230 likes | 309 Views
IDESG Goals & Work-plans for 2013 and beyond. Brett McDowell IDESG Management Council Chair bmcdowell@paypal-inc.com. Why should the Management Council develop goals & workplans for IDESG?.
E N D
IDESG Goals & Work-plans for 2013 and beyond Brett McDowell IDESG Management Council Chair bmcdowell@paypal-inc.com
Why should the Management Council develop goals & workplans for IDESG? (1) “The Management Council shall provide guidance to the Plenary on the broad objectives envisioned by the NSTIC, produce work-plans to prioritize work items and monitor progress, ensure that Steering Group work activities align with the NSTIC Guiding Principles, and shall have overall administrative and fiduciary responsibility for the IDESG.” – Rules of Association (2) “What gets measured, gets done” – Peter Drucker
Foundation of our goals & workplans • Origins of NSTIC • NSTIC itself • Pre-IDESG proposals from NSTIC NPO • IDESG member proposals (charters) • IDESG plenary deliberations (this week)
Cybersecurity Policy Review, 2009 “Build a cybersecurity-based identity management vision and strategy that addresses privacy and civil liberties interests, leveraging privacy-enhancing technologies for the Nation.” – Near-Term Action Plan #10 “Implement, for high-value activities (e.g., the Smart Grid), an opt-in array of interoperable identity management systems to build trust for online transactions and to enhance privacy” – Mid-Term Action Plan #13
CSIS Cybersecurity Update, Jan-2011 “The biggest challenge for the NSTIC and its new NPO will be to increase incentives for people to use online authentication.” Source = Key Areas for Progress #6, Improve authentication of identity for critical infrastructure
NSTIC Vision & Principles, April-2011 “Individuals and organizations utilize secure, efficient, easy-to-use, and interoperable identity solutions to access online services in a manner that promotes confidence, privacy, choice, and innovation.” Identity Solutions will be: • Privacy-enhancing and voluntary • Secure and resilient • Interoperable • Cost-effective and easy to use
NSTIC Goals & Objectives, 2011 (1 of 4) (1) Develop a comprehensive Identity Ecosystem Framework • Establish improved privacy protection mechanisms • Establish comprehensive identification and authentication standards based on defined risk models • Define participant responsibilities in the Identity Ecosystem and establish mechanisms to provide accountability • Establish a steering group to administer the standards development and accreditation process for the Identity Ecosystem Framework
NSTIC Goals & Objectives, 2011 (2 of 4) (2) Build and implement the Identity Ecosystem • Implement the private-sector elements of the Identity Ecosystem • Implement the state, local, tribal and territorial government elements of the Identity Ecosystem • Implement the Federal Government elements of the Identity Ecosystem • Promote the development of interoperable solutions to implement the Identity Ecosystem Framework
NSTIC Goals & Objectives, 2011 (3 of 4) (3) Enhance confidence and willingness to participate in the Identity Ecosystem • Provide awareness and education to enable informed decisions. • Identify other means to drive widespread adoption of the Identity Ecosystem
NSTIC Goals & Objectives, 2011 (4 of 4) (4) Ensure the long-term success and sustainability of the Identity Ecosystem • Drive innovation through aggressive science and technology (S&T) and research and development (R&D) efforts • Integrate the Identity Ecosystem internationally
NSTIC Benchmarks, 2014-16 (1 of 5) Subjects (people or NPE*) have the ability to choose trusted digital identities: • for personal or business use; • between at least two identity credential and media types; and • that are usable across multiple sectors *NPE = Non-Person Entity
NSTIC Benchmarks, 2014-16 (2 of 5) There exists a growing marketplace of both trustmarked, private-sector identity providers at different levels of assurance and private-sector relying parties that accept trustmarked credentials at different levels of assurance. This relying party population is not confined to just one or two sectors.
NSTIC Benchmarks, 2014-16 (3 of 5) Trustmarked attribute providers are available to assert validated attributes. Services available include the ability to assert validated attributes without providing uniquely identifiable information.
NSTIC Benchmarks, 2014-16 (4 of 5) The number of enrolled identities in the Identity Ecosystem is growing at a significant rate, and the number of authentication transactions in the Identity Ecosystem is growing at least at the same rate.
NSTIC Benchmarks, 2014-16 (5 of 5) Building upon FICAM, all online Federal Executive Branch services are aligned appropriately with the Identity Ecosystem and, where appropriate, accept identities and credentials from at least one of the trustmarked private-sector identity providers.
NSTIC Benchmarks (2021) • All implementation actions are complete, and all required policies, processes, tools, and technologies are in place and continuing to evolve to support the Identity Ecosystem. • A majority of relying parties are choosing to be part of the Identity Ecosystem. • A majority of U.S. Internet users regularly engage in transactions verified through the Identity Ecosystem. • A majority of online transactions are happening within the Identity Ecosystem. • A sustainable market exists for Identity Ecosystem identity and attribute service providers.
NPO Proposed Workplan, 2012 (1 of 4) Workstream #1 – Establish Identity Ecosystem Steering Group Infrastructure, by Q1 2013 • Steering Group Foundational Document Ratification • Steering Group Organizational Structure Established • Establish Steering Group Operational Structure
NPO Proposed Workplan, 2012 (2 of 4) Workstream #2 – Develop Identity Ecosystem Framework, not sooner than Q4 2013 • Complete Analysis of Current Ecosystems and Trust Frameworks • Complete Analysis of Current Standards • Complete Development of the Identity Ecosystem Framework Model • Establish Strategies for Identity Ecosystem Implementation and Expansion
NPO Proposed Workplan, 2012 (3 of 4) Workstream #3 – Develop Identity Ecosystem Accreditation Program, not sooner than Q4 2013 • Complete analysis of current accreditation programs and design an Identity Ecosystem accreditation program
NPO Proposed Workplan, 2012 (4 of 4) Workstream #4 – Establish Identity Ecosystem Business and Sustainment Model, not sooner than Q4 2013 • Complete analysis of current business models • Develop viable Steering Group business model • Establish the Identity Ecosystem Steering Group as an independent legal entity
IDESG Workplan, as of Q1 2013 [1] Source: https://www.idecosystem.org/content/group-charters
Final thought… let’s be SMART Source = http://en.wikipedia.org/wiki/SMART_criteria#Developing_SMART_goals