IDESG Goals & Work-plans for 2013 and beyond

Brett McDowellIDESG Management Council Chair

bmcdowell@paypal-inc.com

Why should the Management Council develop goals & workplans for IDESG?

(1) “The Management Council shall provide guidance to the Plenary on the broad objectives envisioned by the NSTIC, produce work-plans to prioritize work items and monitor progress, ensure that Steering Group work activities align with the NSTIC Guiding Principles, and shall have overall administrative and fiduciary responsibility for the IDESG.” – Rules of Association

(2) “What gets measured, gets done” – Peter Drucker

Foundation of our goals & workplans

• Origins of NSTIC

• NSTIC itself

• Pre-IDESG proposals from NSTIC NPO

• IDESG member proposals (charters)

• IDESG plenary deliberations (this week)

Cybersecurity Policy Review, 2009

“Build a cybersecurity-based identity management vision and strategy that addresses privacy and civil liberties interests, leveraging privacy-enhancing technologies for the Nation.” – Near-Term Action Plan #10

“Implement, for high-value activities (e.g., the Smart Grid), an opt-in array of interoperable identity management systems to build trust for online transactions and to enhance privacy” – Mid-Term Action Plan #13

CSIS Cybersecurity Update, Jan-2011

“The biggest challenge for the NSTIC and its new NPO will be to increase incentives for people to use online authentication.”

Source = Key Areas for Progress #6, Improve authentication of identity for critical infrastructure

NSTIC Vision & Principles, April-2011

“Individuals and organizations utilize secure, efficient, easy-to-use, and interoperable identity solutions to access online services in a manner that promotes confidence, privacy, choice, and innovation.”

Identity Solutions will be:• Privacy-enhancing and voluntary• Secure and resilient• Interoperable• Cost-effective and easy to use

NSTIC Goals & Objectives, 2011 (1 of 4)

(1) Develop a comprehensive Identity Ecosystem Framework

1. Establish improved privacy protection mechanisms2. Establish comprehensive identification and

authentication standards based on defined risk models3. Define participant responsibilities in the Identity

Ecosystem and establish mechanisms to provide accountability

4. Establish a steering group to administer the standards development and accreditation process for the Identity Ecosystem Framework

(2) Build and implement the Identity Ecosystem1. Implement the private-sector elements of the

Identity Ecosystem2. Implement the state, local, tribal and territorial

government elements of the Identity Ecosystem3. Implement the Federal Government elements of

the Identity Ecosystem4. Promote the development of interoperable

solutions to implement the Identity Ecosystem Framework

NSTIC Goals & Objectives, 2011 (2 of 4)

(3) Enhance confidence and willingness to participate in the Identity Ecosystem

1. Provide awareness and education to enable informed decisions.

2. Identify other means to drive widespread adoption of the Identity Ecosystem

NSTIC Goals & Objectives, 2011 (3 of 4)

(4) Ensure the long-term success and sustainability of the Identity Ecosystem

1. Drive innovation through aggressive science and technology (S&T) and research and development (R&D) efforts

2. Integrate the Identity Ecosystem internationally

NSTIC Goals & Objectives, 2011 (4 of 4)

NSTIC Benchmarks, 2014-16 (1 of 5)

Subjects (people or NPE*) have the ability to choose trusted digital identities: – for personal or business use; – between at least two identity credential and

media types; and – that are usable across multiple sectors

*NPE = Non-Person Entity

NSTIC Benchmarks, 2014-16 (2 of 5)

There exists a growing marketplace of both trustmarked, private-sector identity providers at different levels of assurance and private-sector relying parties that accept trustmarked credentials at different levels of assurance. This relying party population is not confined to just one or two sectors.

NSTIC Benchmarks, 2014-16 (3 of 5)

Trustmarked attribute providers are available to assert validated attributes. Services available include the ability to assert validated attributes without providing uniquely identifiable information.

NSTIC Benchmarks, 2014-16 (4 of 5)

The number of enrolled identities in the Identity Ecosystem is growing at a significant rate, and the number of authentication transactions in the Identity Ecosystem is growing at least at the same rate.

NSTIC Benchmarks, 2014-16 (5 of 5)

Building upon FICAM, all online Federal Executive Branch services are aligned appropriately with the Identity Ecosystem and, where appropriate, accept identities and credentials from at least one of the trustmarked private-sector identity providers.

NSTIC Benchmarks (2021)

• All implementation actions are complete, and all required policies, processes, tools, and technologies are in place and continuing to evolve to support the Identity Ecosystem.

• A majority of relying parties are choosing to be part of the Identity Ecosystem.

• A majority of U.S. Internet users regularly engage in transactions verified through the Identity Ecosystem.

• A majority of online transactions are happening within the Identity Ecosystem.

• A sustainable market exists for Identity Ecosystem identity and attribute service providers.

NPO Proposed Workplan, 2012 (1 of 4)

Workstream #1 – Establish Identity Ecosystem Steering Group Infrastructure, by Q1 2013

1. Steering Group Foundational Document Ratification

2. Steering Group Organizational Structure Established

3. Establish Steering Group Operational Structure

NPO Proposed Workplan, 2012 (2 of 4)

Workstream #2 – Develop Identity Ecosystem Framework, not sooner than Q4 2013

1. Complete Analysis of Current Ecosystems and Trust Frameworks

2. Complete Analysis of Current Standards3. Complete Development of the Identity

Ecosystem Framework Model4. Establish Strategies for Identity Ecosystem

Implementation and Expansion

NPO Proposed Workplan, 2012 (3 of 4)

Workstream #3 – Develop Identity Ecosystem Accreditation Program, not sooner than Q4 2013

1. Complete analysis of current accreditation programs and design an Identity Ecosystem accreditation program

NPO Proposed Workplan, 2012 (4 of 4)

Workstream #4 – Establish Identity Ecosystem Business and Sustainment Model, not sooner than Q4 2013

1. Complete analysis of current business models2. Develop viable Steering Group business model3. Establish the Identity Ecosystem Steering Group

as an independent legal entity

IDESG Workplan, as of Q1 2013

[1] Source: https://www.idecosystem.org/content/group-charters

Step #1 – Members Propose the work to be done (via Committee Charters) [1]

Step #2 – The Plenary prioritizes work items & approves Committee Charters (@ Phoenix)

Step #3 – The Management Council develops IDESG Workplan (based on NSTIC goals and plenary output)

1. International Coordination2. Communications3. Healthcare4. Trust Frameworks5. Financial6. Security7. Liability & Contract8. Accreditation & Certification9. Privacy10. Policy11. Standards Coordination12. Usability

?

?

Final thought… let’s be SMARTS=Specific What: What do I want to accomplish?

Why: Specific reasons, purpose or benefits of accomplishing the goal.Who: Who is involved?Where: Identify a location.Which: Identify requirements and constraints.

M=Measurable How much?, How many?How will I know when it is accomplished?

A=Attainable How can the goal be accomplished?

R=Relevant Does this seem worthwhile?Is this the right time?Does this match our other efforts/needs?Are you the right person?Is this acceptable for correction?

T=Timely When?What can we do 6 months from now, 12 months from now?What can we do today?

Source = http://en.wikipedia.org/wiki/SMART_criteria#Developing_SMART_goals

Q&A