Newsletter Newsletter N°4:

IoT and Identity – Managing Personal Data Toward Market Growth in the Age of a Connected Life

By Joni Brennan, Executive Director, Kantara Initiative


Adoption of Internet of Things (IoT) technology for everyday life presents a wealth of opportunities that leverage the human-to-device connection for new opportunities. Today IoT is the enabler of Machine-to-Machine communications (M2M). More and more, IoT converged with Identity services represents a powerful equation that brings identity, security, software, hardware, policy and privacy priorities to the forefront. When the promise of IoT for Identity services is realized our “connected lives” will be revealed.

IoT Potential – Societal Opportunities and Challenges

IoT may improve lives in varying ways ranging from devices that monitor our physical activity and quality of sleep, to those that help us to manage our homes. To fully leverage the beneficial powers of IoT, vendors need to know that IoT-Identity (IoT-ID) enabled products and services won’t fail and severely damage their brand reputation. Users need to know these new tools respect their preferences. For a hint of how frightening the IoT revolution can be for a user see “I’m Terrified of My New TV: Why I’m Scared to Turn This Thing On — And You’d Be, Too.

User Centric – Personal Data Management

The growing number of devices, connections, and relationships presents unique opportunities and challenges.  At the low end of the scale, the number of devices and connections will be in the billions (some predict 75 billion by the year 2020). Users need tools to manage their personal data.  User Managed Access provides an open standard approach to help empower and engage users for the management of resource access and sharing. The OECD Privacy Guidelines continue to provide informed guidance for IoT-ID designers and implementers.

Personal data can fall in to criminal hands. It can be sold without consent or be leveraged in unimagined ways. Imagine receiving a traffic violation by postal because an infraction was recorded via your car sensors or street cameras. Users need to know their personal data is properly protected for privacy. Smart physical spaces will become more prevalent. Legislation is developing to provide guidance for user notice and consent practices both on-line and in physical spaces. Working openly and transparently, the Kantara Initiative Consent and Information Sharing WG is developing a number of approaches seeking to develop a more useable form of consent.

Reality of Reliability – Technical and Policy Interoperability

Device identification methods are not standardized. For instance, industrial tractors (farm machines) have one type of identifier, while personal fitness devices have another type. As tools and systems begin to converge these singular industry approaches create challenges. This lack of standardization makes the use of device discovery mechanisms a key challenge that needs to be solved for market and economic growth to flourish around IoT-ID. At Kantara Initiative, the IDentities of Things WG is working to deliver an industry analysis of the current landscape opportunities, challenges, and gaps to address.

Recommendations to Consider

To power IoT+ID-based economic growth the following core qualities are needed:

  • Transparency – Personal data collection and use policies and practices must be clear, easily found, and understandable to the average user.
  • Accountability – Organizations must adhere to their personal data collection and use policies. Clear and appropriate consequences must be present for those who do not adhere to policies.
  • Manageability – Users must have access to trusted tools to help them appropriately engage in their own personal data management.

The realization of challenges and opportunities will hinge upon our ability to innovate with appropriate security and data management services that respect users by providing a data management environment with: transparency, accountability, and manageability. Government and industry collaboration toward implementation of these three qualities will begin to provide a strong foundation for economic growth opportunities around the IoT-ID and beyond.


Joni Brennan builds diplomatic and collaborative relationships within and across communities of interest. She participates in international organizations and industry standards committees including: OECD ITAC, ISOC, IEEE, OASIS SSTC, ISO SC27 WG5, and ITU-T SG17 Q6. She has served as the NSTIC / IDESG Trust Framework WG Chair. She has provided testimony regarding Trusted Identity and Access Management systems for the US ONC HITSP as well. Joni has helped drive and formalize strategic partnerships between Kantara Initiative and organizations including: Geant, Terena, OASIS, IDESG, DirectTrust and EHNAC.

She leads Kantara Initiative as the premiere Trust Framework Provider facing multiple industry sectors. As a US ICAM Trust Framework Provider Kantara Initiative will provide Accreditation and Approval verifications for Identity Providers / Credential Service Providers to be deemed qualified for access to connect to the US Federal Cloud Credential Exchange. In addition, working with multi-stakeholder representation, Joni has help to ensure that the Kantara Initiative program is aligned and referenced in multiple eGovernment strategies including: Government of Canada, New Zealand, and Sweden.

Joni has over a decade of service to the IEEE Standards Association (SA) and Industry Standards and Technology Organization (IEEE-ISTO) as a Senior Program Manager . She is a member in good standing of the American Society for Association Executives (ASAE) and an honors graduate of of the first class of Rutgers University Information Technology and Informatics (ITI) programme at the School of Communication and Information (SC&I).