Presentation is loading. Please wait.

Presentation is loading. Please wait.

TFTM 01-02 TFTM Committee working call to discuss how to describe the “IDESG-Acknowledged Identity Ecosystem” in its interim or long term state. 2013 November.

Published byMeryl Small Modified over 8 years ago

Similar presentations

Presentation on theme: "TFTM 01-02 TFTM Committee working call to discuss how to describe the “IDESG-Acknowledged Identity Ecosystem” in its interim or long term state. 2013 November."— Presentation transcript:

1 TFTM 01-02 TFTM Committee working call to discuss how to describe the “IDESG-Acknowledged Identity Ecosystem” in its interim or long term state. 2013 November 06 2013-11-06 IDESG TFTM Committee 1 NOTE: The notes section of each slide captures the discussion about that slide from the October 30 meeting.

2 Contents of this deck The Value of establishing an IDESG-Acknowledged ID Ecosystem (interim or long-term) Discussion of the nature of “Interim” versus “Longer term” Some possible descriptions of the IDESG- Acknowledged ID Ecosystem * These slides should be modified as needed to circle in on the description of “What” we are working to establish 2013-11-06 IDESG TFTM Committee 2 October 30 Call

3 Some assumptions There will be an IDESG-Acknowledged ID Ecosystem Participation will grow over time Structures will evolve and requirements will become better-defined over time Adherence to the NSTIC Guiding Principles is mandatory The NSTIC Derived Requirements might be used as a mechanism to demonstrate adherence to the principles 2013-11-06 IDESG TFTM Committee 3 October 30 Call

4 The NSTIC ID Ecosystem* will consist of different online communities that use interoperable technology, processes, and policies *Source: The NSTIC Strategy Document * The term “online communities”, while not perfect, should be used until IDESG determines the best replacement term and creates an IDESG Vision statement. 2013-11-06 IDESG TFTM Committee 4 October 30 Call

5 ID Ecosystem? ID Ecosystem Framework Rules Arrows = Inter-community interactions Online Communities 2013-11-06 IDESG TFTM Committee 5 October 30 Call

6 Rationale and Value 2013-11-06 IDESG TFTM Committee 6 October 30 Call

7 The rationale for The rationale for establishing an IDESG- Acknowledged ID Ecosystem (interim or long-term) is: The same as establishing any Standards-based program To acknowledge the conforming participants from the Internet ID Ecosystem To influence service providers to use sound practices To signal to service consumers that there are minimum acceptable standards of operation 2013-11-06 IDESG TFTM Committee 7 October 30 Call

8 The value in participating To enable identity solution and ‘online community’ participants to be recognized as being or strive to become recognized as participating in the IDESG-acknowledged ID Ecosystem For the cross-endorsement of participants to instill trusted brand power and the beginnings of a network effect for identity solution trust brands i.e. The companies would not identify with it if it brings their brand into disrepute To assure consumers/citizens/individuals that certain standards have been met and policies & practices are in place To act as a finding aid for identity services consumers to locate ‘trustworthy’ service providers To enable participants to promote participation as a service differentiator 2013-11-06 IDESG TFTM Committee 8 October 30 Call

9 What is “Interim” 2013-11-06 IDESG TFTM Committee 9 October 30 Call

10 The sense of “Interim” An initial group (as identified by IDESG) of ‘online communities’ which demonstrate that they meet the basic requirements of the Interim stage E.g. have been certified and accredited by an IDESG-vetted accreditation body E.g. self-assert that they satisfy the NSTIC Derived Requirements A period of time prior to a declared start date of an IDESG-acknowledged ID Ecosystem in which potential participants can prepare for and receive accreditation A period during which any identity solutions can self-assert participation and satisfy requirements A Transition period would be required to formally verify the validity of these claims 2013-11-06 IDESG TFTM Committee 10 October 30 Call

11 IDESG-Acknowledged Interim Ecosystem: Described 2013-11-06 IDESG TFTM Committee 11 October 30 Call

12 What is the Interim thing? Consists of a few or several ‘Online Communities’ that are well-defined, well-governed, in operation, appear to be stable, satisfy the NSTIC Derived Requirements and have a positive track record of privacy and security management. 2013-11-06 IDESG TFTM Committee 12 October 30 Call

13 These ‘Online Communities’: Have community-defined, documented and enforced: Interoperability Standards; Shared risk model; Privacy policy, requirements and accountability mechanisms; Liability policy and requirements Have community-defined, documented and enforced: Policy, standards and processes that govern the activities of community members Can demonstrate that they satisfy all of the NSTIC Derived Requirements Can describe the types of community-member interactions or transactions that rely on identity- or attribute-related services Can demonstrate a track record of consistent application of the Community Rules; and the ability to detect, respond to and repair security and privacy breaches Have policies and processes for adding new members and revoking membership in the Community Have documented processes for handling interactions with entities that are not community members Have a business model that appears to support the activities of the Community 2013-11-06 IDESG TFTM Committee 13 October 30 Call

14 TFTM 01-02 TFTM Committee working call to discuss how to describe the “IDESG-Acknowledged Identity Ecosystem” in its interim or long term state. 2013 November 06 Call 2013-11-06 IDESG TFTM Committee 14 NOTE: The notes section of each slide captures the discussion about that slide from the October 30 meeting. November 6 Call Starts Here

15 A Few Quick Points Rationale for Interim state: To influence Online Communities & Participants towards conformance with IDESG Requirements To start a virtuous cycle of association of IDESG brand with highly visible companies, brands and associations To demonstrate elements of the Value Proposition for participating in the IDESG-Acknowledged ID Ecosystem To learn and fine tune tactics for the longer term Consider using “Initial” instead of “Interim” to keep evolution/maturity concepts 2013-11-06 IDESG TFTM Committee 15 November 6 Call

16 IDESG-Acknowledged ID Ecosystem – Interim/Initial State Description Consists of a few or several ‘Online Communities’ that are well-defined, well-governed, in operation, appear to be stable, satisfy the NSTIC Derived Requirements and have a positive track record of privacy and security management. ‘Online Communities’ have documented & self- defined ‘Trust Frameworks’ and use one or more ‘ID Solutions’: Federated Authentication/Credentials; Web Single Sign On; Centralized/Directory Authentication 2013-11-06 IDESG TFTM Committee 16 November 6 Call

17 Requirements Gathering 1.Start with the NPO NSTIC Derived Requirements (as a proxy for the Guiding Principles) 2.Determine Legal Requirements: What contracts needed? Is IDESG liable or providing implicit warranty? What Trust Mark licensing is needed for Interim state? 3.Determine Operational Requirements 4.??? 2013-11-06 IDESG TFTM Committee 17 November 6 Call

18 Selecting The Initial Participants Use ‘Online Communities’ as the granularity of participant selection Pick which interaction/transaction types should be showcased in the first group of ‘Online Communities’: C2G; G2C; B2B; B2C (hopefully mostly on the ‘B’ and ‘C’ end) Select ‘Online Communities’ that have strong brand power and high visibility to non-Identity-Focused companies, individuals and organizations Select ‘Online Communities’ that use 3 rd party Certification & Accreditation of their participants Select based on large total number of Individuals, Businesses and Organizations in the ‘Online Community’? All viable NSTIC Pilot Grant Awardees plus ‘big name’ Federations? 2013-11-06 IDESG TFTM Committee 18 November 6 Call

19 Feature Preferences? If you had to pick one or two of… Non-password credentials only Credential/Authentication portability/interoperability between initial group of ‘Online Communities’ i.e. The Individual observes that they can use a single credential to access a range of services that previously had their own unique credentials/user accounts Multiple or Single Industry Sector focus? Public sector-verified attributes available for private sector transactions? Improvements to security, privacy, usability and interoperability that result in real but ‘Invisible’ benefits? ??? 2013-11-06 IDESG TFTM Committee 19 November 6 Call

20 Business Scenario Preferences? Do we describe (and choose initial participants based on) a single scenario that is difficult to do using non-IDESG-Acknowledged ID Solutions, but would be less frustrating from end to end? Do we choose initial ‘Online Communities’ that are mature and sound at the expense of interoperability between those ‘Online Communities’? Do we choose based on a preferred outcome? E.g. fraud reduction; seamless user experience; retail experience efficiency; proof that stronger credentials are possible and easy to use; proof that externalization of authentication is good for business Do we choose to emphasize added value for one or several primary Participants (e.g. the Individual, the IDP/CSP, the eService Provider/RP) or do we value balanced benefit more? 2013-11-06 IDESG TFTM Committee 20 November 6 Call

21 Next Steps? Andrew to start writing up the document And…? 2013-11-06 IDESG TFTM Committee 21 November 6 Call

Download ppt "TFTM 01-02 TFTM Committee working call to discuss how to describe the “IDESG-Acknowledged Identity Ecosystem” in its interim or long term state. 2013 November."

Similar presentations

The Need for Trusted Credentials Information Assurance in Cyberspace Mary Mitchell Deputy Associate Administrator Office of Electronic Government & Technology.

The Need for Trusted Credentials Information Assurance in Cyberspace Mary Mitchell Deputy Associate Administrator Office of Electronic Government & Technology.
FIA Prague Preparation February 6, 2008. Scenario planning approach We cannot predict the future We cannot predict the future We do understand the drivers.

FIA Prague Preparation February 6, Scenario planning approach We cannot predict the future We cannot predict the future We do understand the drivers.
TFTM 01-02 TFTM Committee working call to discuss how to describe the “IDESG-Acknowledged Identity Ecosystem” in its interim or long term state. 2013 October.

TFTM TFTM Committee working call to discuss how to describe the “IDESG-Acknowledged Identity Ecosystem” in its interim or long term state October.
TFTM 01-06 Interim Trust Mark/Listing Approach Paper Discussion Deck TFTM Committee IDESG Plenary Meeting January 14, 2014 1-14-2014IDESG TFTM Committee1.

TFTM Interim Trust Mark/Listing Approach Paper Discussion Deck TFTM Committee IDESG Plenary Meeting January 14, IDESG TFTM Committee1.
Chapter 3 Health Care Information Systems: A Practical Approach for Health Care Management 2nd Edition Wager ~ Lee ~ Glaser.

Chapter 3 Health Care Information Systems: A Practical Approach for Health Care Management 2nd Edition Wager ~ Lee ~ Glaser.
Identity Federation Rules and Process Linda Elliott President, PingID Network Electronic Authentication Partnership Washington, DC February 12, 2004.

Identity Federation Rules and Process Linda Elliott President, PingID Network Electronic Authentication Partnership Washington, DC February 12, 2004.
FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.

FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.
IDESG Goals & Work-plans for 2013 and beyond Brett McDowell IDESG Management Council Chair

IDESG Goals & Work-plans for 2013 and beyond Brett McDowell IDESG Management Council Chair
Functional component terminology - thoughts C. Tilton.

Functional component terminology - thoughts C. Tilton.
TFTM Sub-Committee 01-06 What do we need for the IDESG Trust Mark Program Discussion Deck TFTM Committee April 16, 2014 4-16-2014IDESG TFTM Committee1.

TFTM Sub-Committee What do we need for the IDESG Trust Mark Program Discussion Deck TFTM Committee April 16, IDESG TFTM Committee1.
The SAFE-BioPharma Identity Proofing Process Author of Record SWG (Digital Credentials) October 3, 2012 Peter Alterman, Ph.D. Chief Operating Officer,

The SAFE-BioPharma Identity Proofing Process Author of Record SWG (Digital Credentials) October 3, 2012 Peter Alterman, Ph.D. Chief Operating Officer,
Back to Table of Contents

Back to Table of Contents
Framework Planning Draft 1 Jack Suess Ian Glazer Peter Alterman Andrew Hughes Michael Garcia.

Framework Planning Draft 1 Jack Suess Ian Glazer Peter Alterman Andrew Hughes Michael Garcia.
Cross Sector Digital Identity Initiative March 12, 2014 Hearing on the National Strategy for Trusted Identities in Cyberspace (NSTIC) Cross Sector Digital.

Cross Sector Digital Identity Initiative March 12, 2014 Hearing on the National Strategy for Trusted Identities in Cyberspace (NSTIC) Cross Sector Digital.
Connecting People With Information DoD Net-Centric Services Strategy Frank Petroski October 31, 2006.

Connecting People With Information DoD Net-Centric Services Strategy Frank Petroski October 31, 2006.
INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org JRA3 2 nd EU Review Input David Groep NIKHEF.

INFSO-RI Enabling Grids for E-sciencE JRA3 2 nd EU Review Input David Groep NIKHEF.
1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.

1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.
Use Case Development Scott Shorter, Electrosoft Services January/February 2013.

Use Case Development Scott Shorter, Electrosoft Services January/February 2013.
SAS 70 (Statement on Auditing Standards No. 70) Kelley Piner Charles Roberts Ashley Walker.

SAS 70 (Statement on Auditing Standards No. 70) Kelley Piner Charles Roberts Ashley Walker.
Identity Management What is it? Why? Responsibilities? Bill Weems Academic Computing University of Texas Health Science Center at Houston.

Identity Management What is it? Why? Responsibilities? Bill Weems Academic Computing University of Texas Health Science Center at Houston.

Similar presentations

Ads by Google