrams reflecting different kinds of such transitions, for different legal parties in the UMA ecosystem. These (relatively) simple diagrams map to many different real-world scenarios.
IAWG Update
  • IAWG received comments on the IAF Overview during the 45 day All Member and IPR Review. These comments are being considered for making changes to the document.
  • Kantara Initiative members identified a number of instances where interpretation of SP 800-63 rev.3 requirements has proven to be challenging. In response to these challenges, IAWG developed five Implementation Guidance Reports. IAWG submitted these comments to NIST requesting that they review the reports and provide feedback as to the correctness of Kantara’s interpretation and therefore of its recommended action(s). It should be noted that, in the interests of progressing adoption and encouraging provision of services which meeting the requirements of SP 800-63 rev.3, Kantara has adopted and is already applying the recommendations.
IAWG Update


  • IAWG approved the IAF Overview and it is undergoing a 45 day All Member and IPR Review. This document combines the current IAF Overview (IAF1000) and the IAF Glossary (IAF1100) into a single document.


IAWG Update
  • Work continues on overhauling the IAF Overview which will combine the current IAF Overview (IAF1000) and the IAF Glossary (IAF1100) into a single document. The new document will also be the IAF Overview but will have a new number IAF1050 to reflect that it is a combination.
UMA WG Update
  • The Work Group's chair and vice-chair presented the specifications to the OAuth group (remotely) at the IETF 104 meeting in Prague and several other UMA2 stakeholders were present in the room. Discussions are ongoing with the OAuth group leadership about when and how to do a call for adoption of the documents. The UMA Work Group chair plans to do an extended in-person Q&A session IETF 105 in July in Montreal, in which there seems to be good interest.
  • A plan is moving forward for reinvigorating the business model work and publishing a second report by September.
  • Implementers are discussing how best to report out on interoperability testing work done to date at the Identiverse conference.
  • The chair is doing an UMA 101 session by request at the upcoming IIW event.
  • One or more profiles/extensions are expected to be contributed for discussion as potential work items shortly.
  • Our meeting schedule in Q2 is lightened due to its being "identity conference season".