TFTM 01-02 TFTM Committee working call to discuss how to describe the “IDESG-Acknowledged Identity Ecosystem” in its interim or long term state. 2013 October 30 2013-10-30 IDESG TFTM Committee 1
Apr 02, 2015
IDESG TFTM Committee1
TFTM 01-02TFTM Committee working call to discuss how to
describe the “IDESG-Acknowledged Identity Ecosystem” in its interim or long term state.
2013 October 30
2013-10-30
IDESG TFTM Committee2
Contents of this deck
• The Value of establishing an IDESG-Acknowledged ID Ecosystem (interim or long-term)
• Discussion of the nature of “Interim” versus “Longer term”
• Some possible descriptions of the IDESG-Acknowledged ID Ecosystem
* These slides should be modified as needed to circle in on the description of “What” we are working to establish
2013-10-30
IDESG TFTM Committee3
Some assumptions
• There will be an IDESG-Acknowledged ID Ecosystem
• Participation will grow over time
• Structures will evolve and requirements will become better-defined over time
• Adherence to the NSTIC Guiding Principles is mandatory• The NSTIC Derived Requirements might be used as
a mechanism to demonstrate adherence to the principles
2013-10-30
IDESG TFTM Committee4
The NSTIC ID Ecosystem*
will consist of different online communities
that use interoperable
technology, processes, and policies
*Source: The NSTIC Strategy Document
* The term “online communities”, while not perfect, should be used until IDESG determines the best replacement term and creates an IDESG Vision statement.
2013-10-30
IDESG TFTM Committee5
ID Ecosystem?
ID Ecosystem Framework Rules
Arrows = Inter-community
interactions
Online Communiti
es
2013-10-30
IDESG TFTM Committee6
Rationale and Value
2013-10-30
IDESG TFTM Committee7
The rationale for
• The rationale for establishing an IDESG-Acknowledged ID Ecosystem (interim of long-term) is:• The same as establishing any Standards-
based program• To acknowledge the ‘good actors’ in the
general ID Ecosystem• To influence service providers to use sound
practices• To signal to service consumers that there are
minimum acceptable standards of operation2013-10-30
IDESG TFTM Committee8
The value in participating
• To enable identity solution and ‘online community’ participants to be recognized as being or strive to become recognized as participating in the IDESG-acknowledged ID Ecosystem
• For the cross-endorsement of participants to instill trusted brand power and the beginnings of a network effect for identity solution trust brands• i.e. The companies would not identify with it if it brings their
brand into disrepute• To assure consumers/citizens/individuals that certain standards
have been met and policies & practices are in place• To act as a finding aid for identity services consumers to locate
‘trustworthy’ service providers• To enable participants to promote participation as a service
differentiator
2013-10-30
IDESG TFTM Committee9
What is “Interim”
2013-10-30
IDESG TFTM Committee10
The sense of “Interim”
• An initial group (as identified by IDESG) of ‘online communities’ which demonstrate that they meet the basic requirements of the Interim stage• E.g. have been certified and accredited by an IDESG-vetted
accreditation body• E.g. self-assert that they satisfy the NSTIC Derived
Requirements
• A period of time prior to a ‘big bang’ go-live of an IDESG-acknowledged ID Ecosystem in which potential participants can prepare for and receive accreditation
• A period during which any identity solutions can self-assert participation and satisfy requirements• A Transition period would be required to formally verify the
validity of these claims
2013-10-30
IDESG TFTM Committee11
IDESG-Acknowledged
Interim Ecosystem: Described
2013-10-30
IDESG TFTM Committee12
What is the Interim thing?
• Consists of a few or several ‘Online Communities’ that are well-defined, well-governed, in operation, appear to be stable, satisfy the NSTIC Derived Requirements and have a positive track record of privacy and security management.
2013-10-30
IDESG TFTM Committee13
These ‘Online Communities’:
• Have community-defined, documented and enforced:• Interoperability Standards; Shared risk model; Privacy policy, requirements and
accountability mechanisms; Liability policy and requirements
• Have community-defined, documented and enforced:• Policy, standards and processes that govern the activities of community members
• Can demonstrate that they satisfy all of the NSTIC Derived Requirements• Can describe the types of community-member interactions or transactions
that rely on identity- or attribute-related services• Can demonstrate a track record of consistent application of the Community
Rules; and the ability to detect, respond to and repair security and privacy breaches
• Have policies and processes for adding new members and revoking membership in the Community
• Have documented processes for handling interactions with entities that are not community members
• Have a business model that appears to support the activities of the Community
2013-10-30