Latest News from the Kantara team

[Kantara Initiative]

Welcome to our first Newsletter of 2023!   As we kick off the new year, I am delighted to be working with our new Board of Directors which includes 4 new Directors - Michael Engle, Andrew Hindle, Jordan Burris and Michael Magrath.  I can also share that, at our first Board meeting, we elected Andrew Hughes as President, Michael Magrath as Secretary and Andrew Johnston as Treasurer. I feel very confident that our organization will be led with assurance and expertise in 2023, building on the great work of 2022. With the release of NIST 800-63 draft of version 4, our industry shows further maturity. Revision 4 of the Digital Identity Guidelines, seeks to respond to the changing digital landscape and the real-world implications of online risks. The latest draft of the Digital Identity Guidelines seeks to focus on Advancing Equity: Emphasizing Optionality and Choice for Consumers Deterring Fraud and Advanced Threats Addressing Implementation Lessons Learned:  Our Identity Assurance Work Group is one of our most active groups. Last week, several of us attended (in-person and virtually) the NIST workshop in Washington DC, hosted by Venable, to provide feedback and consider requirements for future conformance criteria. NIST will continue to gather feedback until 24 March. Read more here. We always welcome new Work Group participants so why not join us? Sign up here  We’re looking forward to working with you this year!

Kay Chopard Executive Director

Work Group update - ANCR   The Kantara Initiative Advanced Notice & Consent Receipt (ANCR) Work Group continues the effort that produced the Consent Receipt v1.1, incorporated into ISO/IEC 29184 Online Privacy Notices and Consent in 2020 and the forthcoming ISO/IEC 27560 Consent Record Information Structure. This is being extended in the WG presently with work on an Open Notice Controller Credential and Transparency Performance Indicators (TPIs) for digital privacy conformance. Recently, the WG submitted comments to the Federal Trade Commission on its Advanced Notice of Proposed Rulemaking on Commercial Surveillance and Data Security. The WG advocated for the use of 2 Factor Notice, notice of risk and proof of notice. They commented that - just like the process the FTC itself uses in rule-making - the same 2FN should apply on the Internet. The notices and receipts generated provide co-governance and a form of enforcement innovation through transparency in the notice. TPIs and Open Notice Controller Credential use the ISO standards and laws relevant to jurisdictions such as COE 108+, GDPR, as well as the growing number of regulations that always require notice and transparency. The specifications drawn up by the ANCR WG provide mechanisms to implement legal and technical standards for transparency that supersede  simple Terms and Conditions’, 'user licenses’, ‘privacy policies’ and ‘data sharing agreements’. The goal is to specify an active, personal, technical object for managing the rules of data and its consented exchange. On January 27th, as part of International Privacy Week, the ANCR WG held a workshop in conjunction with the recently launched Digital Transparency Lab and the IEEE Digital Privacy Community. They discussed data control and interoperability from a human perspective and will be sharing further updates in due course. Why not join our Work Group and help us ensure the development of digital identity solutions that protect and enhance privacy for everyone. Sign up here

New DEI Committee Last year we launched our first DEI survey to understand the levels of investment in, and commitment to, DEI among identity services providers.  Following on from this Jordan Burris newly elected Board Director, will be taking the lead for Kantara in this critical area. . Our sector is maturing and (as reflected in the latest revisions to the 800-63 guidance), there is increased focus on equity and the development of inclusive identity solutions. We want to lead in this area. A group of volunteers will meet in February to agree Terms of Reference, focus and next steps. If you would like to join them, please email us Assurance on a global scale  In December we approved Persona to Identity Assurance Level 2 in the US and as an identity provider and attributes provider in the UK.  Persona seeks to offer a "universal identity platform that could really work for any use case out there in the world.” The identity market does not recognize borders and, in order to serve customers fully, we all need to focus on how we achieve interoperability.  At Kantara, our role is to provide third-party assessments to ensure conformance across all identity, authentication and federation products and services. We are the only global certification body able to offer assurance against Trust Frameworks in the US and UK.

Where to meet us in 2023

We'll be speaking and running workshops at most of the major identity events this year. We have been asked to submit presentation proposals to Identiverse, EIC, Identity Week, the Future of Identity Festival and numerous industry events. Please follow us on social media and check our website for further updates - particularly on events that will be exclusively for our Members.

Member Spotlight - Airside We regularly highlight the work of our members, It's a great opportunity to raise your profile around the world. This month we are spotlighting the work of Airside who were recently certified to Identity Assurance Level 2.  Watch now

How do you describe Kantara? We are keen to know what you think Please follow us on social media and share our content. And don't hesitate to share any feedback directly with the team at st...@kantarainitiative.org

Follow us!

Follow @kantaranews on Twitter                                            Follow @KantaraInitiative on LinkedIn