identity ecosystem framework: establishing rules of the road for digital identity

Ian Glazer Vice-Chair, Management Council IDESG @iglazer

From Principles to Actions: Identity Ecosystem Framework

We are just like you

IDESG idesg.org

How? Tasks roll down hill Multi-disciplinary group comes together Define controls needed to solve the problem

Rules of the Road for

Digital Identity

How did we get here?

People are unhappy

IDESG idesg.org

Americans are less than thrilled The current state of digital identity is fine. But only just fine. Not great.

54%

54% of digital consumers are cautious about the information they share due to lack of confidence in the online security

that protects their personal data

Source: 2015 Accenture Digital Consumer Survey

Management is unhappy

IDESG idesg.org

Executives require action •  US President Obama’s Ninety-Day

Cybersecurity Review, 2009 •  National Strategy for Trusted Identities in

Cyberspace (NSTIC), April 2011

IDESG idesg.org

NSTIC: A Vision of Digital Identity

A P R I L 2 0 11

Enhancing Online Choice, Efficiency, Security, and Privacy

NAT IONA L STR ATEGY FOR TRUSTED IDENT IT IES

IN CY BER SPACE

“The simple fact is, we cannot know what companies have not been launched, what products or services have not been deployed, or what innovations are held back by the inadequacy of tools, like insecure passwords, long ago overwhelmed by the fantastic and unpredictable growth of the Internet. What we do know is this: by making online transactions more trustworthy and enhancing consumers’ privacy, we will prevent costly crime; we will give businesses and consumers new confidence; and we will foster growth and innovation, online and across our economy – in some ways we can predict, and in other ways we can scarcely imagine. Ultimately, this is the goal of this strategy.” – President Obama

IDESG idesg.org

NSTIC Principles Privacy-enhancing and Voluntary Secure and Resilient Interoperable Cost-effective and Easy to use

Principles shape and direct

action

What happens next?

IDESG idesg.org

Identity Ecosystem Steering Group •  Created in August 2012 •  Convened by management (the

government) •  Public-Private partnership •  Tasked to create a (controls) framework

IDESG idesg.org

Mutli-disciplinary by design •  Privacy and Civil Liberties •  Usability and Human Factors •  Consumer Advocates •  U.S. Federal Government •  U.S. State, Local, Tribal, and

Territorial Government •  Research, Development,

Education and Innovation •  Identity and Attribute Providers •  Interoperability

•  IT Infrastructure •  Regulated Industries •  Small Business and

Entrepreneurs •  Security •  Relying Parties •  Unaffiliated Individuals

IDESG idesg.org

Breaking down the work •  Security •  Privacy •  User Experience •  Standards •  Policy Coordination

•  Trust Framework and Trustmarks

•  International Coordination

•  Healthcare

Identity Ecosystem Framework

IDESG idesg.org

The Results Identity Ecosystem Framework •  Functional Model – Reference architecture •  Requirements – Rules of the Road for digital identity •  Supplemental Guidance – How to meet the Requirements •  Scoping Statement – Where we go next

IDESG idesg.org

Self-assessment and beyond… •  A way for good actors to make

themselves known •  Transitioning to a Program Listing and

Certification Scheme in the future

Moving forward

Rules of the Road for

Digital Identity

Principles shape and direct

action

Management is happy

IDESG idesg.org

A reusable pattern Principles to drive action Multi-disciplinary team Create/select controls & frameworks Assess to measure progress

IDESG idesg.org

How you can get involved •  Join us at IdentityRevolution.org

•  Explore the Identity Ecosystem Framework

•  Join the IDESG

•  Be recognized as a good actor