In 2019 I decided to leave independent consulting and join a large corporation – IDEMIA – you might notice their logos at airport security stations. My job was to be embedded in the ISO subcommittee for Mobile Driving License, a.k.a. the ISO 18013-5 mDL standard and to support IDEMIA’s mobile eID/mDL product team. This was a great extension of my existing work on digital credentials in other ISO subcommittees and W3C groups. Being tied to a product team was a new experience for me!
In 2021 I moved to Ping Identity to support the product team for PingOne Neo – ID Verify and Digital Credentials. My focus remained on government-issued digital credentials via ISO mDL and to establish implementations of inter-company digital credentials . I had the privilege of working beside incredibly experienced and generous standards experts who continue to be deeply embedded in OpenID Foundation, IETF, FIDO, Open Wallet Foundation core work. The novelty of Ping was to see how a new product can be engineered to fit into an overarching suite of enterprise products. The interplay of product and corporate priorities on the one hand and the long time scale of standardization on the other led to some “interesting” discussions over my time at Ping.
One constant throughout has been my involvement with Kantara Initiative. This non-profit corporation continues to be a bright light in the world of trustworthy use identity and personal information. I’m currently Chair of the Identity Assurance Work Group and since 2023, Chair of the Board of Directors. Kantara has had great fortune in our Executive Directors over the years – from Joni Brennan to Colin Wallis and now Kay Chopard. The Board is working hard to strengthen our program offerings (as a conformance body for NIST 800-63 and the UK DIATF), expand into new geographies, and sustain innovation in our community work groups – while fiscally prudent and in line with our fiduciary duty to the organization and its members.
At the end of 2023, I have decided to pivot my attention to a big missing piece in the digital credentials story – how to ensure that the recipient of a digital credential is a real human (and the intended one), and that the presenter of a digital credential is in fact authorized to do so. I have joined Facetec to dive deep into the world of liveness-proven biometric verification. Their tech is impressive. The SDK uses the mobile device camera to construct a 3D face model of the person from which it determines whether there’s a real living human present, whether the session is a spoof attempt (using physical artifacts or video playbacks), and whether images are being injected bypassing the camera subsystem. The server SDK completes the liveness analysis and performs highly-accurate matching against a known-good reference. My job? Same-same. Working with international standards bodies (such as ISO SC 37) and testing labs to develop or extend standards for performance evaluation of this new 3D face biometric mode. I’m ingesting big stacks of documents and trying to work out where standardization of user-supplied biometric-enabled devices stands today – in comparison with the well-established border security/public safety modes of operation. This is exciting new ground and appears to be mostly greenfield – and it all ties back to the IDM and digital credentials industry.
IDIM Musings 