210 likes | 462 Views
TFTM 01-02. TFTM Committee working call to discuss how to describe the “IDESG-Acknowledged Identity Ecosystem” in its interim or long term state. 2013 November 06. NOTE: The notes section of each slide captures the discussion about that slide from the October 30 meeting.
E N D
TFTM 01-02 TFTM Committee working call to discuss how to describe the “IDESG-Acknowledged Identity Ecosystem” in its interim or long term state. 2013 November 06 NOTE: The notes section of each slide captures the discussion about that slide from the October 30 meeting. IDESG TFTM Committee
Contents of this deck October 30 Call • The Value of establishing an IDESG-Acknowledged ID Ecosystem (interim or long-term) • Discussion of the nature of “Interim” versus “Longer term” • Some possible descriptions of the IDESG-Acknowledged ID Ecosystem * These slides should be modified as needed to circle in on the description of “What” we are working to establish IDESG TFTM Committee
Some assumptions October 30 Call • There will be an IDESG-Acknowledged ID Ecosystem • Participation will grow over time • Structures will evolve and requirements will become better-defined over time • Adherence to the NSTIC Guiding Principles is mandatory • The NSTIC Derived Requirements might be used as a mechanism to demonstrate adherence to the principles IDESG TFTM Committee
The NSTIC ID Ecosystem* October 30 Call will consist of different online communities that use interoperabletechnology, processes, and policies * The term “online communities”, while not perfect, should be used until IDESG determines the best replacement term and creates an IDESG Vision statement. *Source: The NSTIC Strategy Document IDESG TFTM Committee
ID Ecosystem? October 30 Call Online Communities ID Ecosystem Framework Rules Arrows = Inter-community interactions IDESG TFTM Committee
October 30 Call Rationale and Value IDESG TFTM Committee
The rationale for October 30 Call • The rationale for establishing an IDESG-Acknowledged ID Ecosystem (interim or long-term) is: • The same as establishing any Standards-based program • To acknowledge the conforming participants from the Internet ID Ecosystem • To influence service providers to use sound practices • To signal to service consumers that there are minimum acceptable standards of operation IDESG TFTM Committee
The value in participating October 30 Call • To enable identity solution and ‘online community’ participants to be recognized as being or strive to become recognized as participating in the IDESG-acknowledged ID Ecosystem • For the cross-endorsement of participants to instill trusted brand power and the beginnings of a network effect for identity solution trust brands • i.e. The companies would not identify with it if it brings their brand into disrepute • To assure consumers/citizens/individuals that certain standards have been met and policies & practices are in place • To act as a finding aid for identity services consumers to locate ‘trustworthy’ service providers • To enable participants to promote participation as a service differentiator IDESG TFTM Committee
October 30 Call What is “Interim” IDESG TFTM Committee
The sense of “Interim” October 30 Call • An initial group (as identified by IDESG) of ‘online communities’ which demonstrate that they meet the basic requirements of the Interim stage • E.g. have been certified and accredited by an IDESG-vetted accreditation body • E.g. self-assert that they satisfy the NSTIC Derived Requirements • A period of time prior to a declared start date of an IDESG-acknowledged ID Ecosystem in which potential participants can prepare for and receive accreditation • A period during which any identity solutions can self-assert participation and satisfy requirements • A Transition period would be required to formally verify the validity of these claims IDESG TFTM Committee
October 30 Call IDESG-Acknowledged Interim Ecosystem: Described IDESG TFTM Committee
What is the Interim thing? October 30 Call • Consists of a few or several ‘Online Communities’ that are well-defined, well-governed, in operation, appear to be stable, satisfy the NSTIC Derived Requirements and have a positive track record of privacy and security management. IDESG TFTM Committee
These ‘Online Communities’: October 30 Call • Have community-defined, documented and enforced: • Interoperability Standards; Shared risk model; Privacy policy, requirements and accountability mechanisms; Liability policy and requirements • Have community-defined, documented and enforced: • Policy, standards and processes that govern the activities of community members • Can demonstrate that they satisfy all of the NSTIC Derived Requirements • Can describe the types of community-member interactions or transactions that rely on identity- or attribute-related services • Can demonstrate a track record of consistent application of the Community Rules; and the ability to detect, respond to and repair security and privacy breaches • Have policies and processes for adding new members and revoking membership in the Community • Have documented processes for handling interactions with entities that are not community members • Have a business model that appears to support the activities of the Community IDESG TFTM Committee
November 6 Call Starts Here TFTM 01-02 TFTM Committee working call to discuss how to describe the “IDESG-Acknowledged Identity Ecosystem” in its interim or long term state. 2013 November 06 Call NOTE: The notes section of each slide captures the discussion about that slide from the October 30 meeting. IDESG TFTM Committee
A Few Quick Points November 6 Call • Rationale for Interim state: • To influence Online Communities & Participants towards conformance with IDESG Requirements • To start a virtuous cycle of association of IDESG brand with highly visible companies, brands and associations • To demonstrate elements of the Value Proposition for participating in the IDESG-Acknowledged ID Ecosystem • To learn and fine tune tactics for the longer term • Consider using “Initial” instead of “Interim” to keep evolution/maturity concepts IDESG TFTM Committee
IDESG-Acknowledged ID Ecosystem – Interim/Initial State Description November 6 Call • Consists of a few or several ‘Online Communities’ that are well-defined, well-governed, in operation, appear to be stable, satisfy the NSTIC Derived Requirements and have a positive track record of privacy and security management. • ‘Online Communities’ have documented & self-defined ‘Trust Frameworks’ and use one or more ‘ID Solutions’: Federated Authentication/Credentials; Web Single Sign On; Centralized/Directory Authentication IDESG TFTM Committee
Requirements Gathering November 6 Call • Start with the NPO NSTIC Derived Requirements (as a proxy for the Guiding Principles) • Determine Legal Requirements: What contracts needed? Is IDESG liable or providing implicit warranty? What Trust Mark licensing is needed for Interim state? • Determine Operational Requirements • ??? IDESG TFTM Committee
Selecting The Initial Participants November 6 Call • Use ‘Online Communities’ as the granularity of participant selection • Pick which interaction/transaction types should be showcased in the first group of ‘Online Communities’: C2G; G2C; B2B; B2C (hopefully mostly on the ‘B’ and ‘C’ end) • Select ‘Online Communities’ that have strong brand power and high visibility to non-Identity-Focused companies, individuals and organizations • Select ‘Online Communities’ that use 3rd party Certification & Accreditation of their participants • Select based on large total number of Individuals, Businesses and Organizations in the ‘Online Community’? • All viable NSTIC Pilot Grant Awardees plus ‘big name’ Federations? IDESG TFTM Committee
Feature Preferences? November 6 Call • If you had to pick one or two of… • Non-password credentials only • Credential/Authentication portability/interoperability between initial group of ‘Online Communities’ • i.e. The Individual observes that they can use a single credential to access a range of services that previously had their own unique credentials/user accounts • Multiple or Single Industry Sector focus? • Public sector-verified attributes available for private sector transactions? • Improvements to security, privacy, usability and interoperability that result in real but ‘Invisible’ benefits? • ??? IDESG TFTM Committee
Business Scenario Preferences? November 6 Call • Do we describe (and choose initial participants based on) a single scenario that is difficult to do using non-IDESG-Acknowledged ID Solutions, but would be less frustrating from end to end? • Do we choose initial ‘Online Communities’ that are mature and sound at the expense of interoperability between those ‘Online Communities’? • Do we choose based on a preferred outcome? • E.g. fraud reduction; seamless user experience; retail experience efficiency; proof that stronger credentials are possible and easy to use; proof that externalization of authentication is good for business • Do we choose to emphasize added value for one or several primary Participants (e.g. the Individual, the IDP/CSP, the eService Provider/RP) or do we value balanced benefit more? IDESG TFTM Committee
Next Steps? November 6 Call • Andrew to start writing up the document • And…? IDESG TFTM Committee