1 / 21

TFTM 01-02

TFTM 01-02. TFTM Committee working call to discuss how to describe the “IDESG-Acknowledged Identity Ecosystem” in its interim or long term state. 2013 November 06. NOTE: The notes section of each slide captures the discussion about that slide from the October 30 meeting.

camden-gordon
Download Presentation

TFTM 01-02

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. TFTM 01-02 TFTM Committee working call to discuss how to describe the “IDESG-Acknowledged Identity Ecosystem” in its interim or long term state. 2013 November 06 NOTE: The notes section of each slide captures the discussion about that slide from the October 30 meeting. IDESG TFTM Committee

  2. Contents of this deck October 30 Call • The Value of establishing an IDESG-Acknowledged ID Ecosystem (interim or long-term) • Discussion of the nature of “Interim” versus “Longer term” • Some possible descriptions of the IDESG-Acknowledged ID Ecosystem * These slides should be modified as needed to circle in on the description of “What” we are working to establish IDESG TFTM Committee

  3. Some assumptions October 30 Call • There will be an IDESG-Acknowledged ID Ecosystem • Participation will grow over time • Structures will evolve and requirements will become better-defined over time • Adherence to the NSTIC Guiding Principles is mandatory • The NSTIC Derived Requirements might be used as a mechanism to demonstrate adherence to the principles IDESG TFTM Committee

  4. The NSTIC ID Ecosystem* October 30 Call will consist of different online communities that use interoperabletechnology, processes, and policies * The term “online communities”, while not perfect, should be used until IDESG determines the best replacement term and creates an IDESG Vision statement. *Source: The NSTIC Strategy Document IDESG TFTM Committee

  5. ID Ecosystem? October 30 Call Online Communities ID Ecosystem Framework Rules Arrows = Inter-community interactions IDESG TFTM Committee

  6. October 30 Call Rationale and Value IDESG TFTM Committee

  7. The rationale for October 30 Call • The rationale for establishing an IDESG-Acknowledged ID Ecosystem (interim or long-term) is: • The same as establishing any Standards-based program • To acknowledge the conforming participants from the Internet ID Ecosystem • To influence service providers to use sound practices • To signal to service consumers that there are minimum acceptable standards of operation IDESG TFTM Committee

  8. The value in participating October 30 Call • To enable identity solution and ‘online community’ participants to be recognized as being or strive to become recognized as participating in the IDESG-acknowledged ID Ecosystem • For the cross-endorsement of participants to instill trusted brand power and the beginnings of a network effect for identity solution trust brands • i.e. The companies would not identify with it if it brings their brand into disrepute • To assure consumers/citizens/individuals that certain standards have been met and policies & practices are in place • To act as a finding aid for identity services consumers to locate ‘trustworthy’ service providers • To enable participants to promote participation as a service differentiator IDESG TFTM Committee

  9. October 30 Call What is “Interim” IDESG TFTM Committee

  10. The sense of “Interim” October 30 Call • An initial group (as identified by IDESG) of ‘online communities’ which demonstrate that they meet the basic requirements of the Interim stage • E.g. have been certified and accredited by an IDESG-vetted accreditation body • E.g. self-assert that they satisfy the NSTIC Derived Requirements • A period of time prior to a declared start date of an IDESG-acknowledged ID Ecosystem in which potential participants can prepare for and receive accreditation • A period during which any identity solutions can self-assert participation and satisfy requirements • A Transition period would be required to formally verify the validity of these claims IDESG TFTM Committee

  11. October 30 Call IDESG-Acknowledged Interim Ecosystem: Described IDESG TFTM Committee

  12. What is the Interim thing? October 30 Call • Consists of a few or several ‘Online Communities’ that are well-defined, well-governed, in operation, appear to be stable, satisfy the NSTIC Derived Requirements and have a positive track record of privacy and security management. IDESG TFTM Committee

  13. These ‘Online Communities’: October 30 Call • Have community-defined, documented and enforced: • Interoperability Standards; Shared risk model; Privacy policy, requirements and accountability mechanisms; Liability policy and requirements • Have community-defined, documented and enforced: • Policy, standards and processes that govern the activities of community members • Can demonstrate that they satisfy all of the NSTIC Derived Requirements • Can describe the types of community-member interactions or transactions that rely on identity- or attribute-related services • Can demonstrate a track record of consistent application of the Community Rules; and the ability to detect, respond to and repair security and privacy breaches • Have policies and processes for adding new members and revoking membership in the Community • Have documented processes for handling interactions with entities that are not community members • Have a business model that appears to support the activities of the Community IDESG TFTM Committee

  14. November 6 Call Starts Here TFTM 01-02 TFTM Committee working call to discuss how to describe the “IDESG-Acknowledged Identity Ecosystem” in its interim or long term state. 2013 November 06 Call NOTE: The notes section of each slide captures the discussion about that slide from the October 30 meeting. IDESG TFTM Committee

  15. A Few Quick Points November 6 Call • Rationale for Interim state: • To influence Online Communities & Participants towards conformance with IDESG Requirements • To start a virtuous cycle of association of IDESG brand with highly visible companies, brands and associations • To demonstrate elements of the Value Proposition for participating in the IDESG-Acknowledged ID Ecosystem • To learn and fine tune tactics for the longer term • Consider using “Initial” instead of “Interim” to keep evolution/maturity concepts IDESG TFTM Committee

  16. IDESG-Acknowledged ID Ecosystem – Interim/Initial State Description November 6 Call • Consists of a few or several ‘Online Communities’ that are well-defined, well-governed, in operation, appear to be stable, satisfy the NSTIC Derived Requirements and have a positive track record of privacy and security management. • ‘Online Communities’ have documented & self-defined ‘Trust Frameworks’ and use one or more ‘ID Solutions’: Federated Authentication/Credentials; Web Single Sign On; Centralized/Directory Authentication IDESG TFTM Committee

  17. Requirements Gathering November 6 Call • Start with the NPO NSTIC Derived Requirements (as a proxy for the Guiding Principles) • Determine Legal Requirements: What contracts needed? Is IDESG liable or providing implicit warranty? What Trust Mark licensing is needed for Interim state? • Determine Operational Requirements • ??? IDESG TFTM Committee

  18. Selecting The Initial Participants November 6 Call • Use ‘Online Communities’ as the granularity of participant selection • Pick which interaction/transaction types should be showcased in the first group of ‘Online Communities’: C2G; G2C; B2B; B2C (hopefully mostly on the ‘B’ and ‘C’ end) • Select ‘Online Communities’ that have strong brand power and high visibility to non-Identity-Focused companies, individuals and organizations • Select ‘Online Communities’ that use 3rd party Certification & Accreditation of their participants • Select based on large total number of Individuals, Businesses and Organizations in the ‘Online Community’? • All viable NSTIC Pilot Grant Awardees plus ‘big name’ Federations? IDESG TFTM Committee

  19. Feature Preferences? November 6 Call • If you had to pick one or two of… • Non-password credentials only • Credential/Authentication portability/interoperability between initial group of ‘Online Communities’ • i.e. The Individual observes that they can use a single credential to access a range of services that previously had their own unique credentials/user accounts • Multiple or Single Industry Sector focus? • Public sector-verified attributes available for private sector transactions? • Improvements to security, privacy, usability and interoperability that result in real but ‘Invisible’ benefits? • ??? IDESG TFTM Committee

  20. Business Scenario Preferences? November 6 Call • Do we describe (and choose initial participants based on) a single scenario that is difficult to do using non-IDESG-Acknowledged ID Solutions, but would be less frustrating from end to end? • Do we choose initial ‘Online Communities’ that are mature and sound at the expense of interoperability between those ‘Online Communities’? • Do we choose based on a preferred outcome? • E.g. fraud reduction; seamless user experience; retail experience efficiency; proof that stronger credentials are possible and easy to use; proof that externalization of authentication is good for business • Do we choose to emphasize added value for one or several primary Participants (e.g. the Individual, the IDP/CSP, the eService Provider/RP) or do we value balanced benefit more? IDESG TFTM Committee

  21. Next Steps? November 6 Call • Andrew to start writing up the document • And…? IDESG TFTM Committee

More Related