[KI-LC] [EXTERNAL] Re: Shaping the form of the Kantara mDL WG

Colin Wallis Kantara colin at kantarainitiative.org
Mon Apr 6 19:37:25 UTC 2020


Hmm ..complicated or at least pointing to a two pronged approach....

Let me try this out on you all..

DMV issuers are using a range of processes to do provisioning... and not
standardized. This we know.

The RP wants to know that there is consistency in the provisioning.

But there is no agreement on what that nexus is, and Andrew suggests that
Kantara Trust Marks (I guess he's thinking our 63-3 Trust Marks here) won't
be (universally?) liked by DMV's, and suggests criteria could/should be
directed at ISO SC 17/WG 4 for ISO 23220-3 which explicitly does cover the
issuer -> mDL interface.

So the logic goes that MDV's would like criteria mapped from ISO 23220-3 in
contrast to Kantara's existing 63-3 Trust Marks because it is more
acceptable? harder to ignore/refute?  something else? Do I have that logic
right?

If so, then when Andrew says "I do agree that promoting the existing
Kantara trust marks as an easy(er) path towards 800-63 for those
issuers/verifiers who want to go in that direction – raises profile that
can be redirected into other projects" he seems to be implying that there
will be a handful of State DMV issuers and RPs who might accept Kantara
800-63-3 Trust Marks for mDL provisioning because of other US federal
agency requirements for 63-3 in order to comply with M 19-17 and A 130, and
it offers a synergistic 'catch all' compromise.. which is why Andrew and
David seem to agree on that need for Kantara to promote its 63-3 Trust
Marks as 'mDL capable'.

Is this holding together so far?


On Mon, Apr 6, 2020 at 6:48 PM HUGHES Andrew <andrew.hughes at idemia.com>
wrote:

> Yes – absolutely agree that the RP wants to know about provisioning
> process – I’m just saying that government agencies in general do not like
> outside scrutiny and so would probably not like the Kantara trust mark
> solution. Doesn’t mean we shouldn’t work on it, but Kantara’s customers
> might not be the DMVs.
>
>
>
> I currently believe that the WG criteria could/should be directed at ISO
> SC 17/WG 4 for ISO 23220-3 which explicitly does cover the issuer -> mDL
> interface. There’s a complicated story about why it’s in a different WG and
> project that 18013-5.
>
>
>
> *Andrew Hughes*
>
> Director, Identity Architecture
>
> M. +1 (416) 565-4723
> E. Andrew.Hughes at idemia.com
>
>
>
> *From:* David Kelts <dkelts at getgroupna.com>
> *Sent:* April 6, 2020 10:25 AM
> *To:* HUGHES Andrew <andrew.hughes at idemia.com>; Colin Wallis Kantara <
> colin at kantarainitiative.org>
> *Cc:* Ken Dagg <kendaggtbs at gmail.com>; Salvatore DAgostino <
> sal at idmachines.com>; Andrew Hughes <andrewhughes3000 at gmail.com>; Ben
> Barnett <ben.barnett at folio.id>; Bob Pinheiro <bob at bobpinheiro.com>;
> Christopher Williams <cwilliams at exponent.com>; Kantara Leadership Council
> <lc at kantarainitiative.org>; Richard G. WILSHER (Zygma CEO) <RGW at zygma.biz>;
> mark.difraia at kuma.pro; martin.smith at acm.org
> *Subject:* RE: [EXTERNAL] Re: [KI-LC] Shaping the form of the Kantara mDL
> WG
>
>
>
> This message is from an EXTERNAL SENDER - be CAUTIOUS, particularly with
> links and attachments.
> ------------------------------
>
>
>
> I think that RPs will want to know there is consistent provisioning among
> Issuers/States.  This helps them establish baseline trust (like the ID
> Checker Guide does for physical cards).
>
>
>
> Policy could accomplish this (likely at the Federal level or AAMVA).
>
>
>
> At the technology level, there are no 18013-5 requirements for
> provisioning, so promoting an existing method of assessing provisioning
> makes sense to establish the accuracy-level.
>
>
>
> *From:* HUGHES Andrew <andrew.hughes at idemia.com>
> *Sent:* Monday, April 6, 2020 10:05 AM
> *To:* Colin Wallis Kantara <colin at kantarainitiative.org>; David Kelts <
> dkelts at getgroupna.com>
> *Cc:* Ken Dagg <kendaggtbs at gmail.com>; Salvatore DAgostino <
> sal at idmachines.com>; Andrew Hughes <andrewhughes3000 at gmail.com>; Ben
> Barnett <ben.barnett at folio.id>; Bob Pinheiro <bob at bobpinheiro.com>;
> Christopher Williams <cwilliams at exponent.com>; Kantara Leadership Council
> <lc at kantarainitiative.org>; Richard G. WILSHER (Zygma CEO) <RGW at zygma.biz>;
> mark.difraia at kuma.pro; martin.smith at acm.org
> *Subject:* RE: [EXTERNAL] Re: [KI-LC] Shaping the form of the Kantara mDL
> WG
>
>
>
> Do we think that State DMVs (and others) will want to obtain 3rd
> party-assessed trust marks for their issuance processes? Our collective
> experience with government agencies suggests not…
>
> And, there’s no mapping from 18013-5 requirements to SAC requirements for
> issuance. 18013-5 does not cover issuance nor does it cover authenticators
> in the NIST sense.
>
>
>
> I do agree that promoting the existing Kantara trust marks as an easy(er)
> path towards 800-63 for those issuers/verifiers who want to go in that
> direction – raises profile that can be redirected into other projects.
>
>
>
>
>
>
>
> *Andrew Hughes*
>
> Director, Identity Architecture
>
> M. +1 (416) 565-4723
> E. Andrew.Hughes at idemia.com
>
>
>
> *From:* Colin Wallis Kantara <colin at kantarainitiative.org>
> *Sent:* April 6, 2020 6:56 AM
> *To:* David Kelts <dkelts at getgroupna.com>
> *Cc:* Ken Dagg <kendaggtbs at gmail.com>; Salvatore DAgostino <
> sal at idmachines.com>; Andrew Hughes <andrewhughes3000 at gmail.com>; Ben
> Barnett <ben.barnett at folio.id>; Bob Pinheiro <bob at bobpinheiro.com>;
> Christopher Williams <cwilliams at exponent.com>; Kantara Leadership Council
> <lc at kantarainitiative.org>; Richard G. WILSHER (Zygma CEO) <RGW at zygma.biz>;
> HUGHES Andrew <andrew.hughes at idemia.com>; mark.difraia at kuma.pro;
> martin.smith at acm.org
> *Subject:* Re: [EXTERNAL] Re: [KI-LC] Shaping the form of the Kantara mDL
> WG
>
>
>
> This message is from an EXTERNAL SENDER - be CAUTIOUS, particularly with
> links and attachments.
> ------------------------------
>
>
>
> That's great input David.
>
>
>
> Thank you very much!
>
>
>
> Indeed, I began promoting the white paper here in my Director's Corner
> blog
> <https://urldefense.com/v3/__https:/kantarainitiative.org/confluence/display/GI/2020*3A*March__;JSs!!FZtbJVnXfw!lhhgO-3nrnLuNfBAezmDxuuChebx82GtwQBMj9IA4YGrJsKJQXnvSzaV0k3gSu7b-SQ$> about
> half way down the page. And we have it planned to be promo'd again in the
> mid-month newsletter in 10 days time that goes to a mix of members and non
> members. We also have it scheduled on Social, to help promote the 1st
> Webinar that STA is running.
>
>
>
> So if I'm understanding correctly, the suggestion is that we do a kind of
> lightweight profile of our existing 80-63-3 Service Assessment Criteria
> (SACs) against the mDL provisioning requirements.
>
>
>
> If so, that suggests to me that the essence of the work would be a mapping
> of those requirements to the 63-3 requirements, out of which will come the
> subset of our SACs that are applicable to the mDL provisioning use case.
>
>
>
> If that is also correct, the Identity Assurance WG has its work cut out
> because - whether we continue forming this mDL WG, or do that work as yet
> another sub-group of the IAWG, we will need folks familiar with both the
> 63-3 requirements and Kantara's SACs developed to enable consistent
> assessment against the requirements...
>
>
>
> This will certainly be in the forefront of the IAWG (and LC) leads minds
> on this list and others also here that work on the SACs in the IAWG.
> There's 2 or 3 projects already in play there already, but I'll leave it to
> the folks closer to it than me to comment on feasibility and timings.
>
>
>
> Thanks again David. This has certainly given us something to chew on!;-).
>
>
>
> Kind regards
>
> Colin
>
> Executive Director
>
> Cell or Signal: +44 (0)7490 266 778
>
> @KantaraNews @KantaraColin Blog
> <https://urldefense.com/v3/__https:/kantarainitiative.org/confluence/display/GI/Director*27s*Corner__;JSs!!FZtbJVnXfw!lhhgO-3nrnLuNfBAezmDxuuChebx82GtwQBMj9IA4YGrJsKJQXnvSzaV0k3gowS9iJo$>
> or sign up to receive news
> <https://urldefense.com/v3/__https:/signup.e2ma.net/signup/1889513/1769625/__;!!FZtbJVnXfw!lhhgO-3nrnLuNfBAezmDxuuChebx82GtwQBMj9IA4YGrJsKJQXnvSzaV0k3goaPe_UU$>
>
> Delivering 3rd party Assurance for NIST SP 800-63-3 Level 2
> <https://urldefense.com/v3/__https:/kantarainitiative.org/kantara-initiative-first-to-market-with-nist-sp-800-63-3-third-party-assessment-approval-and-trust-mark/__;!!FZtbJVnXfw!lhhgO-3nrnLuNfBAezmDxuuChebx82GtwQBMj9IA4YGrJsKJQXnvSzaV0k3gWuZwBDA$>
>
> Kantara Initiative
> <https://urldefense.com/v3/__https:/kantarainitiative.org/about/10th-anniversary/__;!!FZtbJVnXfw!lhhgO-3nrnLuNfBAezmDxuuChebx82GtwQBMj9IA4YGrJsKJQXnvSzaV0k3gLg4szOY$>
> , Kantara Educational Foundation
> <https://urldefense.com/v3/__https:/edufoundation.kantarainitiative.org__;!!FZtbJVnXfw!lhhgO-3nrnLuNfBAezmDxuuChebx82GtwQBMj9IA4YGrJsKJQXnvSzaV0k3gNvpD0nU$>
> & Kantara Europe
> <https://urldefense.com/v3/__https:/kantarainitiative.eu/__;!!FZtbJVnXfw!lhhgO-3nrnLuNfBAezmDxuuChebx82GtwQBMj9IA4YGrJsKJQXnvSzaV0k3gJgrpQuU$>
>
> [image: Image removed by sender.]
>
>
>
>
>
>
>
> On Sun, Apr 5, 2020 at 2:36 PM David Kelts <dkelts at getgroupna.com> wrote:
>
> Hi Kantarians,
>
>
>
> The STA whitepaper
> <https://urldefense.com/v3/__https:/www.securetechalliance.org/publications-the-mobile-drivers-license-mdl-and-ecosystem/__;!!FZtbJVnXfw!lhhgO-3nrnLuNfBAezmDxuuChebx82GtwQBMj9IA4YGrJsKJQXnvSzaV0k3g4enCvDk$>
> is published, and the press release
> <https://urldefense.com/v3/__https:/www.globenewswire.com/news-release/2020/04/02/2010724/0/en/Secure-Technology-Alliance-Publishes-White-Paper-on-Mobile-Driver-s-Licenses-and-Emerging-Ecosystem.html__;!!FZtbJVnXfw!lhhgO-3nrnLuNfBAezmDxuuChebx82GtwQBMj9IA4YGrJsKJQXnvSzaV0k3g1HT9evc$>
> is out.  IMHO, it could be sent to every Kantara member and promoting the
> paper – both to membership and externally - would greatly benefit Kantara’s
> eventual work.
>
>
>
> To Colin’s original question, my suggestion is to make *existing* Kantara
> 800-63 certifications meaningful and relevant to *mDL* solutions.  That
> will help unlock issuers to proceed on rollout.  This may not be a large
> lift at all, just *marketing* them as *mDL Provisioning Certifications*
> would accomplish this.  Issuers will want to roll out NIST 800-63 IAL3
> identities whenever they can.  They will want, for example, to post that,
> at minimum, their identities are IAL2 – (post publicly until there exists a
> mechanism in the mDL standards to convey proofing levels to RPs).
>
>
>
> This is a critical role that Kantara can play right now in this developing
> ecosystem.  It is #1 in Colin’s WG charter done very quickly.  😊  Being
> agile would let #1 evolve.
>
>
>
> Since I’m “that guy”, I made suggested changes in the Charter “Scope”
> already to prioritize the work so that Kantara could quickly make available
> what would drive acceptance in the mDL Ecosystem.  These are suggestions in
> the google doc and changeable per the group’s discussion.
>
>
>
> I think this can be a relevant and important effort, and appreciate
> everyone’s dedication,
>
>
>
> David
>
>
>
> *A. David Kelts*
>
> Director of Product Development, Mobile ID | GET Group North America
>
>
>
> Global Enterprise Technologies Corp.
>
> 230 Third Avenue, Waltham MA 02451 USA
>
> T:  +1 (781) 902 8776
>
>
>
> M: +1 (617) 487 9529
>
>
>
> E: dkelts at getgroupna.com
>
>
>
>
>
>
> <https://urldefense.com/v3/__https:/twitter.com/getgroupna__;!!FZtbJVnXfw!lhhgO-3nrnLuNfBAezmDxuuChebx82GtwQBMj9IA4YGrJsKJQXnvSzaV0k3genMibHI$>
> *Twitter*
>
>
> <https://urldefense.com/v3/__https:/www.linkedin.com/company/global-enterprise-technologies-corp-/__;!!FZtbJVnXfw!lhhgO-3nrnLuNfBAezmDxuuChebx82GtwQBMj9IA4YGrJsKJQXnvSzaV0k3g63tKzU0$>
> *LinkedIn*
>
>
> <https://urldefense.com/v3/__https:/getgroupna.com/solutions/mobile-identification/get-mid-app/__;!!FZtbJVnXfw!lhhgO-3nrnLuNfBAezmDxuuChebx82GtwQBMj9IA4YGrJsKJQXnvSzaV0k3gm0d-7jw$>*The
> Web*
>
> *GET Mobile On*
>
>
>
>
>
>
>
>
>
> *From:* Ken Dagg <kendaggtbs at gmail.com>
> *Sent:* Wednesday, March 18, 2020 7:01 PM
> *To:* Salvatore DAgostino <sal at idmachines.com>
> *Cc:* Andrew Hughes <andrewhughes3000 at gmail.com>; Ben Barnett <
> ben.barnett at folio.id>; Bob Pinheiro <bob at bobpinheiro.com>; Christopher
> Williams <cwilliams at exponent.com>; Colin Wallis Kantara <
> colin at kantarainitiative.org>; David Kelts <dkelts at getgroupna.com>;
> Kantara Leadership Council <lc at kantarainitiative.org>; Richard G. WILSHER
> (Zygma CEO) <RGW at zygma.biz>; andrew.hughes at idemia.com;
> mark.difraia at kuma.pro; martin.smith at acm.org
> *Subject:* [EXTERNAL] Re: [KI-LC] Shaping the form of the Kantara mDL WG
>
>
>
> I made some editorial changes to the Purpose and Scope sections.
>
>
>
> Thoughts,
>
> Ken
>
>
>
>
>
>
>
> On Wed, Mar 18, 2020 at 6:42 PM Ken Dagg <kendaggtbs at gmail.com> wrote:
>
> Sal,
>
>
>
> In my opinion the conformance criteria that are developed would support
> another (and new) Kantara Class of Approval. As such, from an operational
> perspective, all the processes associated with granting a trust mark for a
> class of approval would be applicable.
>
>
>
> Thoughts,
>
> Ken
>
>
>
>
>
>
>
> On Wed, Mar 18, 2020 at 6:34 PM Salvatore DAgostino <sal at idmachines.com>
> wrote:
>
> Thanks Colin,
>
>
>
> One thought … since its looking at assessment criteria, should it also be
> collaborating with the IAWG to determine the requirements for a program as
> well.  I think its worth the time to think about the operational aspects as
> well as the criteria components.
>
>
>
> *From:* LC <lc-bounces at kantarainitiative.org> *On Behalf Of *Colin Wallis
> Kantara
> *Sent:* Wednesday, March 18, 2020 6:12 PM
> *To:* David Kelts <dkelts at getgroupna.com>; andrew.hughes at idemia.com;
> Richard G. WILSHER (Zygma CEO) <RGW at zygma.biz>; Bob Pinheiro <
> bob at bobpinheiro.com>; Ken Dagg <kendaggtbs at gmail.com>;
> martin.smith at acm.org; Christopher Williams <cwilliams at exponent.com>; Ben
> Barnett <ben.barnett at folio.id>; Andrew Hughes <andrewhughes3000 at gmail.com>;
> mark.difraia at kuma.pro
> *Cc:* Kantara Leadership Council <lc at kantarainitiative.org>
> *Subject:* Re: [KI-LC] Shaping the form of the Kantara mDL WG
>
>
>
> Folks
>
>
>
> Just pushing this early draft Charter in the GDocs link around the buoy
> once more.
>
>
>
>
> https://docs.google.com/document/d/1UNuYl71z9Js_8Bmi9sdmb0PMaXkPqkgWGwGWgrApdbw/edit
> <https://urldefense.com/v3/__https:/docs.google.com/document/d/1UNuYl71z9Js_8Bmi9sdmb0PMaXkPqkgWGwGWgrApdbw/edit__;!!FZtbJVnXfw!lhhgO-3nrnLuNfBAezmDxuuChebx82GtwQBMj9IA4YGrJsKJQXnvSzaV0k3g4nMuEkY$>
>
>
>
>
> I'm trying to find that sweet spot between making it generic enough that
> we can flex and change as needed, while being specific enough that we don't
> spend months and months thrashing around to find the beginning.
>
>
>
> The news from STA (which many of you on this list know as you were on
> Cathy's email distro) is that we could expect to see the whitepaper
> published late next week.
>
>
>
> We do have the option of holding until then, for folks here that weren't
> involved in its creation to get orientated.
>
>
>
> But OTOH I'm not sure it would significantly change what we do here, since
> on and off-list the broad direction seems aligned, if not the finer grained
> detail, the knowledge of which significantly rests with those of you on the
> ISO SC17 WGs.
>
>
>
> Anyway, take another look at the Charter please, and edit inline or add
> proposed text changes as comments.
>
>
>
> It would be good to get it into the WG creation process before the end of
> the month (which is not long!) as well as make it more widely known to
> other members and non member participants.
>
>
>
> Thanks!
>
>
>
> Colin
>
>
>
> On Wed, Mar 4, 2020 at 12:06 AM Colin Wallis Kantara <
> colin at kantarainitiative.org> wrote:
>
> Folks
>
>
>
> Thank you for putting your hand up for interest in this idea, either in
> response to email or in conversations.
>
>
>
> There are others (both inside and outside of the Kantara membership) but
> we need to get on, while internal sign offs etc take place.
>
>
>
> Because I am going on vacation for a few days (chasing northern lights so
> mostly out of cell range) and then in DC next week, I wanted to make a very
> formative start on the draft WG charter...something we can all build on.
>
>
>
>
> https://docs.google.com/document/d/1UNuYl71z9Js_8Bmi9sdmb0PMaXkPqkgWGwGWgrApdbw/edit
> <https://urldefense.com/v3/__https:/docs.google.com/document/d/1UNuYl71z9Js_8Bmi9sdmb0PMaXkPqkgWGwGWgrApdbw/edit__;!!FZtbJVnXfw!lhhgO-3nrnLuNfBAezmDxuuChebx82GtwQBMj9IA4YGrJsKJQXnvSzaV0k3g4nMuEkY$>
>
>
>
>
> So edit and comment away at will please while I am away and not thinking
> of you all while I chase lights..;-).
>
>
>
>
>
>
>
> --
>
> Kenneth Dagg Independent Consultant Identification and Authentication
> 613-825-2091 kendaggtbs at gmail.com
>
> --
>
> Kenneth Dagg Independent Consultant Identification and Authentication
> 613-825-2091 kendaggtbs at gmail.com
>
>
>
> *Disclaimer*
>
> The information contained in this communication from the sender is
> confidential. It is intended solely for use by the recipient and others
> authorized to receive it. If you are not the recipient, you are hereby
> notified that any disclosure, copying, distribution or taking action in
> relation of the contents of this information is strictly prohibited and may
> be unlawful.
>
> This email has been scanned for viruses and malware, and may have been
> automatically archived by *Mimecast Ltd*, an innovator in Software as a
> Service (SaaS) for business. Providing a *safer* and *more useful* place
> for your human generated data. Specializing in; Security, archiving and
> compliance. To find out more Click Here
> <https://urldefense.com/v3/__http:/www.mimecast.com/products/__;!!FZtbJVnXfw!lhhgO-3nrnLuNfBAezmDxuuChebx82GtwQBMj9IA4YGrJsKJQXnvSzaV0k3gyZt3Xgw$>
> .
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kantarainitiative.org/pipermail/lc/attachments/20200406/85d75d80/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 519 bytes
Desc: not available
URL: <http://kantarainitiative.org/pipermail/lc/attachments/20200406/85d75d80/attachment-0003.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 8436 bytes
Desc: not available
URL: <http://kantarainitiative.org/pipermail/lc/attachments/20200406/85d75d80/attachment-0002.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.png
Type: image/png
Size: 1775 bytes
Desc: not available
URL: <http://kantarainitiative.org/pipermail/lc/attachments/20200406/85d75d80/attachment-0003.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image004.jpg
Type: image/jpeg
Size: 1035 bytes
Desc: not available
URL: <http://kantarainitiative.org/pipermail/lc/attachments/20200406/85d75d80/attachment-0004.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image005.jpg
Type: image/jpeg
Size: 1079 bytes
Desc: not available
URL: <http://kantarainitiative.org/pipermail/lc/attachments/20200406/85d75d80/attachment-0005.jpg>


More information about the LC mailing list