Blog

Blog

Progress has been slow on the primary deliverables of this WG. The overall plan is to develop a document outline to capture Consent Management common practices, develop an interview protocol and survey, then gather data from as many organizations as possible. Then, the results will be analysed for common practices and areas where standardization could help. We have renewed committments of participant time starting in September, so hope to increase the rate of progress at that time.

The WG will be presenting a demo at MyData in Helsinki on August 29, 2018. 

Over the last couple months, digi.me, OpenConsent, Consentua, Ubisecure and Trunomi have been designing and building functions into their systems to create or consume Kantara Consent Receipts. The demo concept is to show off interoperable Consent Receipts. In this first round, we show that an individual can ask for a receipt as part of a service interaction; the receipt given to that person and then viewed in a viewer of the person's choosing. The accompanying presentation and discussion will cover how the receipt fits into exercising individual data rights as set out in GDPR and other privacy regulations. This is a great opportunity to showcase Kantara members at an international conference.

UMA WG Update
  • The Work Group is on a "summer time" schedule, meeting every two weeks or even less often until September.
  • We held leadership team elections; Eve and Maciej have been re-elected in the chair and vice-chair roles respectively.
  • We discussed novel solutions to the "multiple portals problem" (so-called in healthcare but applicable to other sectors), and novel ways UMA or UMA++ may be used to tackle the challenge.
IAWG Update

IAWG is currently working on the following items:

  • Developing NIST 800-63-3 implementation guidance with other members of the TFS Coordination Group; and
  • Reviewing, with the objective of updating, the Identity Assurance Framework: Overview (IAF1000) and the Identity Assurance Framework: Overview (IAF1100).
UMA WG Update
  • The business model design is now fairly solid. Chair Eve Maler presented it at the EIC conference, along with a set of "cradle-to-grave" business scenarios. Jim Hazard is proposing a specific use case to which to apply our POC efforts.
  • The group has been analyzing the Open Banking use case called "decoupled" and what it might look like if UMA were applied to it. (The MODRNA extension spec called CIBA was specially designed to solve it.) Both CIBA and UMA may potentially solve different aspects; Mike Schwartz is planning to put together a proposal that combines them.

A good turnout for the Member plenary - we talked about the strategic direction of the Group work and some work planning for 2018-2019.

2018-05-14 Member Plenary, Unterschleißheim (Munich), Germany


The Consent & Information Sharing WG approved the Consent Receipt Specification v1.1 to go forward. The Leadership Council has certified the draft to go to All-Member Ballot. 

Watch your email for the notification to vote!

IAWG Update

IAWG is currently working on the following items:

  • Developing NIST 800-63-3 implementation guidance with other members of the TFS Coordination Group;
  • Preparing comments on the recently released OMB Policy Draft; and
  • Reviewing, with the objective of updating, the Identity Assurance Framework: Overview (IAF1000) and the Identity Assurance Framework: Overview (IAF1100).
UMA WG Update
  • The Work Group has consolidated its two meeting series (Legal subgroup and main Work Group).
  • It is working in earnest on its formal "business model", which is designed to enable:
    • The auditing of technical artifacts (such as tokens) in a privacy-sensitive way during a run of the protocol to be able to prove the claimed consent/permission/delegation/licensing happened
    • How the artifacts can link out to the relevant legal devices (contracts and licenses)
    • Determining patterns of which artifacts need to be dissolved (e.g., tokens to revoke) and then remade (issued) to serve various complex business use cases
  • It is also considering potential protocol extensions.
  • The draft formal model was presented at IIW 26, which evinced some interest.
IAWG Update
  • The SAC developed to meet the requirements expressed in NIST SP800-63 rev 3 are currently undergoing an all member vote which closes March 19, 2018. We are on schedule to meet the NIST deadline of March 21st.
  • IAWG has approved a repackaged KIAF 1400 (current SAC) that enable parts of it to be used with the SAC it has developed for 800-63 Rev3 to enable a CSP to be granted either an 800-83 Rev 3.0 Approval or a NIST 800-63 Rev 3 Technical Approval. As the effort focused on ensuring that the changes were “immaterial changes” they do not require a public review or all member ballot.
UMA WG Update
  • The Work Group has completed a roadmapping exercise for the next year and refreshed its charter.
  • The Legal subgroup's Proposed License-Based Model paper was certified for publication by the LC and has been published on the Reports & Recommendations page.
IAWG Update
    • IAWG is reviewing and responding to the comments received from the Public and IPR review of the SAC developed to meet the requirements expressed in NIST SP800-63 rev 3. The comments are, for the most part, aimed at the requirements expressed in NIST document. The Disposition Log and Documents are being revised so they can be submitted for LC’s approval for a two-week all-member ballot. We are on schedule to meet the NIST deadline of March 21st.
    • IAWG is also repackaging KIAF 1400 (current SAC) to enable parts of it to be used with the SAC it has developed for 800-63 Rev3 to approve CSPs. The effort is focused on ensuring that the changes are viewed as “immaterial changes” so that they do not require a public review or all member ballot.


CIS WG Update

The Consent and Information Sharing WG is currently processing comments received during the Public Review of the Consent Receipt v1.1 specification. We expect to have this finished by the end of February, then on to all-member ballot in March 2018.

The Consent Management Solutions WG will have its first WG call Wednesday February 21 2018 at 15:00 GMT / 10:00 Eastern / 7:00 Pacific. Chair Corné and Vice-Chair Julian will present the overall plan, initial work packages list and schedule. Please join us!

UMA WG Update
  • Now that Kantara has published the UMA2 Recommendations (for which a formal press release and a blog post are under way), the Work Group has (finally) begun discussing refreshing its charter to reflect the next phase of its work. This is likely to include the ongoing legal/business/trust efforts, potential work items around extensions, and promoting adoption and interoperability.
  • The Legal subgroup (which may take on a revised name) has voted to approve its first Draft Report and submit it to the Leadership Council for certification for publishing. This report describes "how the UMA protocol enables a license-based model for controlling access rights to personal digital assets".