Kantara Workshop at the Consumer Identity World 2017 APAC
KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Unlock the power of industry-leading insights and expertise. Gain access to our extensive knowledge base, vibrant community, and tailored analyst sessions—all designed to keep you at the forefront of identity security.
Get instant access to our complete research library.
Access essential knowledge at your fingertips with KuppingerCole's extensive resources. From in-depth reports to concise one-pagers, leverage our complete security library to inform strategy and drive innovation.
Get instant access to our complete research library.
Gain access to comprehensive resources, personalized analyst consultations, and exclusive events – all designed to enhance your decision-making capabilities and industry connections.
Get instant access to our complete research library.
Gain a true partner to drive transformative initiatives. Access comprehensive resources, tailored expert guidance, and networking opportunities.
Get instant access to our complete research library.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
Kantara Workshop at the Consumer Identity World 2017 APAC
Kantara Workshop at the Consumer Identity World 2017 APAC
My name is Kyle Wallace. I'm the executive director of Canara just a little bit, just to give you a sort of a, kind of an overall sense of, of the organization that Canara is we, we may have to go, we, we may decide to go into a little more detail on some aspects it's so this is really this first set. That's really a, this slides, it's just an overview of the organization. And some of the, some of the highlights, if you like, in terms of the specifications and so on.
So from that perspective, I, I probably, this is a fairly obvious is that, you know, you have the transformations achieved, like collaboration, innovation taking action.
It is in a sense, but, you know, as an industry consortium, you have this, you know, this, this kind of strange connection, if you like, of, of competitors that are actually collaborating together and you see that, you know, you'll see perhaps organizations that are, are more well known in the AsiaPac area, like, you know, TM forum and it UT and so on, you still have that sort of collaboration of competitors, ethos, and it's certainly true Canara case as well.
And the reason is that you actually find, I would say perhaps less with it UT, but certainly with team four of them, certainly with Canara and a number of other organizations you can see are put up in screen later on, you have this sort of, kind of sense of, of actually having to create something out of nothing, because the standards product, your standard setting organizations like ISO and so on, simply take too long to get material up there.
So the point is if, if industry has a need for, you know, a particular specification or something, it has to really create itself and move that forward and mature it to a point that it's capable of going to the, it, it UTS the ISOs of this world, but that's where Canara finds itself. It's right at the bleeding edge of, of some of this, some of this new work.
So, and the point is that actually not that many people do it anymore. It's actually a lot more convenient and generally easier all around for, for nonprofit industry consortium to just run conferences and do life packets, because it actually is quite hard to build specs, to run operations. It's quite a big lift. So you'll find actually that many industries don't do that, which brings me to this slide. Really.
There's a sort of, it's something I say on Twitter, if you follow me at all on Twitter, can Tara Holland, as I often use the phrase that others talk, we do, it's this combination of, you know, yes, we've got a latest white paper. Yes. Come to our conference and so on, but there's no depth. There's no depth particularly to, to many, to many conversations. So I did want to, I think Canara stands by its operations and the work that it does in working groups.
So as a said, was nonprofit founded around 2009, the USA, Delaware based, or Delaware, corporate Delaware incorporated Boston service management companies just outside of Boston, Massachusetts, the nonprofit in Estonian was founded in January of this year. And that was done. It was an interesting exercise actually, because when I took the role quit, the New Zealand government and February of last year, was it year before last year last. Yeah. So from that, at that particular point, the intention report was that can Tara Europe would be set up in the UK.
And of course I shipped to, to do exactly that. And then I arrived and there was this thing called bricks of bricks at referendum. So the board met and said, you know, it's never gonna happen at least just to be sure that least to be sure that it doesn't, it's just wait on and see what happens to referendum. And sure enough, of course we know what happened that the rev referendum to, to leave the European union, the EA was undertaken. So the board said, Hmm, okay, well, perhaps we don't set up in the UK. We set up in mainland Europe.
And so by this stage, of course it was about August last year. And at this stage there was, of course we had the presidential election come and said, well, given the fact that we've actually had, you know, a lot of the rhetoric, particularly Trump, you know, the, the Republican side doesn't seem to overly favor privacy and some of the things that and surveillance and some of the things that Kenar would not be happening with, perhaps we should just wait to see how the election goes. Of course probably go the Democrat way, but let's just wait and see.
And of course was, we know what happened there. And so you can now understand why it was that in 2017 and January, we may have incorporated in Estonia with an organization that's completely separate. So it's actually, it's in fact, co-founded by Robin Wilton from the internet society and myself, and we run Canari Europe as a licensee of Canara us. And the specific reason for that is that we are, that means that the data for Canta Europe is stored on our service in Frankfurt and is, is basically out of out reach if you like of us administration.
So that's specifically the reason why we've done it. The advantage of that potentially is that we could actually switch the us data into Europe, should things go south terms. So that was one of the rationale for it to can cans pretty strong and societal purpose of ethics as, as you, from there, as you get a sense of, from what I'm saying here, we have low barriers to participation is one of the things that the boards makes my job a lot harder.
That's one of the things that the boards solar one is that they want to encourage folks to be able to, to show up, to contribute and participate with without actually paying the money up. Now, of course, there's a limit to how an organization can actually continue to keep running like that.
But the, the notion is that for a period of time and for a fair exchange of value effectively, you can contribute to working and make contributions to groups into specifications and not paying to the organization at all, provided you actually agreed to. I P our other strong piece of ethics is that return of control back to the user. And you'll actually see that coming through a lot of Canara specification work is it's. It's got this notion of returning control back to the, back to the overall all the way through it.
So you're starting to get a sense now, perhaps when we talk about consumer identity growth and consumer identity and access management, a theme that runs through there is this, this taking the users, taking back control or controlling a lot of, of the direction and flow of their personal data. One of the things that we do then, and in terms of our business model, well, I, I've given an indication there that we do have a member, a partial membership model, but we also run trust framework.
And we have, we have our own trust framework, which is based on this 863 version, two us, us specification. And we run that trust framework, our primary customer there as the us federal agencies at GSA. But increasingly we are finding interest from other folks that want to use the Canara governance model and trust play model to use, to bring in their own schemes, to operate for us, to operate on their behalf.
So we are having, we are seeing this sort of this expansion and the trust framework area, and, you know, have to, to open identity exchange through, have, who have pilot or champion the notion of trust, particularly recent pass. So appreciate sitting on in the audience I'll I'll hat it there. So certainly in terms of operation, we find that this is an increasing area of interest. As folks want to be able to have confidence that credential service providers and identity providers are operating to a set of rules. And there's there's third party assessment to, to, to demonstrate, improve that.
And it's proven with a trust mark, the other area of courses, the specifications that I've indicated. So a indicated that we develop those specifications. Typically they're literally out of nothing. We develop those specifications where there really is something in the marketplace and we're running from a blank sheet of paper. And you'll see that's a classic case with consent receipt and user managed access.
Those, those specifications were built simply because there was nothing else like it in the marketplace. And we published those. We have a publishing platform as well, and the, the working groups that, that built those things.
So the, the mission statements written there, the global consortium and improving trustworth use of it personal data through innovation standardization practice. So you'll actually see, as I go through this deck, you'll see how that it's actually manifested the, the way that we, we build work, the way that it comes into the organization, the way it's processed and, and goes out the other end. So you'll see that should, so we certainly do some work with ISO.
We have a former liaison ISO sub subcommittee, 27, which is security techniques working group five, which is the identity management and privacy space. So we have quite a symbiotic relationship there with work going on. We contribute some of our work as it's going along in specification to, in specification land, into the standards land.
I mean, plastic case of, of the symbiosis there is with, with NA who's the editor who's already been mentioned this morning by Allen. And that is the editor of 2 9, 180 4.
I saw 2 9, 180 4, which is the first committee draft. That's the online notices for privacy and consent. And of course, some of the consent consent specification has been contributed back into, into PSO. So there's a brief rundown of some of our leadership and just a handful of our liaisons, more slide there, but that gives you a sense of it. We are quite close Toma. And in Europe, typically we find the organizations that we, that we work with are complimentary.
So, you know, email doesn't really do a lot with written groups. It doesn't produce specifications, but it does do conferences and it does do white people. So it works in a, in a quite similar and complimentary way open consent. You'll see a little bit further down in this presentation.
How, how open consent is that organization based in the UK and how they've worked with Canara to build something different? You coming up CADA is actually a, I won't go through that very long acronym, but it comes from us government from DHS. And it's a, it's a R and T refined and directed research and development program. Personal data ecosystem consortium was probably of the first in the personal data space and quite recently, a year ago or so pre form liaison. So a brief snapshot of the members, not all of 'em there, but that's a, a brief snapshot if you like.
So they're all around the world. And roughly speaking, if you look at the board of Canara, it's actually less than 50% us, more percent around the world. And that's pretty much seen through the membership as well, greater than greater than half is outside of the us, even though it's a us incorporated organization. So here are some things that Canara has been most well known for the, these three items.
Really it's a start with now user managed access that, that Alan talked about has been, I'm trying to think you said 2000, I thought 2012, that before we started, but it may have been actually earlier than that, I do know when the first conversations were had helped. Cause if emailer, the, the editor and author of OFA initially was he, as she would say at first manifested itself, actually in well into New Zealand.
And I was actually at that, at that meeting, that was, that was the very first indication of, of this type of specification, where we needed to find a way which users would be able to control access with a lot of, a lot of emphasis in 2009 was a long time ago, almost nobody was talking about access. It was all about authentication. And all we have on the marketplace was, was exact as a standard and exact is, is XML based and it's very enterprise. So it's a very centralized enterprise type.
So it's basically enterprise giving access to somebody it's very different to, which is flipping that completely around. And it's providing the user who D who basically directs, who can get access to better resources.
So it's, it's a complete hundred 80 degree term it's based on the O protocol and O kind of a two party sharing. It's sort of, it's, it's basically that enables you to, to, to, to get access to your resources.
It's far it's, it's not nearly as capable if you like out of box to be able to do that third package sharing the kind of, I want, I want my GP to have access to my specialists, my health located at my specialist resource server, that's kind of three party, three or one party sharing is something that exact sorry that, oh, does not do out of the box and effectively what, what Uber has done is extended the O profile to enable it to be used in this much more extensible mode for, you know, the thing, the sorts of use cases that we are coming up with combining much more these days to resolve, you know, having devices and having four parties with attributes and personal data.
So of course it it's designed to, to work into, or be integrated with an existing application. It might be a personal data wallet. It might be, you know, sitting alongside an open it connect to authentication. It might be within a particular service. So we've found that it's, it's deployed in a number of ways that, you know, quite a vast variety of ways.
Actually, when I think across the spectrum, even though it's still early days for, we have a, a significant number of early adopters, the consent was soughted specification and something that was started around 2013 from the consent and information sharing work group in Canara the consent information sharing work group originally began a thing called the standard label. And you can actually see that work today, standard label.org and effectively the, that standard label was, was a sort of statement around the terms in which information could be shared. Basically it gave your statement.
It's the modern term is called useless submitted terms, but back in 2012 13, the standard language, the information sharing was sand label was the what's the term being used for that at that time. And consent came along a little bit later, and the notion was, I suppose, the history was there was that the early, the, the early drafts of the GDPR was starting to show what an important aspect that consent, how important consent was going to be to the, to the due protection data regulation.
So, so from that perspective, it came out and was developed to sit really on top of the stand label and seen. So put a lot of work, got involved in being a lot of people and work has gone into the consent consent receipt specification. It's really a, a, it can be delivered as a personal data receipt. It can be delivered in different ways, but the notion is that you are, you are providing, you are agreeing a set of terms upon how your data is going, be processed for what period, whether it can be revoked, what third parties are involved in the processing.
So it has about 21 different sort of set feeling that you can, that you can remove or add in the specification new ones. And some of the work on version 1.1 is adding things like purpose, which is pretty important as well. So from that perspective, the, the consent seats been well received as we work through, as we get closer and closer to GDPR.
Yes, sir. Yeah. Go quick question. These slides Will we don't take photographs on them. Yeah. Okay. It's the slides are typically in fact, this set of slides that was used at the Paris event, it should be on Canara website right now. Okay. You just have to go to the events part of the, on the website and looking under events, you'll see archives. There Can Tara initiative.org. I have one more question, Colleen.
So you guys are doing a lot of good work and I'm wondering, do you have, can Tara, you have employees who are paid by Canera to do this work, or is it just the members, organizations, are they doing all the work and, and agreeing on these specifications? It's a good question. Canara has no employees as the executive director. I'm not an employee, I'm a contractor.
So, so the answer broadly speaking is no, it's mostly, it's nearly them by volunteer contributions. However, when it comes to things like editing a specification, you know, there's one thing to contribute work. It's quite quite another to edit it and get it into sufficient mature draft. That's the area that you have to that's that you often need some expertise. What we try and do is find sponsors for that work. Cause basically it, it takes too much out of the organization to be able to find that directly out of members, Which, which was, that was my cue.
So yes, absolutely. It's, it's all volunteer, volunteer work, however directed funds are actively accepted. And so organizations, for example, someone like for drug that has a master of interest in seeing Uber succeed or seeing consistency or something like that, absolutely. Being able to come to Canera. And in fact, we've got a perfect example of that right now with what is the consent management Solution Solution working group, where we have two different organizations who have actually contributed some funds to enable at least some level of some support around building those standards.
And so, you know, absolutely directed funds are always very, very welcome, You know, so, so I'm thinking in basically specific. So, you know, of course financial services banking, we also have a need to have some standards along these lines. So I was just thinking broadly, would it make sense for Panera to approach, for example, a few big banks to say, guys, you guys are all struggling separately, how you contribute some funds and we will, you know, manage this in a nice that Yes. Right.
So, so those kind of events, I mean, the reality of it is that in fact that's what oy is doing. Thank you God. But that's what O is doing in the UK is providing a space for that to happen. Right. And so obviously we're not the only organization in the world that, that provides these kinds of things.
And, and it's a, you know, we're all playing in the same game, but that's exactly the situation where there's a need. One of the things that all of these organizations do is that it gives us a hands off or, or at least an arms length place that competitors can come and talk about a solution and come up with something for all of them to be able to work with a structure in order to do that. Yeah.
You know, it doesn't have to be just the vendors, but also be customers, absolutely dry standards. Right. We have that discussion probably every week Could, I'd just like from a neutral corner and member of both IX and Canara so be transparent about that. The great work that O IX is doing at the moment around the financial API, I think is really important and really forged hard battles in banking and finance to get some starting point where banks are starting to agree.
And I think if we could find a way to bring that work together, where that, where there is a starting place for the bank together with understanding the importance of the consent work into some kind of cross sandbox environment where we could either document white papers, use cases or interoperability, that would be a big win. And in order to do that, we really do need the banks to participate because their brand lend weight, but also it starts to de-risk for them this whole open banking, this whole personal data shift.
And so if, if you think that there is a way to influence that, I think there is great work that's already been done. That would be crazy for us to start in this part of the world. It it's crossed the Atlantic from the United States into Europe. And I think it dove tells with the great work that Camta is doing.
And, and I think it's also a great, safe, collaborative, collegial space for, for people to contribute. So that would be my call to action. That's gets more weight behind it in this part of the world.
Yeah, absolutely. I, I, I, I fully agree with all those things.
I mean, I think with the, the banking project in, in the UK, you know, open ID foundation, done a significant amount of work there on the authentication side, you know, Uber, you know, stands there really and waiting to do the authorization that consent stands really waiting as well. We don't actually, you know, can Tara directly at the moment doesn't contribute into their work. Isn't perhaps political reasons for that.
But certainly individual organizations are such as for rock and for, you know, basically changing into that space when that project gets to the point that it's that's, you need to look at authorization, just delegated authorization. Yeah. Interesting discussion.
But I, I totally agree with you treatment that it needs to be some more, you know, putting the pieces together in a more collaborative way. So lack do that. I did want to just briefly talk about the accredit approved. I talked about Panara having the trust framework, the way that it build tools specifically offer, you know, its own trust framework, which is the 800, 863 version two specification. It has credited assesses with assess credential service providers and identity providers against that missed specification and, and grants them a trust mark they're approved.
So we have those two trust marks Canara credit Canara approved. And as we extend the, the number of trust marks we're operating, we, we actually have to show them as different as, as slightly different trust marks. These ones are going to be remodeled as classic because of course, many of you in the room know that we have 63, 3 coming the new standards. It's it's all the last June and there's 12 months to comply.
So we have to differentiate can Canara is working on building the requirements, drawing the requirements, the service assessment criteria from 863 3 in order to build the scheme around the Cing credential service provides, provides 63, 3. So we have to show and differentiate the two trust marks as well as trust marks that have arrived from schemes that are not can terrorists. So from that perspective, that's certainly what we're trying to do with the, with the trust park, the trust marks for the various schemes that we're operating.
But, you know, we did talk, we, we talked, we talking about, and we talked about, about consent receipt, but there are other things going on as well, you know, with, with the pipe around blockchain blockchain in a way. I mean, it's, it's, there's some, some interesting things, you know, happening there for sure.
But the, the conversation is I, I remember this when cloud was 2010 and 2011, you know, when, when the cloud hyped again, and you could cook your breakfast on the cloud. So in, and, and now we're starting to see that happen again with blockchain and, and it's, you know, completely out control some of the, some of the conversation, you know, what, what its ability you, its ability to do X and Z.
You know, it's still fundamentally the distributed pledger, the, you know, the, the DDS, the distributed identifiers, these, these are significant in the public key infrastructure that's required. You know, there's some fundamental sort of kind building blocks in the way that you, you operate the blockchain part of. And of course, you know, there's been a lot of debate.
Hopefully, hopefully the debates going away about putting first data off on blockchain, you know, seems to be ludicrous for many of us who have some full to security. Cause it's, if it's only protected by, by encryption and we know ultimately that encryption can be, can be broken.
So, so that would be a really bad idea, but I did want to point out this was a quote from, well, I could say it in the room, couldn't put on the slide from someone in the us federal government and, and basically the blockchain smart contracts report from Canara was extremely well received to counter the sort of, kind of hype about particularly how the uses to which you can put blockchain and, and the role of smart contracts, which, which is significant. But once again, it's not one of those things that, you know, you can't cook your breakfast with a, with a smart contract either.
So, you know, they are there specific for specific use cases. And it's one of those things where a smart, a smart contract only is, is only as good as the context in which you, the working group working on code of conduct for reliant parties. Cause we spend so much time working with the identity provider and the, and the credential service provider and the attribute provider very little is worked on the, is built around the, the relying party.
You see it more in federated trust frameworks, you see more rules around the, the requirements and conditions for relying parties, but you don't necessarily see it outside of Federation. But you know, we've got to remember that that trust frameworks can be federated or not. They don't, it's not, they're not, it's not an absolute system for a trust framework to have a Federation. So we've gotta be sort of, kind of careful that we don't munge it up so that, so that we make some assumptions that are not actually not actually necessarily valid.
The principles of relationship management was an interesting recommendation. We've got two of those.
In fact, four drops originally involved in the, in the early work. I think not so much in the refining the principles, but certainly the initial design principles with Ian blazer has taken that over with the refining of design principles that has taken in the last couple of years that that work has gone on.
And I recommend you take a look at the, the refining of the six principles there, you'll see that basically the six principles basically design that they, they help with certain help consumer identity and access space in the way that you, you structure your application to, to make it well to make it fit the six design principles, which just escape me at the moment. Sorry, jet lake is going something I'll get. So I wanted to briefly talk about the federated mobility group as well.
One of there's not much sound going on these days in terms of development, but there's still a hole in the sound out there. And one of the, one of the thoughts that the Federation quality working group wanted to do was to really bring a lot of the salmon work together in one place to allow the vendors who are still supplying salmon products, to have one place to go to, to fine tune their features and functionality against. So what happened here was that some of them work originally out of the EU government and then the higher education Federation, interoperability space.
Those, this is in common internet to terrain owner reeds. Some of those higher education folks who are running federations with Sam two, we decide to actually put all that work together at one place in one single profile, so that vendors can actually come to that place to see what the, a single set of requirements that they can then put into their products to enable the third party assessment and interoperability to, to take place after that.
I've given a, a URL there, but doesn't come up terribly well on the screen, but on can Tara's website on the right hand side, on the right hand menu column resources, the first thing you'll see there is reports and recommendations and they're, they're basically listed there. These are all the public ones. So one of the advantages of course, of being of contributing to the work and being a member is that you actually see the work that's actually in progress rather than the work that's that's published.
So, so the real advantage there of getting ahead of the curve is to be involved in the work, right from the, as its a continues, its trajectory through to an official publication. So I'm gonna take you through a number of lenses here of, of can Tara's work.
You know, we use these sort of mantra, nurture development operators. Well, so that we basically take work in from a, from a community. So folks arrive with typically a good idea with, or particularly a community will arrive with a specific idea to profile a can specification. We start to see that, for example, with the ad tech industry consent consent is such a critical part now of, of potentially how antic is going to have to go in terms of the GDPR.
Because with GDPR, you can't just simply continue on with, you know, basically using a browser cooking and taking the information from that browser cooking as the ad auction houses do today and mind that personal data and show you ads. You're wondering why, why am I actually getting this particular, why am I getting ads? This is retargeted right.
That, you know, for a holiday I took, you know, to, you know, to a Pacific island last year. And the reason is that they're picking up the browser cooking and effectively looking back into their databases to see the information that's been attached to that cookie. And then they serve you advertising that's related to your brows and history. So here's a classic case where that's not gonna work under GDPR.
It's, it's illegal. You have to be able to build consent for your information to be processed.
So, you know, this has caused the anti folks, quite a lot of headache. First of all, their, their notion, their approach to it was to grow Russells into saying that that advertising is a legitimate purpose. Now advertising can be a legitimate purpose of its, you know, SARS, or if it's public epidemic. It absolutely isn't for holidays to a Pacific moment. So the next thing was to then try and get consent, but actually have the consent taken on the publisher's website. So effectively the, the publisher is liable for any misuse of the, of the processing.
When in fact, of course the publisher has no control over the system because it's actually, the system is controlled by the, by the brokerage houses of the, of the, a vendors, typical Facebook, Google those guys, but not only then. So here's a classic case of, of some new pieces of technology or new requirement coming in that has to be built.
And it's from it's from that the consent management solutions, this current practice group group has been been created, but we do have from other places, we have folks literally come in with a, with an idea, typically you'll have, they've got, they've got a particular idea, they've got some grant funding. It might be, you know, from an agency like the UN it might be from, you know, from a foundation and they need a platform to build it with. So Canara can take those, those jobs in if you like. And if they bring their community with them, use can Tara's platform to develop the specification.
It might be. So we go through this mantra of, you know, bringing something and developing it, standardizing it, drawing requirements out of it to ultimately in the third session is to ultimately turn it into a conforming assessment and a trust market. So it's like bringing through developer, bring requirements out of it and trust market.
So another way of looking at this is, you know, sort of, kind of this sort of orchestrated harmony of, of bringing mutual, competitive folks, you know, into a collaborative space, combining them with membership and the liaisons and partnerships, and then building some, having a government structure in which to operate that program. So I've given a notion there evidence it's not unlike O but Don's in room, but broader than I is white papers and registry. Certainly if you put O and open it foundation together, then that, that doesn't necessarily hold.
So if you were on a two looking at our two side platform, you've got the collaboration on one side of the programs on the other. It, it certainly looks a little bit like the open ID foundation from that perspective, but it's not limited the open ID protocol cause Canara will take any piece of work basically that has, that is marketable effectively. And that has a use and some support in funding and, and fits with the, the ethics and criteria. Another way of looking at it is the sort of kind of event refinement rather than nature develop, operate.
And from that perspective, you know, looking at it, you bring something completely new in you refine it and implement it out the other end. And that, that kind of cadence is very similar to the five Alliance, fast identity online.
In fact, interestingly, you have Brett McDowell, the executive director of Alliance is, was can Tara's first executive director. So there've been three actually. So there've been Brett McDowell was the first executive director. And then after Brett was Jo Brennan, Joni went on to become the president of DIAC digital identity authentication council in Canada and hand over the rates to me.
So from, from that perspective, this sort kind of maturation is very kind similar to, to the Alliance. How many, how many in the room for the fi Alliance have, have how many folks have heard of fi Alliance here?
So, right. Okay. So about half of you. Yep.
That's, that's not, not surprising actually with some of the work that they're doing. So here, I've just tried to give a sense of, of how different consortium work together, where they overlap with a, where they compliment. I don't really in terms of TM forum and it UT because I'm thinking that those are more relevant in this part of the world.
Certainly fire alliances, a pretty full, complete of kind of cross section Canara has a pretty full, complete cross section mobile ecosystem forum, less it's spec it's specific on does have working groups and does white papers, does conferences O IDF open ID foundation, no together create a, a full spectrum as well. The, it UT of course, it's, you know, it's a tricky organization, very much like ISO, and it does have, you know, pretty much a form suite, I think, of across these different criteria, TM forms simply has working groups and specifications. I dunno about some of the other things.
So another way of looking at this is looking at sort of incubation building these community groups, bring it into conforming assessment. And if it's a, if it's a protocol, then IOP testing course it's IOP testing is not necessarily a Canara thing.
You know, certainly with open it foundation, having block for the, an in test harms for the open it protocol, it seems little pointed in duplicating that effort in the sound space. There are lesson number, there are a number of, but smaller instances of IOP testing. So they've been specifically done for, you know, for government or for higher education, but there's not more static test harness necessarily available.
So just finishing here as we move towards another break is really, I want sort of finish off with these thoughts of, you know, the strong ethics around what we do of, of giving use of control, you know, back to back to its owner. And we try to help our organizational members with that.
Cause, you know, they recognize it. It's a question of how to build it and how to build it inable way so that you don't have this very where you, you don't have an uncomfortable user experience where you move from one application to another and user experience is completely different. So the idea of trying to build, you know, personal control back into products is, is something that, that competitors need to work collaboratively on to make a smooth user experience for everybody. And also for the, for the portability of data.
Cause the reality is that folks want to be able to switch from well from one service provider to another, and they don't want to have to necessarily reconstruct all that data. Again, it should be possible, their direct concern, directed consent to move that data across to another, to another service provider.
So let's, we work on trying to build that kind of data portability structure into the things that we do briefly talking about brand association there and certainly something that we offer our corporate Analyst, the opportunity to sponsor with and to help develop and publish artifacts, as well as with trust marks, we talked briefly about the center of excellence and the, the network effect. I think you've getting the sense of the way that, that, that builds and develops there. I want briefly talk to you a little bit about an event that we are working on.
It's not official yet, but we are working towards a little event that we are gonna do in London on January 29th, which is privacy day global privacy day. And we want be able to put together an international privacy summit, which is specifically around some of these issues in the, the GDPR. And we are looking these for organizations tending to put this event on privacy day to build some structure around the specifications needed for GDPR compliance. So keep a look out for that.
You'll see some information appearing on Ken Tara's website and, and blogs and to sphere as time goes on, but it looks to be shaping up pretty well because while G may not be a huge issue, you may not think in the Asia Pacific area. I, I certainly recall that in the us, there has been that, oh, well, it's in Europe. We don't have to worry. But the reality of course is very different that if you are selling services online, into online or otherwise into, into Europe and effectively, if you have European citizens as, as customers, then the GDPR applies.
And one of the things that a lot of American organizations are staying fine is sometimes quite late in the piece is that they're having to start to look at the GP. I've got carefully and you've gotta work out whether it's actually worthwhile running a, a two tiered government system with your data.
In fact, it might be better to, to actually create one that's at a GDPR compliant from cause it's almost harder to, if it's a hit left to, to bring you to bring, you know, half the organization or a third of the organization's operations up to GDPR compliance level in the way that the data flows and it's consented the way that that data is flow and flow processed, then it's almost easier to actually take the whole organization up to higher level.
Can Europe, that, that a mentioned, I won't go into too much detail there except to say that we have the opportunity cause to create a Canara AAC as well in a very similar way that we've created a Canara Europe. So it's one of the things that we want to really talk a little bit about this afternoon and see if we can find a way to see if there's interest in creating a Canara impact in this area. Certainly the Europe ones, it's still under construction. A lot of lot has happened this year, but we're getting it together piece by piece.
So with that, I want to leave it there and take any quick questions before we break for coffee. Could you just verify code about the, the difference between trust marks? So you've got accredited. Can you just start again?
Ah, right. Good question. Good question. So improved accredited the, the accredited trust markets actually for assesses.
So that's, we are accrediting third party assesses audited. If you like to, to actually do the, the assessment. So we have a process. We have a process for accredited assessors and audit auditors, and we have a process for the accredited assesses to approve credential service providers and identity providers. That's why we have the two, the two fundamental structures of the creditors that improved. And on top of that, you have the trust mark to which they belong. So up until very recently.
In fact, literally now we still have the, the original trust mark that we had, which was based on 8 63 2. And what I tried to point out was you can see a branding difference as we go forwards with the existing one that bottom. Yeah. Yep. Those are gonna have a word classic attached to them and you'll have another one called next generation or 8 63, 3. You haven't decide. We're gonna call that. You'll actually see in fullness of time, another trust mark with, with a particular community's brand on it.
So it's not going to be, it's still gonna have Canara there and Canara approved, but this other brand together. So it's quite an interesting thing when you're running a multiple different trust marks. It's quite a, quite a challenge from our, from our marketing branding, visual logo association perspective. Good question. Thanks.
Well, thanks.