December 2023 - Wg-pemc - mailman.kantarainitiative.org

Fwd: Call for Comments | EU-US TTC Digital Identity Mapping Exercise Report + Save the Date
by Tom Jones 23 Dec '23

23 Dec '23

i would think that both committees would have some comments with references to existing reports. thx ..Tom (mobile) ---------- Forwarded message --------- From: NIST Cybersecurity and Privacy Program < csrc.nist(a)service.govdelivery.com> Date: Fri, Dec 22, 2023, 7:38 AM Subject: Call for Comments | EU-US TTC Digital Identity Mapping Exercise Report + Save the Date To: <thomasclinganjones(a)gmail.com> [image: NIST] View As Web Page <https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjoxMDAsInVy…> [image: Header] NIST Cybersecurity and Privacy Program [image: Calendar Announcement] *EU-US Digital Identity Mapping Exercise Report Now Open for Feedback…and Save the Date for a Webinar!* Following a successful round of government-to-government technical exchanges earlier this calendar year, in March 2023, the European Commission and the US Government, operating under the auspices of the US-EU Trade and Technology Council (TTC), publicly committed to undertake a transatlantic mapping exercise with the objective of finding commonalities between the EU and US approaches to digital identity. Released today, the jointly authored EU-US TTC *Digital Identity Mapping Exercise Report <https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjoxMDEsInVy…>*, provides the preliminary results of an initial mapping centered on the definitions, assurance levels, and references to international standards included across Revision 3 of the NIST Digital Identity Guidelines (Special Publication 800-63, Revision 3 <https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjoxMDIsInVy…>) and European Regulation (EU) No 910/2014 <https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjoxMDMsInVy…> on electronic identification and trust services for electronic transactions in the internal market. The next phase of this project will include collecting feedback and selecting potential use cases for transatlantic cooperation that highlight the need for and value of enabling the cross-border use of digital identities. The EC and the US are actively seeking comments from communities with subject matter expertise in digital identity, privacy, human-centered design, and cybersecurity; organisations that have designed or implemented digital identity systems within the EU, the US, or in cross-border contexts; and others with equities related to the topic of digital identity. *Feedback is requested by 5:59 AM CET on March 1, 2024 / 11:59 PM EST on February 29, 2024 and can be submitted via dig-comments(a)nist.gov <dig-comments(a)nist.gov> and more information can be found on our website <https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjoxMDQsInVy…>.* *Save the date* for the EU-US TTC Webinar: Unpacking the Digital Identity Mapping Results* Join NIST and the EC on February 22, 2024 for a webinar to: - Hear an overview of the US and EU's efforts to map their digital identity frameworks. - Provide feedback to NIST and the EC on the preliminary results of the mapping exercise. - Weigh in on use cases where future US-EU collaboration could accelerate progress on cross-border interoperability. **Webinar details are still being finalized. Registration information will be sent out and posted online soon.* *NIST appreciates your feedback, participation, and interest in our efforts. To learn more about our publications, news, and get the latest updates, please visit our website <https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjoxMDUsInVy…>. * Read More <https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjoxMDYsInVy…> *NIST Cybersecurity and Privacy Program* Questions/Comments about this notice: dig-comments(a)nist.gov CSRC Website questions: csrc-inquiry(a)nist.gov Connect with us [image: facebook] <https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjoxMDcsInVy…>[image: twitter] <https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjoxMDgsInVy…>[image: youtube] <https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjoxMDksInVy…>[image: linkedin] <https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjoxMTAsInVy…>[image: flickr] <https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjoxMTEsInVy…> Received this email from a friend? Subscribe here <https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjoxMTIsInVy…> . [image: ITL NIST] <https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjoxMTMsInVy…> Subscriber services: Manage Preferences <https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjoxMTQsInVy…> | Unsubscribe <https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjoxMTUsInVy…> | Help <https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjoxMTYsInVy…> ------------------------------ If you have questions or problems with the subscription service, please contact subscriberhelp.govdelivery.com <https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjoxMTcsInVy…> . Technical questions? Contact inquiries(a)nist.gov. (301) 975-NIST (6478). This service is provided to you at no charge by National Institute of Standards and Technology (NIST). 100 Bureau Drive, Stop 1070 · Gaithersburg, MD 20899 · 301-975-6478 [image: GovDelivery logo] <https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjoxMTgsInVy…>

1 0

Call for papers fyi
by Salvatore D'Agostino 18 Dec '23

18 Dec '23

Get Outlook for iOS<https://aka.ms/o0ukef>

1 0

age verification
by Tom Jones 13 Dec '23

13 Dec '23

We were arguing about age from mDL, but it seems CA is ahead of us. They support TruAge AS A SEPARATE CRED already https://www.mytruage.org/ https://www.dmv.ca.gov/portal/ca-dmv-wallet/truage/#faqs SOOOO - if the wallet has both mDL and TruAge - the wallet should pick the least invasive method. ..tom

1 0

Fwd: NEW BLOG | Progress - NIST’s Digital Identity Guidelines
by Tom Jones 12 Dec '23

12 Dec '23

It looks like 63-4 is headed for another public response period. Note that they have switched to the issuer-holder-verifier format. Most of the responses from Kantara have been from the IA folk who are focused on the audit POV. Perhaps we needs something from the developer POV? ..tom ---------- Forwarded message --------- From: NIST Cybersecurity and Privacy Program < csrc.nist(a)service.govdelivery.com> Date: Tue, Dec 12, 2023 at 7:09 AM Subject: NEW BLOG | Progress - NIST’s Digital Identity Guidelines To: <thomasclinganjones(a)gmail.com> [image: NIST] View As Web Page <https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjoxMDAsInVy…> [image: Header] Cybersecurity Insights a NIST Blog A Note on Progress…NIST’s Digital Identity Guidelines. In August 2023 the Digital Identity Guidelines team hosted a two-day workshop to provide a public update on the status of revision 4. As part of that session, we committed to providing further information on the status of each volume going forward. In fulfillment of this commitment, we wanted to offer a quick update on where we stand. Our goal remains to have the next version of each volume out by the Spring of 2024. With our gratitude for the robust and substantive engagement we received during the comment period, at this time we would like to announce that all four volumes of Special Publication 800-63-4 will have a second public comment period, which will last at least 45 days. - *NIST SP 800-63 Base Volume* <https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjoxMDEsInVy…>. We are making substantive changes to the volume including updating the digital identity model to account for “Issuer, Holder, Verifier” frameworks of digital identity, new content... Read More <https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjoxMDIsInVy…> Connect with us [image: facebook] <https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjoxMDMsInVy…>[image: twitter] <https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjoxMDQsInVy…>[image: youtube] <https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjoxMDUsInVy…>[image: linkedin] <https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjoxMDYsInVy…>[image: flickr] <https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjoxMDcsInVy…> Received this email from a friend? Subscribe here <https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjoxMDgsInVy…> . [image: ITL NIST] <https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjoxMDksInVy…> Subscriber services: Manage Preferences <https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjoxMTAsInVy…> | Unsubscribe <https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjoxMTEsInVy…> | Help <https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjoxMTIsInVy…> ------------------------------ If you have questions or problems with the subscription service, please contact subscriberhelp.govdelivery.com <https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjoxMTMsInVy…> . Technical questions? Contact inquiries(a)nist.gov. (301) 975-NIST (6478). This service is provided to you at no charge by National Institute of Standards and Technology (NIST). 100 Bureau Drive, Stop 1070 · Gaithersburg, MD 20899 · 301-975-6478 [image: GovDelivery logo] <https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjoxMTQsInVy…>

1 0

Implementor’s report for workgroup vote
by John Wunderlich 11 Dec '23

11 Dec '23

Please find attached the Early Implementors Draft for workgroup vote: Next steps: 1 Workgroup Votes: • Vote Approve • Vote Approve with suggestions (include specific suggestions for final editing) • Vote Not Approve 2. Final Editing by leadership team (assuming majority of votes cast are Approve or Approve with suggestions) 3. Submit for publication On the agenda for tomorrow: 1. Developing a cadence and calendar for asynchronous development of requirement 2. Review of voting process Have a better than expected day, John Wunderlich LinkedIn: https://www.linkedin.com/in/privacycdn/ Twitter: https://twitter.com/PrivacyCDN -- This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.

2 2

SP 800-226, Guidelines for Evaluating Differential Privacy Guarantees | CSRC
by John Wunderlich 11 Dec '23

11 Dec '23

Some of you may want to comment on this: https://csrc.nist.gov/pubs/sp/800/226/ipd Have a better than expected day, John Wunderlich LinkedIn: https://www.linkedin.com/in/privacycdn/ Twitter: https://twitter.com/PrivacyCDN -- This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.

1 0

Governments have been and will remain a major threat to privacy.
by Tom Jones 10 Dec '23

10 Dec '23

We should probably review the threat posed by eIDAS to privacy. It would be good if our guidelines were clear that government mandated monitoring is banned. https://nce.mpi-sp.org/index.php/s/cG88cptFdaDNyRr Be the change you want to see in the world ..tom

1 0

which federal agency should create Identifier standards?
by Tom Jones 08 Dec '23

08 Dec '23

'TSA Is Not the Right Agency to Lead' REAL ID Implementation, Security Experts Say Security and identity management experts urged Congress to direct the National Institute of Standards and Technology to play a bigger role in developing standards for digital identity management ahead of a looming 2025 deadline for domestic air travellers to comply with security requirements outlined in the REAL ID Act. "While DHS does not create standards, DHS - or even better, the White House or Congress - should request that NIST lead a timeboxed, one-year effort to create the standards and guidance needed to accelerate the deployment of secure, privacy-protecting mDL apps that Americans can use to protect and assert their identity online," Grant testified. Jay Stanley, a senior policy analyst with the American Civil Liberties Union's Speech, Privacy, and Technology Project, warned that the TSA has proposed to adopt the ISO standards, which he said were "created behind closed doors by a secretive committee" and are "inadequate and incomplete when it comes to the protection of our privacy." Sounds like Jeremy Grant is involved somehow. ..tom

2 1