[KI-LC] Fwd: FIC Security WG Kick Off 8/12 Document

Colin Wallis Kantara colin at kantarainitiative.org
Tue Aug 18 22:27:11 UTC 2020


Folks

I think some of you are already aware of the pre-formative 'Future Identity
Council' convened by ex Apple employee Gail Hodges.  Looking past the name,
the essence of this effort is to lift the 'mDL as a mobile identity' to a
more rounded-out and more comprehensive  plane.
At least for the kick off meetings she has been able to attract a
reasonably representative group of stakeholders - Issuers and RPs, device
manufacturers (actually Google spoke up to this I guess on the basis of the
Google phone), community interest groups, Govt etc.

The kick-off meetings were last week one each for Security, Privacy and
Operations.

My initial sense is that the Privacy and Security groups might be worth
engaging with given the potential for Kantara contributions that could lead
into some kind of value return.

This one is in connection with Security.

If you look at the kick off .pdf and the actions and the email, you can see
references to Devices which is not so far from the concepts Tom Jones has
been promulgating with his draft paper and that Sal has expertise in on
the testing side.  And this is also where the identity proofing and
certification discussions are intended to take place - both areas that
Kantara has both expertise and investment in.

I would like your views on the potential for Kantara to be represented and
who could represent our interests, since that should not be me by default.

Thoughts?

---------- Forwarded message ---------
From: Gail Hodges <gail at future-identity.org>
Date: Fri, Aug 14, 2020 at 10:47 PM
Subject: Re: FIC Security WG Kick Off 8/12 Document
To:
Hello all


Thanks again for joining the FIC Security WG on 8/12!  Notes on attendees
and actions attached.


As an immediate next step, please let me know if you are interested in the
following:

   1) Joining the Subgroup on "End to End Security Model"

   2) Joining the Subgroup on "Device Eligibility"

   3) Joining the Subgroup on "Proofing/Provisioning"


Given subgroups  (1)-(3) are somewhat interconnected, I hope we can balance
diligence with transparency. The subgroups would own the diligence and
recommendations to the Security WG, but I think we could work from a single
"Security guidelines" draft and share a document repository. Provided we
manage the editing process, I think this could work well. Unless there are
other suggestions, I'll work on setting up a document repository and make a
"skeleton" Security Guidelines draft.


In terms of the substantive issues we discussed, a few notes:


   - If anyone thinks of "End to End Security Models" that may be useful to
   Subgroup (1), please do share.
   - One goal of subgroup (1) is to "weave together" existing standards and
   certifications into an end-to-end security model to help states with their
   diligence. It is a tricky topic, so I'm happy to arrange one-off meetings
   to help align stakeholders as needed.
   - The title and approach for Subgroup (2) was revised based on David
   (Google's) guidance


I'll send out a Doodle poll to agree a date for our September Security WG
call, and set it up with a monthly cadence


Please feel free to share any suggestions that will make this forum a
success!


Best

Gail
[image: image.png]

On Fri, Aug 7, 2020 at 5:23 PM Gail Hodges <gail at future-identity.org> wrote:

> Hello all
>
> Please kindly see attached the Security WG Kick off Document for 8/12, 8am
> PT/ 11am ET, 5pm CET.
>
> We will first review the decisions taken by the Government Oversight
> Committee, including their "asks" of this WG. We'll then discuss the
> deliverables and how we might best deliver them.
>
> Notes:
> 1. This document may be updated to include any additional RSVPs
> 2. Comments on the document are welcome before Tuesday 12pm PT, and best
> efforts will be made to include them
>
> Looking forward to the conversation Wednesday!
>
> Gail
>
> Founder
> Future Identity Council
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kantarainitiative.org/pipermail/lc/attachments/20200818/5bfbefe6/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 263519 bytes
Desc: not available
URL: <http://kantarainitiative.org/pipermail/lc/attachments/20200818/5bfbefe6/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: FIC_Security Kickoff 8:12- Notes & Actions.pdf
Type: application/pdf
Size: 137106 bytes
Desc: not available
URL: <http://kantarainitiative.org/pipermail/lc/attachments/20200818/5bfbefe6/attachment-0001.pdf>


More information about the LC mailing list