CIS14: NSTIC - Why the Identity Ecosystem Steering Group (IDESG)?
1. Why
the
Iden*ty
Ecosystem
Steering
Group
(IDESG)?
Ian
Glazer
Delegate-‐at-‐Large,
Management
Council
–
IDESG
Board
of
Directors
Member
–
IDESG
Inc.
Senior
Director,
Iden@ty
–
salesforce.com
@iglazer
3. Internet
as
Economic
Engine
• The
bright
spot
in
the
US
economy
• Reduce
transac@on
costs
and
inefficiencies
• Expand
every
business’
reach
• Moving
more
interac@ons
online
is
the
inevitable
future
4. Usernames and passwords are broken
• Most people have 25 different passwords, or use the same one over
and over
• Even strong passwords are vulnerable…criminals have many paths to
easily capture “keys to the kingdom”
• Rising costs of identity theft
÷ 11.6M U.S. victims (+13% YoY) in 2011 at a cost of $37 billion
÷ 67% increase in # of Americans impacted by data breaches in 2011
(Source: Javelin Strategy & Research)
• A common vector of attack
÷ Sony Playstation, Zappos, Lulzsec, LinkedIn, among dozens
of 2011-12 breaches tied to passwords.
5. Identities are difficult to verify
over the internet
• Numerous government services still must be
conducted in person or by mail, leading to continual
rising costs for state, local and federal governments
• Electronic health records could save billions, but
can’t move forward without solving authentication
challenge for providers and individuals
• Many transactions, such as signing an auto loan or a
mortgage, are still considered too risky to conduct
online due to liability risks
6. The
Status
Quo
is
Meh
• No
formal
market
for
iden@ty
• Poor
choices
of
iden@ty
providers
– Who
can
and
do
mone@ze
personal
data
• Meager
controls
for
the
individual
• Inequitable
use
of
personal
data
• Privacy
is
increasingly
only
for
the
well-‐to-‐do
• If
moving
transac@ons
online
is
inevitable,
do
we
want
the
status
quo
to
be
the
only
way
we
get
online
services?
8. Mission
The Mission of the Identity Ecosystem Steering Group (IDESG)
shall be to govern and administer the Identity Ecosystem
Framework in a manner that stimulates the development and
sustainability of the Identity Ecosystem. The IDESG will always
operate in accordance with the NSTIC’s Guiding Principles.
GUIDING PRINCIPLES
1.
Privacy-‐enhancing
and
voluntary.
2.
Secure
and
resilient.
3.
Interoperable.
4.
Cost-‐effec@ve
and
easy
to
use.
9. • IDESG
is
working
to
create
a
world
where
people
trust
the
security
and
privacy
of
online
iden*fica*on
and
confidently
exchange
personal
informa*on
via
the
Internet.
• IDESG
is
a
government-‐inspired,
commercially-‐led,
member-‐driven
organiza*on
that
is
serving
the
public
good.
• IDESG
is
at
the
heart
of
the
iden*ty
solu*on,
driving
innova*on
and
serving
as
a
catalyst
for
industry
and
the
economy.
10. Objectives
The activities and work products of the IDESG shall be conducted in support of
the following objectives:
— Ensuring that the Identity Ecosystem and Identity Ecosystem Framework
conform to the four NSTIC Guiding Principles.
— Administering the process for policy and standards development and adoption
for the Identity Ecosystem Framework and, where necessary establishing
policies standards for the Identity Ecosystem Framework.
— Adopting and, where necessary, establishing standards for the Identity
Ecosystem Framework.
— Certifying that accreditation authorities validate adherence to the
requirements of the Identity Ecosystem Framework.
Text taken from the Identity Ecosystem Steering Group (IDESG) 2013 Rules of Association.
Read more about the IDESG in its policy documents.
13. 2014 IDESG Goal
— Complete version 1 of the IEF by December 31, 2014
¡ Will allow a baseline to which self-attestations can occur
¡ Sets the stage for development of a comprehensive
compliance and conformance program by December 31,
2015
13
14. Framework Development Plan Components
14
Functional Model
Define Guiding Principle
Requirements
Define Initial Risk Model(s)
IEF Compliance/Conformance
Program
Implementation Tools
15. Use
Cases
• Frame
the
IDESG’s
ini@al
objec@ves
and
scope
of
work
• Provide
a
basis
for
the
development
of
IDESG
work
products
• Drive
consensus
among
IDESG
plenary
members
about
the
characteris@cs
of
the
ecosystem
and
iden@ty
ecosystem
framework
they
are
trying
to
bring
into
existence
• Provide
a
method
for
the
elicita@on
and
capture
the
requirements
of
the
various
NSTIC
cons@tuencies
• Make
more
concrete
the
applica@on
of
the
NSTIC
guiding
principles
in
terms
of
real-‐
world
scenarios
• Serve
as
a
test
target
against
which
IDESG
work
products
can
be
evaluated
• Serve
as
a
guide
for
the
collec@ve
efforts
of
the
IDESG,
to
maintain
a
common
focus
and
alignment
hp://www.idecosystem.org/index.php?q=filedepot_download/944/1272
hps://www.idecosystem.org/wiki/Use_Cases
18. Why
be
involved
• Help
shape
an
alterna@ve
to
/
augmenta@on
of
the
status
quo
• Aid
in
the
crea@on
of
a
true
market
for
iden@ty
• Grow
your
business
• Work
with
industry
peers
19. Why
am
I
involved
• I’m
walking
catalog
of
an@-‐paerns
• Amazing
opportuni@es
to
enrich
our
society
and
businesses
of
kinds
to
beer
achieve
their
missions
• Rare
that
you
get
an
opportunity
to
of
this
scope
in
any
industry
• To
know
I
helped
22. How to Get Involved
Connect with Members.
Join one of the email discussion lists -
Post on a forum - Contribute to the Wiki
and other projects.
Learn and Develop.
Read the Member E-Newsletter –
Read about upcoming events on the
Website - Attend online and in person.
Run for a Leadership Position.
Advocate.
Tell your associates - Include IEDSG in
your industry presentations, etc.
Present Your Ideas.
Submit an idea for group discussion.
Share your own experience with your
colleagues!
Participate. Be a part of the solution!
23. IDESG
10th
Plenary
• September
17
–
19th
Tampa,
FL
• In
conjunc@on
with
the
Global
Iden@ty
Summit
• Hear
about
commiee
progress
• Help
determine
IDESG’s
roadmap
for
2014
and
beyond
• hps://www.idecosystem.org/content/save-‐
date-‐10th-‐plenary
24. More
Info
• NSTIC
Program
Office
– hp://www.nist.gov/ns@c/npo.html
• NSTIC
Blog
– hp://ns@c.blogs.govdelivery.com/
• IDESG
– hps://www.idecosystem.org/