Presentation on theme: "IDESG Goals & Work-plans for 2013 and beyond Brett McDowell IDESG Management Council Chair"— Presentation transcript:
IDESG Goals & Work-plans for 2013 and beyond Brett McDowell IDESG Management Council Chair
Why should the Management Council develop goals & workplans for IDESG? (1) “The Management Council shall provide guidance to the Plenary on the broad objectives envisioned by the NSTIC, produce work-plans to prioritize work items and monitor progress, ensure that Steering Group work activities align with the NSTIC Guiding Principles, and shall have overall administrative and fiduciary responsibility for the IDESG.” – Rules of Association (2) “What gets measured, gets done” – Peter Drucker
Foundation of our goals & workplans Origins of NSTIC NSTIC itself Pre-IDESG proposals from NSTIC NPO IDESG member proposals (charters) IDESG plenary deliberations (this week)
Cybersecurity Policy Review, 2009 “Build a cybersecurity-based identity management vision and strategy that addresses privacy and civil liberties interests, leveraging privacy-enhancing technologies for the Nation.” – Near-Term Action Plan #10 “Implement, for high-value activities (e.g., the Smart Grid), an opt-in array of interoperable identity management systems to build trust for online transactions and to enhance privacy” – Mid-Term Action Plan #13
CSIS Cybersecurity Update, Jan-2011 “The biggest challenge for the NSTIC and its new NPO will be to increase incentives for people to use online authentication.” Source = Key Areas for Progress #6, Improve authentication of identity for critical infrastructure
NSTIC Vision & Principles, April-2011 “Individuals and organizations utilize secure, efficient, easy-to-use, and interoperable identity solutions to access online services in a manner that promotes confidence, privacy, choice, and innovation.” Identity Solutions will be: Privacy-enhancing and voluntary Secure and resilient Interoperable Cost-effective and easy to use
NSTIC Goals & Objectives, 2011 (1 of 4) (1) Develop a comprehensive Identity Ecosystem Framework 1.Establish improved privacy protection mechanisms 2.Establish comprehensive identification and authentication standards based on defined risk models 3.Define participant responsibilities in the Identity Ecosystem and establish mechanisms to provide accountability 4.Establish a steering group to administer the standards development and accreditation process for the Identity Ecosystem Framework
(2) Build and implement the Identity Ecosystem 1.Implement the private-sector elements of the Identity Ecosystem 2.Implement the state, local, tribal and territorial government elements of the Identity Ecosystem 3.Implement the Federal Government elements of the Identity Ecosystem 4.Promote the development of interoperable solutions to implement the Identity Ecosystem Framework NSTIC Goals & Objectives, 2011 (2 of 4)
(3) Enhance confidence and willingness to participate in the Identity Ecosystem 1.Provide awareness and education to enable informed decisions. 2.Identify other means to drive widespread adoption of the Identity Ecosystem NSTIC Goals & Objectives, 2011 (3 of 4)
(4) Ensure the long-term success and sustainability of the Identity Ecosystem 1.Drive innovation through aggressive science and technology (S&T) and research and development (R&D) efforts 2.Integrate the Identity Ecosystem internationally NSTIC Goals & Objectives, 2011 (4 of 4)
NSTIC Benchmarks, (1 of 5) Subjects (people or NPE*) have the ability to choose trusted digital identities: – for personal or business use; – between at least two identity credential and media types; and – that are usable across multiple sectors *NPE = Non-Person Entity
NSTIC Benchmarks, (2 of 5) There exists a growing marketplace of both trustmarked, private-sector identity providers at different levels of assurance and private-sector relying parties that accept trustmarked credentials at different levels of assurance. This relying party population is not confined to just one or two sectors.
NSTIC Benchmarks, (3 of 5) Trustmarked attribute providers are available to assert validated attributes. Services available include the ability to assert validated attributes without providing uniquely identifiable information.
NSTIC Benchmarks, (4 of 5) The number of enrolled identities in the Identity Ecosystem is growing at a significant rate, and the number of authentication transactions in the Identity Ecosystem is growing at least at the same rate.
NSTIC Benchmarks, (5 of 5) Building upon FICAM, all online Federal Executive Branch services are aligned appropriately with the Identity Ecosystem and, where appropriate, accept identities and credentials from at least one of the trustmarked private-sector identity providers.
NSTIC Benchmarks (2021) All implementation actions are complete, and all required policies, processes, tools, and technologies are in place and continuing to evolve to support the Identity Ecosystem. A majority of relying parties are choosing to be part of the Identity Ecosystem. A majority of U.S. Internet users regularly engage in transactions verified through the Identity Ecosystem. A majority of online transactions are happening within the Identity Ecosystem. A sustainable market exists for Identity Ecosystem identity and attribute service providers.
NPO Proposed Workplan, 2012 (1 of 4) Workstream #1 – Establish Identity Ecosystem Steering Group Infrastructure, by Q Steering Group Foundational Document Ratification 2.Steering Group Organizational Structure Established 3.Establish Steering Group Operational Structure
NPO Proposed Workplan, 2012 (2 of 4) Workstream #2 – Develop Identity Ecosystem Framework, not sooner than Q Complete Analysis of Current Ecosystems and Trust Frameworks 2.Complete Analysis of Current Standards 3.Complete Development of the Identity Ecosystem Framework Model 4.Establish Strategies for Identity Ecosystem Implementation and Expansion
NPO Proposed Workplan, 2012 (3 of 4) Workstream #3 – Develop Identity Ecosystem Accreditation Program, not sooner than Q Complete analysis of current accreditation programs and design an Identity Ecosystem accreditation program
NPO Proposed Workplan, 2012 (4 of 4) Workstream #4 – Establish Identity Ecosystem Business and Sustainment Model, not sooner than Q Complete analysis of current business models 2.Develop viable Steering Group business model 3.Establish the Identity Ecosystem Steering Group as an independent legal entity
IDESG Workplan, as of Q  Source: https://www.idecosystem.org/content/group-chartershttps://www.idecosystem.org/content/group-charters Step #1 – Members Propose the work to be done (via Committee Charters)  Step #2 – The Plenary prioritizes work items & approves Committee Charters Phoenix) Step #3 – The Management Council develops IDESG Workplan (based on NSTIC goals and plenary output) 1.International Coordination 2.Communications 3.Healthcare 4.Trust Frameworks 5.Financial 6.Security 7.Liability & Contract 8.Accreditation & Certification 9.Privacy 10.Policy 11.Standards Coordination 12.Usability ? ?
Final thought… let’s be SMART S=SpecificWhat: What do I want to accomplish? Why: Specific reasons, purpose or benefits of accomplishing the goal. Who: Who is involved? Where: Identify a location. Which: Identify requirements and constraints. M=MeasurableHow much?, How many? How will I know when it is accomplished? A=AttainableHow can the goal be accomplished? R=RelevantDoes this seem worthwhile? Is this the right time? Does this match our other efforts/needs? Are you the right person? Is this acceptable for correction? T=TimelyWhen? What can we do 6 months from now, 12 months from now? What can we do today? Source =