[KI-LC] Kantara Support For A National Identity Verification Standard??

Joni Brennan joni at ieee-isto.org
Mon Jun 28 14:17:38 EDT 2010


Hi Bob,

I can summarize the status for the officers today.  They may ask that you
submit a summary and any request for the BoT to decide on.  If you could
provide that to me today I can pass on to the officers as well.  I will
also  advise of any feedback or direct actions that come out of the
discussions.

Thanks

On Fri, Jun 25, 2010 at 10:05 AM, Bob Pinheiro <kantara at bobpinheiro.com>wrote:

>  All very good questions, and I can think of others as well.
>
> However, with the first ID-V meeting coming up July 12-13 in Kansas City, I
> don't think we can wait for answers before the Kantara Trustees decides
> whether it can spend $3K to support this effort.
>
> Joni, would there be any way to put this before the BoT in an email
> request, and ask for their decision by the end of next week (July 2)?  If
> the BoT decides to support the effort, that would give someone who agrees to
> represent Kantara enough notice to make travel arrangements to attend the
> meeting.  [Who would that person be?  I'm assuming that any such person
> would be a "volunteer" and would attend the meeting at the expense of their
> own organizations.  I'm willing to attend and represent Kantara, provided
> Kantara or someone else pays my travel expenses.]
>
> The request wouldn't have to come from the LC (since no vote has been
> taken).  Could I make the request as an individual LC member?
>
> The next regular meeting of the BoT is July 8.  I think that would be too
> late to initiate a discussion, take a vote, and have enough time to find a
> Kantara representative to attend the meeting.
>
> An alternative, if the above doesn't work, is to ask if anyone receiving
> this email is already planning to attend the ID-V meeting on behalf of their
> own organization.  If so, perhaps that person could agree to make a report
> back to the LC/BoT following the meeting, to provide further input to help
> the LC/BoT make a decision.  I believe Abbie said he might be
> attending.......
>
> Bob
>
>
>
> On 6/25/2010 7:30 AM, Rich Furr wrote:
>
>  A list of questions I have submitted to the Health ID Assurance Working
> Group chair for the NASPO team:
>
>
>
> 1.       Since this work would seem to affect all the organizations at
> many levels of government (as noted in the IDSP Report some 6400
> jurisdictions issuing over 14,000 different variations of birth certificates
> alone), what efforts are being taken to include these agencies in the
> development effort.  It is highly problematic, given the lack of uptake by
> just the States of RealID, to consider that many of these agencies will
> adhere to any eventual standard if they do not actively participate.  How
> does the development team propose to get around the issue of uptake and
> acceptance?
>
>
>
> 2.       According to the IDSP report, the National Association for Public
> Health Statistics and Information Systems is  developing security
> guidelines for the development and issuance of birth certificates (among
> others).  Is NAPHSI S included or participating in this effort?
>
>
>
> 3.       What is the status of the proposed rule making in support of the
> Intelligence Reform and Terrorism Prevention Act?  What steps will be
> taken to ensure the results of this work do not diverge from any results of
> such a rule?
>
>
>
> 4.       Is this team working with NAPHSIS to converge this effort with
> that of the Electronic Verification of Vital Events system?
>
>
>
> 5.       Given the failure of RealID, which was cited as “too
> prescriptive” by the National Governors Association and other organizations
> and the strong objections of the civil liberties community, how would NASPO
> and ANSI suggest the results of this effort overcome any such issues.  Also,
> if acceptance of the results are purely voluntary, what steps might be taken
> to enhance uptake since even Federal Law in this area has largely been
> ignored by other non-Federal agencies?
>
>
>
> 6.       Are any Federal or State agencies participating or providing
> funding?
>
>
>
> 7.       According to Section 3.4 of the IDSP Report:
>
> A core project team was formed to take the work forward under the
> leadership of the
>
> North American Security Products Organization (NASPO), an ANSI accredited
>
> standards developing organization,16 and it has proceeded under NASPO
> leadership
>
> since February 2009. The core project team includes representatives of
> AAMVA, the
>
> Coalition for a Secure Drive, the Colorado Division of Motor Vehicles, DHS,
>
> the General Services Administration, NAPHSIS, and the National Institute of
> Standards
>
> and Technology, among others.
>
>             Are these agencies/organizations still participating?  If not,
> why not?
>
>
>
>
>
> Rich Furr
>
> Head Global Regulatory Affairs and Compliance
>
> *New Office:  980-236-7576*
>
> Cell: 201-220-0160
>
>
>
>
>
>
>
>
>
> *From:* lc-bounces at kantarainitiative.org [
> mailto:lc-bounces at kantarainitiative.org <lc-bounces at kantarainitiative.org>]
> *On Behalf Of *Colin Wallis
> *Sent:* Thursday, June 24, 2010 10:27 PM
> *To:* Kantara Leadership Council Kantara; Staff list
> *Subject:* Re: [KI-LC] Kantara Support For A National Identity
> Verification Standard??
>
>
>
> Ah yes I remember these IDSP docs now.
>
>
>
> What they may end up with is something that resembles parts of NZ Gov's<http://www.dia.govt.nz/diawebsite.nsf/wpg_url/resource-material-evidence-of-identity-standard-index>or BC
> Canada's<http://www.cio.gov.bc.ca/local/cio/standards/documents/standards/evidence_of_identity_standard.pdf>(borrowed from/newer/better than ours) Evidence of Identity Standards.
>
>
>
> You add to this, a document recognition handbook (along with training of
> course) for agency front counter staff to detect fake or tampered-with
> breeder docs and you begin to have something resembling a consistent
> approach/process/system of identity proofing.
>
>
>
> Cheers
>
> Colin
>
>
>
> *From:* John Bradley [mailto:jbradley at mac.com <jbradley at mac.com>]
> *Sent:* Friday, 25 June 2010 1:43 p.m.
> *To:* Joni Brennan
> *Cc:* Colin Wallis; Kantara Leadership Council Kantara; Staff list
> *Subject:* Re: [KI-LC] Kantara Support For A National Identity
> Verification Standard??
>
>
>
> Looking at their call for participation they restrict the $1,000 level to
> only non-profit  Organizations not representing ANY industry.
>
>
>
> I suspect they will consider Kantara a trade organization.
>
>
>
> This seems to be a very US specific peace of work to secure Birth
> certificates, Drivers Licences and Social Security Cards.
>
>
>
> This link provides some background on ANSI's findings.
>
> http://webstore.ansi.org/identitytheft/
>
>
>
> This looks to be a larger project than RealID involving multiple levels of
> Government.
>
> I would want to better understand how the GSA, HHS and other government
> organizations who would be required to implement this are participating, and
> if it stands any chance of getting further the RealID.
>
>
>
> They do have a point that in large measure the breeder documents DL, SSN,
> and Birth Certificate we recommend in the IAF are relatively easy to acquire
> fraudulently.    That's why other countries have NationalID issued at birth.
>
>
>
>
> I am cautious, this could be a lot of work that may not get taken up for
> political reasons.
>
>
>
> I do think it would be a good idea to have appropriate guidance on breeder
>  documents per jurisdiction for people participating in the IAF.
>
>
>
> John B.
>
>
>
> On 2010-06-24, at 6:29 PM, Joni Brennan wrote:
>
>
>
> Kantara Initiative has 501 c6 Tax Status as a Program of the IEEE-ISTO.  As
> such we are a non-profit organization and the exact category is classified
> as 'Business League'.  We of course have the documents to prove the above
> and have done so for various other activities.  Given that Kantara
> Initiative would fall in to the 1k cost to participate.  So at least there's
> some clarity for you there.
>
> On Thu, Jun 24, 2010 at 3:20 PM, Colin Wallis <Colin.Wallis at dia.govt.nz>
> wrote:
>
> Thanks Bob
>
>
>
> Some comments inline after further thought following the LC call.
>
>
>
> Cheers
>
> Colin
>
>
>
> *From:* Bob Pinheiro [mailto:kantara at bobpinheiro.com]
> *Sent:* Tuesday, 22 June 2010 3:54 p.m.
> *To:* Colin Wallis
> *Cc:* Kantara Leadership Council Kantara; Kantara Staff list
> *Subject:* Re: [KI-LC] Kantara Support For A National Identity
> Verification Standard??
>
>
>
> Colin,
>
> If I'm not mistaken, OMB0404 only addresses the four assurance levels; it's
> NIST 800-63 that specifies criteria for identity proofing at the various
> assurance levels.  But that document was strictly intended only for US
> government relying parties.  There has been discussion in IAWG about how to
> do identity proofing when different jurisdictions are involved, so I guess
> there really is no standard.
>
> <<CW: Well, I think you characterize OMB0404 a little too simply, since the
> approach to risk is the fundamental basis that drives the subsequent
> identity proofing and credential issuance/usage processes, but no matter.
> And while you are technically correct regards NIST, I would contend that is
> has become a de facto standard, since so many other jurisdictions have
> copied it or have profiled it.  I am really pleased IAWG has had the
> discussion about Id proofing when different jurisdictions are involved
> because they are absolutely right. No pan jurisdiction federation can take
> place until there is sufficient trust amongst governments that their
> respective identity proofing processes are up to scratch. So while the eGov
> WG has the eGov Profile for SAML sufficiently constrained to see pan
> jurisdiction federation possible at the interop level *technically*, it
> may languish for some years waiting for the ID proofing process side to
> catch up, because id proofing becomes the weakest link in the chain.>>
>
>
> I understand that the goal is to develop an ANSI standard for identity
> verification, but there may also be much international interest as well.
> Whether that would translate into a further effort to develop some sort of
> international standard, I can't say.
>
> <<CW: It certainly is a worthy goal, but international adoption/interest
> may be better achieved by using an international forum in which to develop
> it.  And let's not kid ourselves. It will be darn difficult because
> different jurisdictions have different breeder/authoritative documents. But
> with sufficient mapping, it may be possible.  So if ANSI is going to start
> with the US situation and US breeder docs but later move to an international
> stage, it needs to structure the standard such that it is flexible to
> include a different set of breeder docs from a different jurisdiction>>.
>
>
>
>
> An organization can be a Sponsor at a cost of $25K per year (with no
> obligation to actually participate in the development of any standard), or
> can be a participating member expected to contribute to the work effort.
> For that level of commitment, I don't know if NASPO would consider KI to be
> a non-profit at $1000 per year, or a trade association at $3000 per year.
>
> <<CW: Not my call but KI's 501C 6 status should help>>
>
>
>
>
> One of the motivations for this effort is the US government's (newly
> renamed) National Strategy for Trusted Identities in Cyberspace.  It's hard
> to see how you can have a "trusted identity" online without some
> standardized way to verify someone's identity in the first place.  On the
> other hand, I can see where someone's "identity" may mean different things
> to different types of relying parties, which may also imply different trust
> frameworks for different "trust communities."
>
> <<CW: All true, and I agree with everything you say here>>.
> Bob
>
>
>
> <<CW: So KI is left in an interesting position.  In an ideal world, it
> would be better to bring the work to KI, or OASIS or ISO..where it is (more)
> politically neutral (you recall that this is what we said in our comments to
> the White House in the NSTIC).  So to support this effort in NASPO, we are
> actually *not supporting our stated position*. On the other hand, it may
> be perceived as churlish not to support the effort in NASPO, especially if
> we think the effort will succeed, and the outputs from this standard find
> their way into the IAF in future in some way shape or form.  In which case
> we are cutting off our nose despite our face by not supporting it.
> Decisions decisions….>>
>
>
>
> Cheers
>
> Colin
>
>
> On 6/21/2010 6:23 PM, Colin Wallis wrote:
>
> Thanks Bob
>
>
>
> A couple of thoughts to start us off with..
>
>
>
> 1) Is there really no standard in the US for this?  For the NZ government's
> Evidence of Identity standard, we relied heavily on the US Gov's OMB M 04
> 04. I guess one could say that's not a standard but…
>
>
>
> 2) I can see how there is a gap, in the sense that the identity proofing
> process in the IAF and indeed in the proposed ISO 29115 are kind of
> deployment profiles of this standard, if it were manifested…
>
>
>
> 3) Given KI is a global organisation, are we comfortable that we are not
> creating a precedent that will be impossible to continue with, (the flip
> side being that there is a large US influence in the IAF and 29115 so it is
> a worthy exception)
>
>
>
> 4) Without trying to pre-empt or pre judge any decision, is it your sense
> that KI might want to participate as a non-profit at $1,000 per annum?
>
>
>
>
>
> Cheers
>
> Colin
>
>
>
> *From:* lc-bounces at kantarainitiative.org [
> mailto:lc-bounces at kantarainitiative.org <lc-bounces at kantarainitiative.org>]
> *On Behalf Of *Bob Pinheiro
> *Sent:* Tuesday, 22 June 2010 9:52 a.m.
> *To:* Kantara Leadership Council Kantara
> *Cc:* Kantara Staff list
> *Subject:* [KI-LC] Kantara Support For A National Identity Verification
> Standard??
>
>
>
> As part of my efforts to determine whether there's any external interest in
> the Consumer Identity WG's project plan, I recently spoke with Tom Lockwood,
> who is one of the drivers of the government's National Strategy for Trusted
> Identities in Cyberspace, and Graham Whitehead of NASPO.  You may have seen
> the email and attached Call for Participation from ANSI IDSP (below),
> announcing that NASPO is commencing development of an American National
> Standard for Identity Verification.
>
> The need for a standardized identity verification/proofing process is well
> known, and Tom mentioned that several people associated with Kantara (Brett,
> when he was ED, and Frank V. on behalf of IAWG) expressed to him that
> Kantara supports such an effort.  Others as well, in particular members of
> the financial services community, have also expressed interest.
>
> However, the reality is that NASPO will not be able to pursue this work
> unless it can secure adequate funding, and also recruit enough "warm bodies"
> to actually participate in the effort.  Since there was some expression of
> interest and support by Kantara participants/members, I volunteered to find
> out whether this might translate into financial support, and whether anyone
> representing Kantara might want to participate in the actual development of
> the identity verification standard.
>
> The attached Call for Participation describes the various levels of
> financial support that is being requested.  I'd like to propose that the
> question of whether Kantara can provide financial support for the
> development of an identity verification standard by NASPO be submitted to
> the Board of Trustees for their consideration.
>
> Although I'm specifically addressing possible financial support by Kantara,
> NASPO would certainly be grateful for a commitment of financial support and
> participation by any other organization as well, including individual
> Kantara member organizations.
>
> As noted below, an initial meeting of those making a commitment to this
> effort is planned for July 12-13 in Kansas City.  So if there is any
> possibility that Kantara might be able to contribute to this effort, the BoT
> should probably take up this matter fairly soon.
>
> Bob
>
> ---------------------------
>
> Bob Pinheiro
>
> Chair, Consumer Identity WG
>
> 908-654-1939
>
> kantara at bobpinheiro.com
>
> www.bobpinheiro.com
>
>
>
>
>
> -------- Original Message --------
>
> *Subject: *
>
> ID-V Standard Kick-Off Meeting & Call for Participation
>
> *Date: *
>
> Wed, 16 Jun 2010 10:10:03 -0400
>
> *From: *
>
> James McCabe <jmccabe at ANSI.ORG> <jmccabe at ANSI.ORG>
>
> *Reply-To: *
>
> James McCabe <jmccabe at ANSI.ORG> <jmccabe at ANSI.ORG>
>
> *To: *
>
> IDSP at MAILLIST.ANSI.ORG
>
>
>
> Dear IDSP participants,
>
> The purpose of this eMail is to let you know that a meeting to commence
> development of a national identity verification standard will take place on
> July 12 and 13, 2010 in Kansas City. The meeting will start at 1:00pm on
> Monday July 12 and end on Tuesday July 13 at 4:30pm. The meeting will be
> held in Pavilion 3 at the :-
>
> InterContinental Kansas City at the Plaza
> 401 Ward Parkway
> Kansas City, MO
> 64112
>
> A block of rooms has been reserved at the hotel for the nights Sunday, July
> 11 through to Wednesday  July 14,  at a rate of $139.00 per night.
>
> To make your reservation please call toll free 866 856 9717 and reference
> the NASPO rate (*NAS*), or you can book online at www.kansascityic.com <*
> http://www.kansascityic.com*> and use the code *NAS*.
>
> Hotel reservations should be made on or before   *June 21, 2010* after
> which time rooms will be released for general reservations.  More
> information about the hotel can be found at* http//:www.kansascityic.com
>
> *The required fee for participation in the development of this standard is
> detailed in the attached “ID-V Call for Participation”document. Individuals
> and organizations who wish to participate in the development process and
> attend this first meeting, must register to participate and commit to
> payment of the participation fee in advance of attendance at the meeting.
> Opportunities to benefit from the payment of  a sponsorship fee are also
> detailed in the attachment.
>
> For further information please contact :-
>
> Ann Whitehead
> NASPO Administrator
> Tel: (604) 921-9196
> eMail: naspo at telus.net
>
> Best regards,
>
>
>
> Jim McCabe
> Senior Director, Consumer Relations and IDSP
> *American National Standards Institute
> *25 West 43rd Street, 4th Floor
> New York, NY  10036  U.S.A.
> 1-212-642-8921; Fax: 1-212-840-2298
> jmccabe at ansi.org
>
> *MARK YOUR CALENDAR:
> World Standards Week 2010 <http://www.ansi.org/wsweek>*
>
> September 21-24, Arlington, VA
>
>
>
>
>
> ====
> CAUTION:  This email message and any attachments contain information that
> may be confidential and may be LEGALLY PRIVILEGED. If you are not the
> intended recipient, any use, disclosure or copying of this message or
> attachments is strictly prohibited. If you have received this email message
> in error please notify us immediately and erase all copies of the message
> and attachments. Thank you.
> ====
>
>
>
> ====
> CAUTION:  This email message and any attachments contain information that
> may be confidential and may be LEGALLY PRIVILEGED. If you are not the
> intended recipient, any use, disclosure or copying of this message or
> attachments is strictly prohibited. If you have received this email message
> in error please notify us immediately and erase all copies of the message
> and attachments. Thank you.
> ====
>
>
> _______________________________________________
> LC mailing list
> LC at kantarainitiative.org
> http://kantarainitiative.org/mailman/listinfo/lc
>
>
>
>
> --
> Joni Brennan
> IEEE-ISTO
> Kantara Initiative
> Managing Director
> voice:+1 732-226-4223
> email: joni @ ieee-isto.org
> gtalk: jonibrennan
> skype: upon request
>
> Join the conversation on the community@ list -
> http://kantarainitiative.org/mailman/listinfo/community
>
>
>
>
>
>  _______________________________________________
> LC mailing list
> LC at kantarainitiative.org
> http://kantarainitiative.org/mailman/listinfo/lc
>
>
>
> ====
> CAUTION:  This email message and any attachments contain information that
> may be confidential and may be LEGALLY PRIVILEGED. If you are not the
> intended recipient, any use, disclosure or copying of this message or
> attachments is strictly prohibited. If you have received this email message
> in error please notify us immediately and erase all copies of the message
> and attachments. Thank you.
> ====
>
>
> _______________________________________________
> LC mailing listLC at kantarainitiative.orghttp://kantarainitiative.org/mailman/listinfo/lc
>
>
>
> _______________________________________________
> LC mailing list
> LC at kantarainitiative.org
> http://kantarainitiative.org/mailman/listinfo/lc
>
>


-- 
Joni Brennan
IEEE-ISTO
Kantara Initiative
Managing Director
voice:+1 732-226-4223
email: joni @ ieee-isto.org
gtalk: jonibrennan
skype: upon request

Join the conversation on the community@ list -
http://kantarainitiative.org/mailman/listinfo/community
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://kantarainitiative.org/pipermail/lc/attachments/20100628/dc882379/attachment-0001.html 


More information about the LC mailing list