[KI-LC] Work Group Activity, Administration and Restructuring

Patrick Curry patrick.curry at clarionidentity.com
Thu Oct 2 01:11:44 CDT 2014

Hi Colin,

I have just returned from US Gov 3 day event on supply chain risk management and software assurance.  In reality, most of it was about ExO 13636 - Cybersecurity Framework.  Lead organisations - GSA, DNI, DHS, DOD.  Emphasis on counterfeit parts/products and also bad software. ID got a strong mention and Deb Gallagher’s boss was there.   There were a couple of important sidebar meetings at Dir level, one of which involved the CEO National Association of Secretaries of State (NASS) on potential state-level involvement in future OrgID registers for the USA.  

Key points:
I showed the van Roekel letter (6 Oct 11) and highlighted KI.
Serious collaborative effort to get a much stronger supply chain.  Requires a collaborative risk management approach, which links well to the work of the EU Network Information Security Platform.   GSA and colleagues are planning a pilot.
Looks as if GSA is going to be the Federal lead on Organisational ID - FICAM and FICAM’s superior group expected to be involved, but the GSA situation is not yet firm.  Implementation of a ROLO US is likely to be led by the banks (separate discussion) with a supporting Federal focus.  
Collaborative cyber situational awareness (CCSA) seen as essential, which relates to the National Information Exchange Model and also the work of DHS.  There’s also a major link to certain ITU-T activities on taxonomies, protocols and authentication.  Also to age verification, child protection and human rights.
High assurance PKI federation is key to all this working.  Developments happening in the background are likely to result in 2 new PKI bridges.

To your email…
Do you have any more info?
The technical implementations are getting more complicated and sophisticated.  The binding between trusted entities, and the frequent validation of that binding, is turning into the big issue.
KI risks getting into a muddle on federation
eIDAS refers to federation when it means mutual recognition between states based on loose common policy specs that are not based on international standards
the consumer fraternity refer to federation when they mean technical interoperability through a broker backed by trust lists, several of which are not Authoritative Sources.  In my world, this is referred to as trust list interoperability or lookup.  There isn’t a meaningful Common Policy for the community, nor a collaborative Governance model for its policy generation and operation.
The PKI community see federation as systemic interoperability where a certificate can be used to construct a path to the Authoritative Source for the purposes of certificate validation and identity validation.  It is not based on mutual recognition but on evidence presented systemically to PEPs at runtime.   

Although there is plenty of energy and smoke around LoA2 consumer-centric interoperability models for authentication, there is a much bigger (in terms of governments, numbers of organisations and €£$ at stake) community focusing on LoA 3 and 4 federation, and TPM will add considerably to this for device (as will FIDO Alliance for consumer device and biometric).  ITU-T members can see this (which includes DHS and DOS in the US).

Please can I ask that we develop a more granular understanding of the nature of ID management for all entity types, and also systemic federation, as KI's conflation of legal and technical concepts risks leading to KI’s products having use only at LoA2.

Happy to discuss.



Patrick Curry
Clarion Identity Ltd

M:   +44 786 024 9074
T:   +44 1980 620606
patrick.curry at clarionidentity.com

On 30 Sep 2014, at 22:05, Iain Henderson <iain at thecustomersvoice.com> wrote:

Hi Colin,

I think that themes approach works well. One thought though in terms of a more granular approach if required. CISWG has and has always had one defining characteristic - the work is wishes to do is rooted on the side of the individual (VRM-like if you will); not anti-organisations in any way, just very clear on the orientation. I believe UMA is the same; can't speak on behalf of the others but could be one sub-theme.



On Thu, Sep 25, 2014 at 10:07 AM, Colin Wallis <colin_wallis at hotmail.com> wrote:
From the LC agenda:

<<B.  Resume and progress the notion of work groups coalescing around a small number (3 or 4) key themes.

<<C. LC needs to look at the working groups and find where there is synergy and where there can be collaboration, and evaluate the meaningfulness of the various existing WGs. Call to action with a mandatory off cycle call. Discuss letter sent out by Pete and Sal.'


OK, so I support the rationale, having seen the dynamics at play between IdoT, UMA and CIS at at the Kantara Workshop in Utrecht.

So what do we call these themes?? 

Maybe 'themes' is OK, or alternatively a word like 'forum'..

..and the WGs coalesce under a 'theme' or 'Forum' ... 

Yeaup, I get that..

I've heard Joni use the expression 'Connected Life' - I like it. So maybe one of the 'themes'/'forums' could be called that..

We have IRM formed, and AIM shutting down.  Not sure about Japan and some of the groups that don't meet so often..

We have our meaty 'Programs' - Assurance and (to a  lesser extent recently) Interoperability, tho' I hear that there are some interesting new things afoot with Interop. So bringing the Programs under one umbrella might make sense.

So what might the new shape look like?

Existing Groups (have I missed any?)

Attributes In Motion WG
Business Cases for Trusted Federations DG
Cloud Identity and Security Best Practices WG
eGovernment WG
Federation Interoperability WG
Health Identity Assurance WG
Identities of Things DG
Identity Assurance WG
Identity Relationship Management WG - 
Information Sharing WG
Japan WG - is it still going?
Trust Framework Meta Model WG - a possible sub of IAWG?
User Managed Access WG
How might they coalesce under a theme/forum?  A starter for ten.. 

Trust Framework Forum

Identity Assurance
Federation Interoperability
Health Identity Assurance
Trust Framework Meta Model
Business Cases for Trusted Federations
Cloud Id and Sec (could be in either forum)
Japan WG (could be in either forum)
Connected Life Forum

Consent & Information Sharing
Identities of Things
Identity Relationship Management
Thing is, you could slice and dice this a number of ways..... 

The above feels too coarse grained..

Maybe there is a better 3 or 4 way split..

Anyway, flame away folks.. :-)



From: ppalmer at medallies.com
To: lc at kantarainitiative.org
Date: Wed, 24 Sep 2014 16:00:05 -0400
Subject: [KI-LC] Kantara LC - Work Group Activity,	Administration and Restructuring

Dear LC Members,

The Kantara Initiative Leadership Council consists of the chairs and co-chairs of the 11 Working Groups with varied areas of interest, level of participation and longevity.  The Kantara Board of Trustees and the Kantara Leadership Council are in the process of re-examining the different work groups and looking for common themes that cross groups such as user managed access, internet of things, information sharing and others.  This includes looking at groups along themes and whether it make sense to consolidate or re-organize.  We will also be exploring the concept of affiliated clusters of groups

This examination includes a look at the level of participation in groups, the charter and practice of the groups, and sees if they align with the overall goals of the Kantara Initiative in the form of work streams or products.  This may result in the the need to retire and archive groups, consolidate the administrative workstreams, and a renewed emphasis on Leadership Council participation.

In order to make this the most effective and efficient process it requires the effort of all the working groups.  An organization needs a connection to its activities and the Leadership Council is where this collaboration can take place.

As a call to action, we will be scheduling a *mandatory* off-cycle call for work group Chairs representatives to present and examine work group activities and complete the process.  Representatives of the discussion groups will also be invited.

Thanks again everyone,

Pete and Sal


This communication and any files or attachments transmitted with it may contain information that is confidential, privileged and exempt from disclosure under applicable law.  It is intended solely for the use of the individual or the entity to which it is addressed.  If you are not the intended recipient, you are hereby notified that any use, dissemination, or copying of this communication is strictly prohibited by federal law.  If you have received this communication in error, please destroy it and notify the sender.


_______________________________________________ LC mailing list LC at kantarainitiative.org http://kantarainitiative.org/mailman/listinfo/lc

LC mailing list
LC at kantarainitiative.org

LC mailing list
LC at kantarainitiative.org

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kantarainitiative.org/pipermail/lc/attachments/20141002/1ae8d2a3/attachment-0001.html>

More information about the LC mailing list