On our two February calls (2/2 and 2/9), we discussed the US government's Open Identity initiative, also known as the Identity Credential and Access Management (ICAM) initiative, in which the government wants to use OpenID and Information Cards issued by non-government Identity Providers to citizens for access to government websites. These initial government apps are low assurance, LOA-1 apps, meaning that no identity proofing is required for issuance of credentials, and authentication can be accomplished via username and password.
However, the real challenge is high assurance digital identities for consumers. There are many issues that would come into play on the path to widespread adoption of high assurance digital identities by consumers. In my discussions with some of the ICAM folks it was suggested that a useful output of this WG would be a better understanding of what those might be, together with some recommendations that might help facilitate high assurance consumer identity. That's a tall order, but it's consistent with the purpose of the Consumer Identity WG as stated in the Charter .
A key enabler of wide adoption and use of digital identities by consumers is the deployment of trust frameworks that enable Service Providers/Relying Parties to trust and accept digital credentials issued by Identity Providers. Recently the Kantara Identity Assurance Framework was provisionally accepted by ICAM to support the needs for trust between IdPs and government SPs/RPs, as was the trust framework put forth by the recently formed Open Identity Exchange. One of the things that's needed is a better understanding of how these trust frameworks may need to change in order to support high assurance consumer applications involving a variety of non-government SPs/RPs.
I've become convinced that the only way that this WG will be able to accomplish any of this is to: (a) put together a workplan/proposal that describes in sufficient detail what problem we are trying to solve, and what kinds of output we are hoping to produce, and (b) use this workplan/proposal to obtain funding from any sources interested in the problem and willing to provide funds to support the effort. In particular, I envision that, as a self-employed independent and WG Chair, some of this funding would go to support my efforts to organize this work and help carry it out. Additionally, although other Subject Matter Experts might be available from Kantara member organizations and Trustee companies, we would likely need funds to obtain additional resources to support the effort. This could include things such as: market research reports or other research reports, surveys, and consulting with outside experts as needed.
The role that I envision for the WG is primarily to act as a sounding board and review panel as the work goes forward. That is, I'd expect WG members to help review and comment on drafts of documentation that others produce. Despite the fact that the work of Kantara WGs is supposed to be carried out by "volunteers", I just don't foresee that the kind of effort I'm proposing here can realistically be accomplished by volunteers.
So that's my plan, and I'd like to get your input. Do you think this is viable, desirable, useful, or what? Do you have any other thoughts or suggestions for a work program that can get funding and that can address the goals of high assurance consumer identity? To get started defining a proposal for funding such a work program, I've put together some initial ideas here . This needs to be organized into a coherent proposal. So please look this over, and we'll discuss further on the call.
The discussion centered around whether the WG should formulate a proposal for funding the kind of work that was described in the Agenda above, and what the proposal should contain. There was general agreement that a proposal would make sense, and that the initial topics referenced in the Agenda were reasonable to include. An additional topic that was mentioned for possible inclusion was the issue of redress; that is, what happens when a consumer has a complaint about the handling of his/her identity information, or about an identity assertion that references his/her identity. There was further discussion about some of the issues that will affect deployment of high assurance digital identities for consumers; in particular, the need for a business case that addresses the needs of consumers as well as service providers/relying parties and identity providers.
We also talked about some potential sources of funding, including vendors of authetnication technologies, various governmental entities, consumer groups, as well as potential services providers / relying parties, and identity providers. However, no specific sources of funding were identitied that participants believed might be most likely to want to support this effort.
Bob P. will continue to reach out to potentially interested parties to gauge their interest. The WG will convene again when sufficient progress has been made on defining a proposal, or when additional work items have been identified, to warrant further discussion.
NOTE: Do not follow the code with a "#" symbol as it may cause the code not to be recognized.