- The work group has been reviewing the UK Pensions Dashboard profile contribution, both the contents and IPR concerns
- The work group has been discussing the FAPI project: If we can/should recommend the same security profile to implementors, and if we should contribute a UMA profile for consideration by FAPI
- The work group presented to all members during the monthly Leadership Council call. Highlighted two upcoming deployments (UK Pensions Dsahboard and an Ontario trusted account for health) and how those deployments are bringing profiles and work back to the group
- BIT Report now available and published as a KI report here: https://kantarainitiative.org/download/blinding-identity-taxonomy-pdf/
- PDUR (Personal Data Use Receipt) in the draft mode, to be contributed to the WG by AH & JA early July timeframe. The entire ISI workgroup will then begin to make comments on PDUR project calls
- IntentCasting Project is writing a primer document around IC
- Notice and Consent is on a summer projects work schedule working on several aspects of AdvCIS,
- SAC for FAL3 under Public and IPR review
- working on SAC for IAL3, AAL3, and FAL3
- comments being developed for DIACC PCTF Attributes and Relationships component
- getting started on suggestions to NIST for rev4
A few months ago the FIRE WG representative to the Kantara Initiative Education Foundation shared that the FIRE WG would seek funding to support the pursuit of a grant to:
- Establish an assurance program for high assurance tokens and applications and to that end has fine-tuned the scoop to Public Health Centers - Vulnerable Populations, an activity that would build out the proposed sandbox :
- In addition to the above, also being considered is the build out the IDEF Registry from a partially designed and functional self-attested registry (NIST funded) to a Federated IDEF-Registry on a functional trust platform with a Trust Registry that would involve three Kantara WG’s: HIAWG, IAWG and FIRE. The application would be a Kantara assets which all the WG’s could contribute too and benefit from.
- ONC and CMS has funding and a need in light of COVID -19. This was briefly discussed at the HIAWG meeting last week with Dr. Tom, Colin and me online; we agreed to have a follow up call.
- Provided input to DIACC on the Person and Privacy components and the Glossary of the Pan Canadian Trust Framework.
- Developing Service Assessment Criteria (SAC) for NIST 800-63 Rev. 3 Federation Assurance at Level 2 (FAL2) Requirements. Interacted with NIST representatives to clarify Kantara’s understanding of these requirements.
- About to commence development of IAL, AAL, and FAL SACs for NIST 800-63 Rev. 3 Level 3 Requirements.
- Awaiting request from NIST for comments and suggestions on how SP 800-63 Rev. 3 can be improved.
- The CMS WG was successfully archived and merged into ISI, where each project will include Best/Common Practices
- The IntentCasting project has begun, check the Master Calendar or ISI page calendar for details (most friday's 11:30 AM EDT)
- The draft requirements for a PDUR is moving forward and expected to be contributed to Kantara in this second quarter
- The AdvCIS continues to compile use case and further requirements to the next version of Consent Receipts while defining Notice
- The task force chartered with publishing a report on BIT is near completion with additional input from Jan Linquist using enhancing attributes with de-identifying techniques
- The Work Group continued to work on the "resource definitions profile" (the first IDENTOS profile), collecting a wide variety of use cases for it.
- The Work Group, and later an ad hoc team of interested parties, started serious work on interop/conformance testing.
- ISI WG well-formed and functioning as projects in teams in the following areas of:
- Notice and Consent
- Reviewing ver 1.1 for fixes and deep dives into new requirements and features in a version 2.0 spec
- Information Sharing Sustainability (variations on JLINC, and application layer protocol)
- Privacy-Preserving Information Sharing
- Still forming in an inviting state for other ISI members
- Launched and will have its first meeting on April 17th
- Personal Data Receipt
- Draft Primer and overview
- Framework flow diagram WIP
- Special Report to be published on BIT (Blinding Identity Taxonomy)
- Ad-hoc group of ISI members finishing a report for BIT use by governments
- Lead by Paul Knowles, John Wunderlich, Ken Klingenstein and Jim Pasquale
- Initial workplace for a Kantara Blinding Identity Taxonomy:
- 1. Preview the B.I.T. to the membership (elements plus description)
- 2. B.I.T. Report - Explanation of the B.I.T. methodology and applications - Use Cases - Schema and Profiles - The taxonomy itself - Appendices
- 3. Convert Report to a Kantara Standard/Specification
- 4. Kantara B.I.T. Assurance Service
- The Work Group has, in our last two meetings, done a fairly deep dive on one of the two IDENTOS extensions (or possibly profiles, nature to be determined). This first one focuses on interoperable resource definitions that enable an "AS-first" flow in an ecosystem where an open or common API is in use but different RS's may use different variations on a theme (originally designed for a healthcare ecosystem using FHIR). There is interest to consider this work in some fashion. Next we'll examine their AS privacy enhancement work.
- We also discussed online notarization and related use cases arising in the current global circumstances and potential relevance of UMA.
- Finally, we were updated on the AdvCIS liaison project work in the ISI WG.
- Preparing input to DIACC on the Person and Privacy components and the Glossary of the Pan Canadian Trust Framework.
- Updated criteria in the Classic Class of Approval Service Assessment Criteria to reduce the risk of phishing attacks.
- Developing Service Assessment Criteria (SAC) for NIST 800-63 Rev. 3 Federation Assurance at Level 2 (FAL2) Requirements.
- Awaiting request from NIST for comments and suggestions on how SP 800-63 Rev. 3 can be improved.
- Prepared and approved a draft report entitled Healthcare Design Guidelines which is currently undergoing approval by Leadership Council.
We are pleased to inform the Board of the successful creation of the Information Sharing Interoperability Work Group (ISI WG), continuing and expanding on the work previously accomplished in the Consent Information & Sharing Work Group.
The Group successfully archived the Consent Information & Sharing Work Group (CIS WG). ISI WG is expanding new concepts and information flows towards record-keeping control and management for both the service provider side and the individual side of information sharing between two or more entities.
ISI WG has organized into several project teams, working on specific solutions to accomplish expanded goals. The WG has taken the current Consent Receipt (CR) specification version 1.1 and will be developing and clarifying fields and field definitions aligning them with other standards, which have emerged since the CIS WG inception.
The project teams are working around specifications for Notice and Consent, the manifestation of consent using standard definitions and labels. Information sharing through two mechanisms, profiles individuals create and use to proffer the information to others called Standard Information Sharing Agreements. Intent Casting, whereby individuals can infer an intent for suppliers to quote a value exchange, often referred to as a deal or trade. These two projects and the output specifications created contribute to the concept of a Personal Data Use Records (PDR) framework.
The PDR Framework publication will be contributed through Kantara's official liaison agreement with ISO SC 17/WG 5 "Identity management, privacy technologies and biometrics" into the new ISO 27560 standards project "Consent Record Information Structure" which will be led by Kantara members.
ISI WG continues our outreach and awareness efforts at industry events and conferences. Following on our success at Identiverse 2019, we have secured a masterclass session at Identiverse 2020 in June where we will showcase progress in the specification publications and implementations by members.
The FIRE WG has continued to meet and is collaborating with the HIAWG and IAWG. Recent work has focused on health care use cases aligned with the activities of the Office of the National Coordinator (ONC) and the Trust Exchange Framework Common Agreement (TEFCA). In particular the FIRE WG has established a set of draft requirements https://wiki.idesg.org/wiki/index.php/High_Assurance_ID_Token#ID_Token and scope for high assurance tokens. We have created a sandbox open to all Kantara WGs, detailing a test suite that will allow developers of code and user experience to assure the compliance of their products to the Health Care Profile of the basic framework.
The FIRE WG representative to the Kantara Initiative Education Foundation (KIEF) also provided an update to the KIEF Board on the intention of the FIRE WG to seek funding to support the pursuit of a grant to:
- establish an assurance program for high assurance tokens and applications,
- build out the proposed sandbox https://wiki.idesg.org/wiki/index.php/Health_Care_Profile_Sandbox#Context
- further build out the IDEF registry so that it can be leveraged by the FIRE WG as well as other Kantara WGs.
- The Work Group has consolidated and revamped its meeting schedule so that we're meeting only on alternate Thursdays.
- We recently discussed a forthcoming contributions from company IDENTOS of an UMA extension that ties in self-sovereign identity technologies and concepts. We'll take a look and consider whether it's something worth standardizing within the group.
- We are also once again discussing how to set up an interop testing environment.
- Provided input to UK Government Digital Services on their GPG44 (Using authenticators to protect an online service).
- Provided input to DIACC on the Organization component of the Pan Canadian Trust Framework.
- Preparing input to DIACC on the Individual and Privacy components and the Glossary of the Pan Canadian Trust Framework.
- Preparing guidance for the Classic Class of Approval Service Assessment Criteria to reduce the risk of phishing attacks.
- Developing Service Assessment Criteria for NIST 800-63Rev3 Federation Assurance Level 2 (FAL2) Requirements.