[DG-NSTIC] REVIEW DRAFT: Kantara Initiative Position Paper - NSTIC Steering Group Formation v0.2
Joni Brennan
Please find attached the early draft of Kantara Position Paper - NSTIC Steering Group Formation
This is a draft - which means - now is the time for you members to submit your comments and edits - both general and specific. I will amalgamate comments received. A few notes. Please send with in one week for inclusion in the next draft.
The following Groups please send in your group representative edits / copy as appropriate. If your group does not align or have context then you have no action to take.
- AMDG
- BCTF
- Consumer ID WG
- HIAWG
- Telco ID WG
- Japan WG (I'm not sure that Japan will have input as this is a US strategy but the opportunity is open for this group as well!)
- other KI stakeholders not included above (?)
UMA WG - Eve I got your comments but would like to know which of the stakeholder groups you see UMA aligning with.
Once we see which stakeholder groups Kantara groups are aligning with we will be able to work forward toward final input. Please note that the NSTIC Governance recommendation calls for organizations / individuals to identify with ONE stakeholder group [1]. I believe this is a challenge as many organizations will find overlap. Our approach should be to either
- Reach consensus on one stakeholder group to identify with OR
- Provide input regarding how the governance should change to allow for organizations / individuals to align with multiple stakeholder groups.
Remember this is our opportunity to help shape the NSTIC steering governance model and highlight the significant work that Kantara is already progressing in the space.
[1] Recommendation 25: Each Stakeholder should be required to “self-identify” into the stakeholder group which it considers best represents its primary role or interest in the Identity Ecosystem. Self-identification into one stakeholder category at a time would prevent organizations that may play multiple roles in the Identity Ecosystem from exerting undue influence by gaining more than one vote on the Management Council. Importantly, individuals that do not wish to self-identify into one of the other 13 stakeholder groups may choose to participate as an Unaffiliated Individual.
I look forward to working with you to publish this paper.
=Joni
Joni Brennan
Kantara Initiative | Executive Director
voice:+1 732-226-4223
email: joni @ ieee-isto.org
Slideshare - Building Trusted Identity Ecosystems - It takes a village!
http://www.slideshare.net/kantarainitiative/kantara-may-2012
Colin Wallis
I took a look over the weekend.
It's great to see the strong support for international representation! Thank you:-)
The rest of it was great too, and I had just two thoughts..:
1) Do we think that it is appropriate to characterize eGov WG as 'standards', referencing the Implementation profile for SAML 2.0? It's not that that is wrong of course, but thinking about our revised positioning into a more policy/governance/requirements gatherer for an eGov SAC, I'm wondering if we couldn't future-proof ourselves a bit? IF we did, we could also self identify into 4) Fed Gov and 5) State Local etc Gov, couldn't we?
2) I thought that NSTIC rules said that an entity could only self identify into one of the Stakeholder Groups. While the issue of undue influence as raised by NSTIC is reasonable, it is also unreasonable that an entity such as KI has to do this given the breadth of its activities. Certainly that is the implication of this reponse paper, but it doesn't seem to come right out and say it.
Any views on these points?
Cheers
Colin
From: jo...@ieee-isto.org
Date: Thu, 7 Jun 2012 15:32:33 -0700
To: L...@kantarainitiative.org; dg-n...@kantarainitiative.org
Subject: [KI-LC] REVIEW DRAFT: Kantara Initiative Position Paper - NSTIC Steering Group Formation v0.2
John Bradley
Salvatore D'Agostino
One way to address this is to have the leadership of each of the DG/WG participate/liaison in the related working groups. Individuals can participate and bring their DG/WG hats along.
At the top should be an area of overall organization to organization cooperation.
Ditto on eGov policy.
The more participation the better the position (more votes) for elections no matter what category.
Bob Pinheiro
Members must sign a membership agreement, and can be either organizations or individuals. Member Associates are persons who do not sign membership agreements, but are in some way affiliated with a Member. So Member Associates can be employees of companies that are Members, or (in the case of Kantara) "members" or participants in the Member organization. Member Associates must be listed in the membership agreement that the Member signs.
So Kantara must decide if the organization itself will sign a membership agreement, and if so, whether it will designate certain individuals (WG/DG Chairs, others) as Member Associates.
The draft Bylaws also states that "each Member shall self-select into the Stakeholder Group that they consider best represents its roles or interests in the Identity Ecosystem." So this would seem to mean that Kantara itself (if it chooses to become a Member) would have to self-select into one of the 14 Stakeholder groups. However, this also seems to mean that each person designated as a Kantara Member Associate would also be affiliated with that same Stakeholder Group (see Bylaws section a.3, Stakeholder Group Affiliation: " Member Representatives and Member Associates shall be affiliated with the Stakeholder Group selected by their respective Member Organization.")
However, in the Governance Recommendations document, Recommendation 25 says that each "Stakeholder" must self-select into one of the stakeholder groups. It's not clear if a Stakeholder is the same as a Member, or whether Stakeholder can refer to anyone (including Member Associates). The term Stakeholder is not defined.
So given the governance rules as currently written, it may be reasonable for Kantara to become a Member, and to be represented by Joni or another staffer. Anyone else associated with Kantara (WG/DG chairs, etc), unless they want to be associated with the same stakeholder group that Kantara chooses, should probably consider becoming individual Members, or Member Associates of some other Member organization.
It might be reasonable for Kantara to consider petitioning NSTIC to modify these rules so that Kantara members/participants can still participate as Kantara Affiliates, without having to sign separate Member agreements, while still being able to join other stakeholder groups. Or for an organizational Member such as Kantara to be able to self-select into several stakeholder groups...provided Kantara can only vote in one such group.
- Bob P.
_______________________________________________ DG-NSTIC mailing list DG-N...@kantarainitiative.org http://kantarainitiative.org/mailman/listinfo/dg-nstic
Joni Brennan
It's great to see the strong support for international representation! Thank you:-)
Of course! =)
The rest of it was great too, and I had just two thoughts..:
1) Do we think that it is appropriate to characterize eGov WG as 'standards', referencing the Implementation profile for SAML 2.0? It's not that that is wrong of course, but thinking about our revised positioning into a more policy/governance/requirements gatherer for an eGov SAC, I'm wondering if we couldn't future-proof ourselves a bit? IF we did, we could also self identify into 4) Fed Gov and 5) State Local etc Gov, couldn't we?
I believe this could work Colin. Even though eGov is international there still are ties to Fed, State and local gov. Is it possible for eGov to craft some input?
2) I thought that NSTIC rules said that an entity could only self identify into one of the Stakeholder Groups. While the issue of undue influence as raised by NSTIC is reasonable, it is also unreasonable that an entity such as KI has to do this given the breadth of its activities. Certainly that is the implication of this reponse paper, but it doesn't seem to come right out and say it.
I had this point much clearer in an earlier version and pulled it back a bit. I think it's a big problem and will be for other groups as well. This was also a flash point at the NSTIC day event in March (around IDTrust timing). I believe that we should strengthen this and your point supports my thought. Now, I think it's easy enough to say thisTHING is a problem but I'd prefer if we had some input on approaches to solve. We don't need to propose a solve or direction toward a solve but I do think it's good manners.
Perhaps this is a discussion best taken with more input from the wider group.
Do others agree here and any thoughts on alternate approaches?
j stollman
_______________________________________________
DG-NSTIC mailing list
DG-N...@kantarainitiative.org
http://kantarainitiative.org/mailman/listinfo/dg-nstic
Jeff Stollman
stoll...@gmail.com
1 202.683.8699
Colin Wallis
Just combining the two parallel threads on this to make it easier to capture the actions...
Cheers
Colin (who will craft some input for the eGov Policy piece)
From: dg-nstic...@kantarainitiative.org [mailto:dg-nstic...@kantarainitiative.org] On Behalf Of j stollman
Sent: Tuesday, 12 June 2012 9:01 a.m.
To: Joni Brennan
Cc: Kantara Leadership Council Kantara; dg-n...@kantarainitiative.org
Subject: Re: [DG-NSTIC] [KI-LC] An eGov comment:: (RE: REVIEW DRAFT: Kantara Initiative Position Paper - NSTIC Steering Group Formation v0.2)
Given that P3 stands for Privacy and Public Policy, I believe that P3 should be referenced as aligning with both US Federal and US State and Local NSTIC groups.
Jeff
...................................................................................................................................................
One way to address this is to have the leadership of each of the DG/WG participate/liaison in the related working groups. Individuals can participate and bring their DG/WG hats along.
At the top should be an area of overall organization to organization cooperation.
Ditto on eGov policy.
The more participation the better the position (more votes) for elections no matter what category.
[Sal]
………………………………………………………………………………………………………………………………………………………………
From: dg-nstic...@kantarainitiative.org [mailto:dg-nstic...@kantarainitiative.org]
On Behalf Of John Bradley
Sent: Monday, June 11, 2012 1:24 AM
To: Colin Wallis
Cc: Kantara Leadership Council Kantara; dg-n...@kantarainitiative.org
Subject: Re: [DG-NSTIC] [KI-LC] An eGov comment:: (RE: REVIEW DRAFT: Kantara Initiative Position Paper - NSTIC Steering Group Formation v0.2)
The NSTIC rules say you need to self-identify for participating in elections. What category you run for election in and vote in, not what plenary areas you participate in. This is more a governance issue than an operational one. Given that individuals can self select and vote with the same weight as organizations, the only reason for a organization to self select is to run for the governing group in an area as far as I can tell.
I have know idea if the rules would allow a WG that is not a legal entity to participate at that level for voting, I suspect not. the more important thing is probably what NSTIC proposed NSTIC committees relate to Kantara WG, and arranging individual participation.
I agree with Colin eGov should be positioned as Policy not standards.
John B.
On Mon, Jun 11, 2012 at 11:43 AM, Joni Brennan <jo...@ieee-isto.org> wrote:
CAUTION: This email message and any attachments contain information that may be confidential and may be LEGALLY PRIVILEGED. If you are not the intended recipient, any use, disclosure or copying of this message or attachments is strictly prohibited. If you have received this email message in error please notify us immediately and erase all copies of the message and attachments. Thank you.
====
Colin Wallis
Sorry folks.
I missed Bob’s response last time.
From: Colin Wallis
Sent: Tuesday, 12 June 2012 12:26 p.m.
To: 'j stollman'; Joni Brennan
Cc: Kantara Leadership Council Kantara; dg-n...@kantarainitiative.org
Subject: RE: [DG-NSTIC] [KI-LC] An eGov comment:: (RE: REVIEW DRAFT: Kantara Initiative Position Paper - NSTIC Steering Group Formation v0.2)
Just combining the two parallel threads on this to make it easier to capture the actions...
Cheers
Colin (who will craft some input for the eGov Policy piece)
From: dg-nstic...@kantarainitiative.org [mailto:dg-nstic...@kantarainitiative.org]
On Behalf Of j stollman
Sent: Tuesday, 12 June 2012 9:01 a.m.
To: Joni Brennan
Cc: Kantara Leadership Council Kantara; dg-n...@kantarainitiative.org
Subject: Re: [DG-NSTIC] [KI-LC] An eGov comment:: (RE: REVIEW DRAFT: Kantara Initiative Position Paper - NSTIC Steering Group Formation v0.2)
Given that P3 stands for Privacy and Public Policy, I believe that P3 should be referenced as aligning with both US Federal and US State and Local NSTIC groups.
Jeff
.......................................................................................................
According to the Steering Group Bylaws Discussion Draft, every entity that participates in the Steering Group is either a Member, or a Member Associate.
Members must sign a membership agreement, and can be either organizations or individuals. Member Associates are persons who do not sign membership agreements, but are in some way affiliated with a Member. So Member Associates can be employees of companies
that are Members, or (in the case of Kantara) "members" or participants in the Member organization. Member Associates must be listed in the membership agreement that the Member signs.
So Kantara must decide if the organization itself will sign a membership agreement, and if so, whether it will designate certain individuals (WG/DG Chairs, others) as Member Associates.
The draft Bylaws also states that "each Member shall self-select into the Stakeholder Group that they consider best represents its roles or interests in the Identity Ecosystem."
So this would seem to mean that Kantara itself (if it chooses to become a Member) would have to self-select into one of the 14 Stakeholder groups. However, this also seems to mean that each person designated as
a Kantara Member Associate would also be affiliated with that same Stakeholder Group (see Bylaws section a.3, Stakeholder Group Affiliation: " Member Representatives and Member Associates shall be affiliated with the Stakeholder Group selected by their respective
Member Organization.")
So given the governance rules as currently written, it may be reasonable for Kantara to become a Member, and to be represented by Joni or another staffer. Anyone else associated with Kantara (WG/DG chairs, etc), unless they want to be associated with the same
stakeholder group that Kantara chooses, should probably consider becoming individual Members, or Member Associates of some other Member organization.
It might be reasonable for Kantara to consider petitioning NSTIC to modify these rules so that Kantara members/participants can still participate as Kantara Affiliates, without having to sign separate Member agreements, while still being able to join other
stakeholder groups. Or for an organizational Member such as Kantara to be able to self-select into several stakeholder groups...provided Kantara can only vote in one such group.
- Bob P.
...................................................................................................................................................
Colin Soutar
Hi –
In response to Bob’s observations on the Membership structure, it would seem likely that the NSTIC Steering Group structure would follow some of the models previously used by similar organizations , for example the INCITS organization that generally provides the Technical Advisory Groups for ANSI to the ISO sub-committees.
The INCITS structure typically has a plenary group that has final approval on all work coming out of the working groups, so this would facilitate what Bob is suggesting (and is mostly aligned with the Kantara structure). An organization has a lead participant who advocates the overall position at the plenary session and works with working group members to receive input and to harmonize the overall presented viewpoint. For large organizations, such as Kantara, there would also be lead participants in each of the working groups. A possibility would be that the Kantara WG Chairs are lead delegates to the respective NSTIC working group and that the LC appoints an overall Head of Delegation to represent Kantara at the Plenary sessions.
I very much doubt that is NSTIC’s intent to limit an organization’s participation to only one working group, and would imagine that it is more a case of ensuring that an organization is limited to one vote at the Plenary session. To do otherwise would likely limit the transparent competitiveness implicit in the process, as well as the resources available for any particular task – which would seem somewhat silly in light of the limited number of such resources.