- Efforts underway to revitalize the Kantara IAF to accommodate release 3 of NIST SP800-63
- Still working with IDESG on operationalizing the use of Kantara approval of a CSP for the CSP to self assert to the IDESG
Slow summer, we had very few meetings. Currently working on the JSON-LD vocabulary for SAML.
In the past we had looked at blockchain technologies as a solution for publishing federation data, but we got bogged down on the logistical details-- for example, which blockchain, what is the business model, how would we publish claims. Sovrin maybe provides some of the answers to this question. More information about Sovrin can be found at http://sovrin.org. The design of OTTO aligns nicely with Sovrin. We are using JSON-LD as the data format, and the API's defined in OTTO could be used as Sovrin data endpoints.
The DHS ERASMUS pilot, which has been a driver for OTTO, is currently in limbo. The ERASMUS team will be presenting the work to the DHS first responder S&T group for December 7th. That is seen as a necessary gate for Phase II of the project.
Mike will be presenting OTTO at an Internet2 conference right before IIW.
- The Work Group completed its process of disposing of all comments received since the beginning of the Public Comment and IPR Review period, and subsequently successfully held an electronic ballot as follows: "Having disposed of all Public Comment/IPR Review period comments, approve UMA 2.0 Grant rev 08 and FedAuthz rev 08 as Draft Recommendations and forward them, with reference to the UMA 2.0 Disposition of Comments, to the Kantara Leadership Council to request their certification and determination of their next step towards finalization as Recommendations." The Disposition of Comments records 37 comments (not corresponding precisely to the number of GitHub issues, which was 28). No IP claims were received. The preponderance of the edits made to the specifications were editorial. As noted in the Disposition of Comments, there were five technical changes, described thusly: "The technical changes fall into two categories: Reintroducing UMA1 design elements (items 2 and 5) and tracking existing OAuth design elements (items 1, 3, and 4) -- the latter aligning with one of our key roadmap design priorities ("simplify the protocol and make it work more like OAuth")."
- The Legal subgroup's deliverable #3, has been completed and posted on the Legal mini-site. The subgroup will begin work on a single short, comprehensive framework document and then initial tools during Q4.
Please add your own rows!
** : indicates that there is a Kantara Member discount code available
|Conference||Location||Dates||Call for Speakers|
|IIW XXV||Mountain View||October 17-19, 2017||n/a|
|Identity North West **||Vancouver||November 7, 8, 2017||Open now|
|Consumer Identity World Europe **||Paris||November 27-29, 2017||Kantara workshop|
|Consumer Identity World APAC **||Singapore||December 12-14, 2017||Kantara workshop|
|TIIME 2018||Vienna||February 7-8, 2018||n/a|
|KnowIdentity 2018||Washington||March 26-28, 2018||September 22, 2017|
|IIW #XXVI||Mountain View||April 3-5, 2017||n/a|
|RSA 2018||San Francisco||April 16-20, 2018||September 28, 2017|
|Internet2 Global Summit 2018||San Diego||May 6-9, 2018||TBD|
|EIC 2018||Munich||May 15-18, 2018||January 15, 2018|
|Identiverse 2018||Boston||June 24-27, 2018||TBD|
• Preparing to support efforts to revitalize the Kantara IAF to accommodate release 3 of NIST SP800-63
• Still working with IDESG on operationalizing the use of Kantara approval of a CSP for the CSP to self assert to the IDESG
- The Work Group has been discussing the issues (editorial or the moral equivalent so far) that have come in during its Draft Recommendations' Public Comment and IPR Review period. That period ends on Wednesday, July 12 at 11:59 UTC. We have also been requesting IANA registration of various specification artifacts, since the specifications are now presumed to be technically stable. NOTE: If, as anticipated, the Work Group is able to approve final Draft Recommendations for balloting in its July 13 meeting, we will seek Leadership Council certification preparatory to All-Member Balloting in the LC's July 19 meeting (or an e-ballot as soon as practicable thereafter).
- The Legal subgroup has continued working with Tim Reiniger on its legal framework. The final deliverable of three to be produced by Tim is slated to be done soon. It will include a mapping of defined UMA party roles to licensing roles and privacy-legal concepts. We have begun discussing who from the legal world may be interested to review this work. (These three deliverables may serve as input to additional written deliverables by the Legal subgroup on the subject of the legal framework, beyond the envisioned "toolkits".)
We are at the mid-point of 2017 now: time for a quick update on initiatives related to the Groups side of Kantara.
- At the Board of Directors strategic development meetings in 2017, a new Kantara mission statement was developed and approved:
The Kantara Initiative is the global consortium improving trustworthy use of identity and personal data through innovation, standardization and good practice.
- Breaking this mission down to its core assertions, one can see that the Leadership Council and the Groups we lead are embodying and advancing the mission.
- "Global Consortium": Kantara group participants are Kantara members and non-member participants from around the globe. This brings fruitful contrasting views to solving problems and developing consensus publications.
- "Trustworthy use of Identity": Many of the Kantara Groups are working on digital identity topics: Identity Assurance, Identity Relationship Management, ID Pro
- "Trustworthy use of Personal Data": UMA, Consent and Information Sharing and other Groups being formed in the second half of 2017
- "Innovation": Lots of ground-breaking development of concepts and specifications - Kantara Groups are open participation and intended to foster innovation with low barriers to participate
- "Standardization": Group publications feed into the Kantara Conformity Assessment Program. Organizations are able to undergo 3rd party certification that they fulfill the requirements of Identity Assurance standards. By the end of 2017, Kantara plans to have additional Conformity Assessment Schemes available for 1st party attestation and 3rd party certification, initially focused on Privacy Notice and Consent processes.
- "Good Practice": Kantara Groups provide the platform for technical communities to assemble and develop consensus publications of good practice in their interest area. The organizational processes of Kantara are able to take these statements of good practice into standards publications and through to Conformity Assessment and certification.
- In the first half of 2017, our Groups have been finalizing and publishing Reports and Recommendations for public consumption:
- SAML v2.0 Implementation Profile for Federation Interoperability
- Consent Receipt Technical Specification Recommendation v1.0
- Refining the Design Principles of Identity Relationship Management v2.0f
- Report from the Blockchain and Smart Contracts Discussion Group to the Kantara Initiative
- UMA 2.0 Grant for OAuth 2.0 Authorization
- Federated Authorization for UMA 2.0
- The net result is a noticeable uptick in interest in Kantara's ID Assurance Conformity Assessment Program and increased interest in Kantara membership.
- All of which is fulfilling one of the informal primary objectives of the Leadership Council: to cause interesting work to happen and be published for the good of the broader digital identity and personal data community.
Please spread the word and invite your colleagues to participate - we always need bright sparks to engage and use Kantara to achieve their goals - it's the power source for the engine!
Have a good summer!
Andrew Hughes, Kantara Leadership Council Chair
Director's Update 2017: May has the latest updates on activity at Kantara, new members and events
- The co-editors have completed copyedits on the BSC DG Report. They have been discussing a timeline on which they can present it to the LC and Board at the latters' convenience.
After a few busy months, the WG is proud to report that the Kantara Initiative Recommendation "Consent Receipt Specification v1.0" has been approved by all-member ballot and is now available for download.
Many thanks to the contributors and editors in achieving this milestone.
The WG is focused now on addressing outstanding comments and issues discovered by implementers. We are adopting an agile-style work approach for the next 6 months of work: a backlog of work items has been created in github; the issues are prioritized and scheduled into a defined 'sprint'; a regular process has been established to accept contributions for a sprint, apply Editor changes, discuss in the WG and approve the new text. We hope this regular approach will allow the contributors to focus on content instead of managing process.
Work has also begun to create specific guidance and parameter values for GDPR-aligned implementations. There is much interest in Europe for such guidance and we hope that Kantara will be a focus point for heavy activity over the next year as companies deal with GDPR compliance.
For those of you attending the myData conference at the end of August in Helsinki, expect to see a strong Kantara contingent there.
- Submitted comments to NIST on new release of the base SP800-63 rev3 base document
- Working with IDESG on operationalizing the use of Kantara approval of a CSP for the CSP to self assert to the IDESG
- Developing new release of IAWG Wiki
Several WG and DG Recommendations and Reports in the pipeline right now:
- Consent Receipt at All member ballot stage
- UMA a couple weeks away from bringing Draft Recommendation to LC for sending to all member ballot
- BSC finalizing Report soon
- IRM Draft Report nearing balloting stage
- eGov Draft Report on RP Code of Conduct nearing balloting stage
- Fed Interop Draft Technical Specification nearing balloting stage
- The editors have been fleshing out the remaining elements of the Report. The group has not been meeting in the meantime, but has been commenting actively. The group is holding a meeting on Thursday, April 13 to discuss and review the Report and see what final actions need to be taken and sections need to be written before publishing the Report and closing the group.
- The "WG last call" period, an informal four-week review period designed to draw attention to the WG drafts and invite group participation for draft finalization, ended on Tuesday April 11. The group has begun fielding issues received during this time. A couple of issues in particular worth mentioning have to do with spec modularity and applicability to the rest of the OAuth architecture (and its practitioners). By approximately April 20, the group will be in a position to consider a concrete proposal for spec refactoring. Since this is a potentially big revision, the group's vote to start the Public Comment period – which could theoretically have taken place as early as April 17 barring this proposal – might take place a couple of weeks later, pushing out other dates as well.
- The UMA Legal subgroup wrapped up review on deliverable #1 and will begin analyzing draft deliverable #2 (of three) this week. As a reminder, these outputs are intended to bridge the technical aspects of UMA and the legal and contractual worlds in a terminological and conceptual sense, informed by real-world use cases, guiding our subsequent development of legal tools that can help to accelerate UMA's adoption in ways that are privacy-protective.