[KI-LC] Kantara Support For A National Identity Verification Standard??

Colin Wallis Colin.Wallis at dia.govt.nz
Thu Jun 24 18:20:03 EDT 2010


Thanks Bob

Some comments inline after further thought following the LC call.

Cheers
Colin

From: Bob Pinheiro [mailto:kantara at bobpinheiro.com]
Sent: Tuesday, 22 June 2010 3:54 p.m.
To: Colin Wallis
Cc: Kantara Leadership Council Kantara; Kantara Staff list
Subject: Re: [KI-LC] Kantara Support For A National Identity Verification Standard??

Colin,

If I'm not mistaken, OMB0404 only addresses the four assurance levels; it's NIST 800-63 that specifies criteria for identity proofing at the various assurance levels.  But that document was strictly intended only for US government relying parties.  There has been discussion in IAWG about how to do identity proofing when different jurisdictions are involved, so I guess there really is no standard.
<<CW: Well, I think you characterize OMB0404 a little too simply, since the approach to risk is the fundamental basis that drives the subsequent identity proofing and credential issuance/usage processes, but no matter. And while you are technically correct regards NIST, I would contend that is has become a de facto standard, since so many other jurisdictions have copied it or have profiled it.  I am really pleased IAWG has had the discussion about Id proofing when different jurisdictions are involved because they are absolutely right. No pan jurisdiction federation can take place until there is sufficient trust amongst governments that their respective identity proofing processes are up to scratch. So while the eGov WG has the eGov Profile for SAML sufficiently constrained to see pan jurisdiction federation possible at the interop level technically, it may languish for some years waiting for the ID proofing process side to catch up, because id proofing becomes the weakest link in the chain.>>

I understand that the goal is to develop an ANSI standard for identity verification, but there may also be much international interest as well.  Whether that would translate into a further effort to develop some sort of international standard, I can't say.
<<CW: It certainly is a worthy goal, but international adoption/interest may be better achieved by using an international forum in which to develop it.  And let's not kid ourselves. It will be darn difficult because different jurisdictions have different breeder/authoritative documents. But with sufficient mapping, it may be possible.  So if ANSI is going to start with the US situation and US breeder docs but later move to an international stage, it needs to structure the standard such that it is flexible to include a different set of breeder docs from a different jurisdiction>>.

An organization can be a Sponsor at a cost of $25K per year (with no obligation to actually participate in the development of any standard), or can be a participating member expected to contribute to the work effort.  For that level of commitment, I don't know if NASPO would consider KI to be a non-profit at $1000 per year, or a trade association at $3000 per year.
<<CW: Not my call but KI's 501C 6 status should help>>

One of the motivations for this effort is the US government's (newly renamed) National Strategy for Trusted Identities in Cyberspace.  It's hard to see how you can have a "trusted identity" online without some standardized way to verify someone's identity in the first place.  On the other hand, I can see where someone's "identity" may mean different things to different types of relying parties, which may also imply different trust frameworks for different "trust communities."
<<CW: All true, and I agree with everything you say here>>.
Bob


<<CW: So KI is left in an interesting position.  In an ideal world, it would be better to bring the work to KI, or OASIS or ISO..where it is (more) politically neutral (you recall that this is what we said in our comments to the White House in the NSTIC).  So to support this effort in NASPO, we are actually not supporting our stated position. On the other hand, it may be perceived as churlish not to support the effort in NASPO, especially if we think the effort will succeed, and the outputs from this standard find their way into the IAF in future in some way shape or form.  In which case we are cutting off our nose despite our face by not supporting it.  Decisions decisions....>>

Cheers
Colin

On 6/21/2010 6:23 PM, Colin Wallis wrote:
Thanks Bob

A couple of thoughts to start us off with..

1) Is there really no standard in the US for this?  For the NZ government's Evidence of Identity standard, we relied heavily on the US Gov's OMB M 04 04. I guess one could say that's not a standard but...

2) I can see how there is a gap, in the sense that the identity proofing process in the IAF and indeed in the proposed ISO 29115 are kind of deployment profiles of this standard, if it were manifested...

3) Given KI is a global organisation, are we comfortable that we are not creating a precedent that will be impossible to continue with, (the flip side being that there is a large US influence in the IAF and 29115 so it is a worthy exception)

4) Without trying to pre-empt or pre judge any decision, is it your sense that KI might want to participate as a non-profit at $1,000 per annum?


Cheers
Colin

From: lc-bounces at kantarainitiative.org<mailto:lc-bounces at kantarainitiative.org> [mailto:lc-bounces at kantarainitiative.org] On Behalf Of Bob Pinheiro
Sent: Tuesday, 22 June 2010 9:52 a.m.
To: Kantara Leadership Council Kantara
Cc: Kantara Staff list
Subject: [KI-LC] Kantara Support For A National Identity Verification Standard??

As part of my efforts to determine whether there's any external interest in the Consumer Identity WG's project plan, I recently spoke with Tom Lockwood, who is one of the drivers of the government's National Strategy for Trusted Identities in Cyberspace, and Graham Whitehead of NASPO.  You may have seen the email and attached Call for Participation from ANSI IDSP (below), announcing that NASPO is commencing development of an American National Standard for Identity Verification.

The need for a standardized identity verification/proofing process is well known, and Tom mentioned that several people associated with Kantara (Brett, when he was ED, and Frank V. on behalf of IAWG) expressed to him that Kantara supports such an effort.  Others as well, in particular members of the financial services community, have also expressed interest.

However, the reality is that NASPO will not be able to pursue this work unless it can secure adequate funding, and also recruit enough "warm bodies" to actually participate in the effort.  Since there was some expression of interest and support by Kantara participants/members, I volunteered to find out whether this might translate into financial support, and whether anyone representing Kantara might want to participate in the actual development of the identity verification standard.

The attached Call for Participation describes the various levels of financial support that is being requested.  I'd like to propose that the question of whether Kantara can provide financial support for the development of an identity verification standard by NASPO be submitted to the Board of Trustees for their consideration.

Although I'm specifically addressing possible financial support by Kantara, NASPO would certainly be grateful for a commitment of financial support and participation by any other organization as well, including individual Kantara member organizations.

As noted below, an initial meeting of those making a commitment to this effort is planned for July 12-13 in Kansas City.  So if there is any possibility that Kantara might be able to contribute to this effort, the BoT should probably take up this matter fairly soon.

Bob

---------------------------

Bob Pinheiro

Chair, Consumer Identity WG

908-654-1939

kantara at bobpinheiro.com<mailto:kantara at bobpinheiro.com>

www.bobpinheiro.com<http://www.bobpinheiro.com>




-------- Original Message --------
Subject:

ID-V Standard Kick-Off Meeting & Call for Participation

Date:

Wed, 16 Jun 2010 10:10:03 -0400

From:

James McCabe <jmccabe at ANSI.ORG><mailto:jmccabe at ANSI.ORG>

Reply-To:

James McCabe <jmccabe at ANSI.ORG><mailto:jmccabe at ANSI.ORG>

To:

IDSP at MAILLIST.ANSI.ORG<mailto:IDSP at MAILLIST.ANSI.ORG>


Dear IDSP participants,

The purpose of this eMail is to let you know that a meeting to commence development of a national identity verification standard will take place on July 12 and 13, 2010 in Kansas City. The meeting will start at 1:00pm on Monday July 12 and end on Tuesday July 13 at 4:30pm. The meeting will be held in Pavilion 3 at the :-

InterContinental Kansas City at the Plaza
401 Ward Parkway
Kansas City, MO
64112

A block of rooms has been reserved at the hotel for the nights Sunday, July 11 through to Wednesday  July 14,  at a rate of $139.00 per night.

To make your reservation please call toll free 866 856 9717 and reference the NASPO rate (NAS), or you can book online at www.kansascityic.com<http://www.kansascityic.com> <http://www.kansascityic.com<http://www.kansascityic.com/>> and use the code NAS.

Hotel reservations should be made on or before   June 21, 2010 after which time rooms will be released for general reservations.  More information about the hotel can be found at http//:www.kansascityic.com

The required fee for participation in the development of this standard is detailed in the attached "ID-V Call for Participation"document. Individuals and organizations who wish to participate in the development process and attend this first meeting, must register to participate and commit to payment of the participation fee in advance of attendance at the meeting. Opportunities to benefit from the payment of  a sponsorship fee are also detailed in the attachment.

For further information please contact :-

Ann Whitehead
NASPO Administrator
Tel: (604) 921-9196
eMail: naspo at telus.net<outbind://54/naspo@telus.net>

Best regards,

Jim McCabe
Senior Director, Consumer Relations and IDSP
American National Standards Institute
25 West 43rd Street, 4th Floor
New York, NY  10036  U.S.A.
1-212-642-8921; Fax: 1-212-840-2298
jmccabe at ansi.org<mailto:jmccabe at ansi.org>
MARK YOUR CALENDAR:
World Standards Week 2010<http://www.ansi.org/wsweek>
September 21-24, Arlington, VA


====
CAUTION:  This email message and any attachments contain information that may be confidential and may be LEGALLY PRIVILEGED. If you are not the intended recipient, any use, disclosure or copying of this message or attachments is strictly prohibited. If you have received this email message in error please notify us immediately and erase all copies of the message and attachments. Thank you.
====


====
CAUTION:  This email message and any attachments contain information that may be confidential and may be LEGALLY PRIVILEGED. If you are not the intended recipient, any use, disclosure or copying of this message or attachments is strictly prohibited. If you have received this email message in error please notify us immediately and erase all copies of the message and attachments. Thank you.
====
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://kantarainitiative.org/pipermail/lc/attachments/20100625/afce9c3f/attachment-0001.html 


More information about the LC mailing list