IDESG Newsletter #12

NSTIC Notes Blog Post: Getting Down to the Nitty Gritty: Perspectives on the IDESG MIT Plenary

We were thrilled to see more than 150 in-person and remote participants take time out of their summers to attend the fifth Identity Ecosystem Steering Group (IDESG) plenary at the MIT Media Lab.  Beyond strong attendance, we were most excited by comments from enthusiasts and skeptics alike that the IDESG was getting down to the nitty gritty - taking a number of steps to flesh out the Identity Ecosystem Framework and move us ever closer to realizing the vision of the NSTIC.... Continue reading at the NSTIC Notes Blog.

 

IDESG MIT PLENARY SUMMARY

Wednesday Starts with Pre-Plenary Meetings

Many groups took advantage of face-to-face time together before the Plenary began. The Management Council and the Use Case Ad Hoc Group both held meetings on Wednesday morning that allowed for in-person and remote participants. An Ad-Hoc Voting Method Discussion was led by David Rosenberg. The 5th Plenary Meeting devoted a lot of time to Committee, Subcommittee, and Ad Hoc Group breakout meetings.

The first IDESG/NSTIC Orientation Session was held with both great attendance and tremendous approval and appreciation. The orientation session was hosted by the Communications and Outreach Subcommittee and led by Judith Fleenor, a member of the Subcommittee. Information was provided about the IDESG organization and opportunities to engage, as well as specific information on the breakout committee meetings and sessions at the Plenary itself. The session participants and Secretariat staff extend grateful thanks to Judith Fleenor for delivering an outstanding presentation with valuable information and explanation of the IDESG tools and opportunities for involvement.   Download PowerPoint Slides from the Orientation Session

 

IDESG Members Participate in MIT Mobile Phone "Unique in the Crowd" Demo

At the beginning of the meeting, attendees were given the opportunity to install an app on their Android phone, or borrow an MIT Android phone to participate in a real time experiment and demo. This app then collected information about their whereabouts during the next 24 hours. The data from those who participated was analyzed and included in the presentation that Professor Sandy Pentland gave on Thursday. The app demonstrated that anonymity is very difficult to achieve. Learn more at https://ecitizen.mit.edu.

 

NSTIC NPO Updates

In his update to the IDESG, Jeremy Grant, NSTIC NPO Director, noted that in the time since NSTIC was first launched, there has already been an increase in consumer awareness about the need for something stronger than a simple password. Issues with account takeovers have gotten people talking about the very issues the IDESG is trying to solve. Although awareness has improved, there is still a need for a comprehensive framework so that we can address security issues in a way that is interoperable, cost-effective, easy-to-use, privacy-enhancing, secure, and resilient. The IDESG is focused on creating this very framework. 

  

Grant also discussed the related topic of accreditation. He said that on the one hand, the Steering Group could stand up a brand-new accreditation program for identity ecosystem participants including providers and relying parties - and the Steering Group would charge them a fee to be accredited. On the other hand, there are participants who are already in the accreditation business today. They have concerns that the Steering Group will encroach on their business. Then there are organizations that don't want to pay for accreditation at all. Grant suggested that it may be time to talk about accreditation that isn't overly prescriptive on this topic. An identity ecosystem framework is not something that can be developed overnight. At the end of the day, NSTIC is a strategy, and that strategy does not insist on a particular method to get to the end goal. 

  

Grant noted that the Trust Framework and Trustmark Committee gives the IDESG an opportunity to take a step back and contemplate different approaches that could unite participants and drive progress towards the realization of the NSTIC. So instead of trying to define up front what the accreditation program will look like, perhaps IDESG members should switch their focus to craft model trustmarks that embody the NSTIC framework and guiding principles. 

  

Another important topic that Grant raised were policies and incentives. He discussed how the strategy is just a strategy, and it may need policies to back it up to correctly incentivize the behavior that is needed. 

  

Grant also talked about how the five pilot projects that addressed the IDESG during the May Plenary Meeting in Santa Clara will be joined by seven new pilot projects in September.

 

Business Plan Subcommittee Update

Next, Kim Little gave an update about the progress of the Business Plan Subcommittee that she chairs. First, the Pfau Englund Nonprofit Law, P.C. was selected as the IDESG's legal counsel to assist with the transition to a self-sustaining organization. Little also explained that the legal counsel has recommended that the IDESG be a Non-Profit Organization since it is a widely recognized and understood legal structure and it is the easier form with which to apply for federal tax-exempt status. She described various Revenue Models that the IDESG could utilize, such as Member Dues, Sponsorships, and Corporate Donations. She also described how the subcommittee was doing research on the types of members the IDESG already has, so they can get a better idea on how to structure potential membership fees. 

 
The Subcommittee recommended that the best governance structure for the IDESG would be a structure that leveraged the current approved structure and the Rules of Association wherever possible. For example, they are looking to make a Board of Directors that consists of the Management Council.
 
Little ended her presentation on the topic of IDESG Value Propositions and mentioned that the next step for the subcommittee is getting input from the plenary on the following questions "What are the top reasons why you and/or the organization you represent are a current member of the IDESG?" and "What will be required for you and/or your organization to become a member of a self-sustaining organization." These questions were sent to IDESG members in the form of an emailed survey. If you have not received this survey, please email idecosystem@trustedfederal.comDownload Presentation
 
Organizational Direction Update
After committee breakout sessions in the afternoon, Plenary Chair, Bob Blakley closed the day with a presentation that he created for the Cloud Identity Summit. The presentation centered around the questions "What Will the IDESG Do?" and "And How Will We Do It?" He summed the answers to these questions into these statements:
  • Enable universal acceptance of user selectable portable credentials
  • Make registration and authentication simple and fun
  • Separate authentication from identification
  • Empower users to negotiate terms for the use of their identity and transaction data
  • Standards assurance levels for vetting and authentication methods
  • Standardize security and privacy practices for collection and use of identity and attribute information
  • Standardize liability terms for Identity Providers, Attribute Providers and Relying Parties
  • AND......Do all of this without creating standards, technologies, or laws
  • AND......Do it all with unpaid volunteers who have day jobs
  • BY THE WAY.....This doesn't exist in the physical world
  • The Approach
    • 1. Draw a picture of the future
    • 2. Find the building blocks
    • 3. Liaise with people who make the building blocks
    • 4. Put an official stamp on solutions that combine the building blocks in the right way
    • 5. Spread the word 
  • Download Presentation

Trusted Identities for a New Deal on Data 

On Thursday, MIT Media Lab Profesor, Sandy Pentland and his MIT Human Dynamic Lab team introduced the idea of a Personal Data System (PDS). They discussed the technical components of each PDS, such as sources of personal data, identity providers, relying parties, and user/owner of the PDS. They also discussed what an openPDS is, including openPDS principles, design, and architecture. They then tied in the "Unique in the Crowd" Android app demo that was introduced on Wednesday. This demo discussed the privacy bounds of human mobility. Of the 25 people who participated in the 24 hour demo, 22 people were found to be unique. Find more information atwww.funf.org and openpds.media.mit.edu. Dazza Greenwood, Plenary Vice-Chair closed the presentation by discussing the unique relationship between business, legal, and technology with the PDS concept. Download Presentation

Taxonomy Ad Hoc Group Report 

After lunch and a tour of the MIT Media Lab, Adam Madlin, Security Committee Chair, and Win Baylies gave an update on the Taxonomy Ad Hoc Group's progress. This presentation covered the group's objectives, approach, completed and in-process definitions, next terms to be defined, and IDESG glossary usage. The presentation concluded with a recommendation from the AHG that a common glossary be used for all IDESG internal deliverables and external interactions. The group also had proposed to the plenary a process for submissions for adoption. Download Presentation

Use Case Criteria and Life Cycle Update

Cathy Tilton, Chair of the Standards Coordination Committee, presented a status update on the IDESG Use Cases. She mentioned that the purpose of Use Cases is that they provide a "basis for the development of other work products" and they "determine commonalities so as to be able to design services." The Use Case Ad Hoc Group is still active and the Use Case area of the Wiki is being used for the collection of Use Cases. Tilton discussed feedback the group had received on the Use Case Workshop that was held during the May Plenary Meeting. She also showed a diagram on the Use Case Life Cycle Stages and Use Case Process Flow. More information on this session can be found by Downloading the Presentation

NSTIC IDESG Policy Incentives: A Small Research Initiative 

Dan Chenok, Policy Committee Chair, and Jeremy Grant, NSTIC NPO Director then presented on policy incentives. They discussed the value of membership including: how policy initiatives can focus on tangible value to current and prospective participants, and how the value of membership can vary based on the type of participant (provider, relying party, user) or the level of trust framework engagement (basic member, accreditation, trustmark, etc.). To start, information must be gathered from a small group of key industry players. The Policy Committee is planning informal discussions with these players this summer to ask a consistent set of questions. The committee will then report back to the plenary the common themes and recommendations found from these discussions. One example question is: "What policy issues around the establishment of an Identity Ecoystem Framework, intended to transform how online transactions and digital identities are created and used, interest your organization?" Download Presentation

Pilot Presentation from UCAID and MIT

Mike Grady, UCAID, Jeffrey Schiller, MIT and David LaPorte, MIT then presented on "Scalable Privacy: MFA (Multi-Factor Authentication) Conhortium - Issues Identified & Lessons to Learn."  The objective of the MFA Conhortium is to advance the deployment of MFA in Higher Education. There are roughly 40 institutions participating. It is a collaboration effort to held each understand the business case, technologies, deployment models, issues, costs, requirements, ROI, etc. the surround deployment MFA in Higher Education. Some issues that the pilot has identified include: accessibility support, FERPA issues in the release of PII to a third-party authenticator, cloud authentication & high availability, and failover strategies. One lesson already learned is that Federated Multilateral MFA will have the best ROI - but this still needs to be measured and documented. Download Presentation #1Download Presentation #2 about Two-Factor Authentication at MIT

Committee Report-outs
Comms and Work Planning Report - Download Presentation
  • There is a need for a clearly defined and articulated strategic plan to communicate internally and externally and build stakeholder engagement. 
  • The resulting strategic plan will help guide Management Council work and provide the foundation for communications and outreach.
  • The Communications Subcommittee will develop an IDESG communications plan with the pro bono assistance of Waggener Edstrom, a leading communications firm.
  • The Work Planning Subcommittee is working with the NPO and Secretariat to "tool up" and propose a lightweight process to keep the work planning function continuing.

Standards Coordination Committee Report - Download Presentation

  • New officers elected recently
  • SCC Workplan
  • Since May:
    • Charter has been approved
    • Standards adoption criteria drafted and reviewed
    • Use Case Life Cycle developed 
    • Use Case and Taxonomy AHG work 
    • Formed Standards Wiki AHG 
    • Setup listservs for Use CaseTaxonomy, and Functional Model work. 
Security Committee Report - Download Presentation
  • Committee Vision: Develop and implement a Security Evaluation Methodology
  • Key steps/deliverables necessary to complete this mission:
    • IDESG glossary
    • Functional Model
    • Security Evaluation Model 
  • Committee work is being performed in these subgroups: TaxonomyFunctional Model, and Attribute Assurance.
Trust Framework and Trustmark Committee Report - Download Presentation
  • TFTM was restarted at the last Plenary meeting in May. Since then the committee now has officers in place: Rich Furr: Chair, Jack Suess: Vice-Chair, and Andrew Hughes: Secretary. 
  • Charter approved and the committee held meetings on direction and work products.
  • This Trust Framework and Trust mark Presentation uses work that Tom Smedinghoff did for the ABA task force and that Andrew Hughes did for the TFTM Meeting during the 5th Plenary. 

E-Deliberation Procedure Proposal 

After the committee reports, Bob Blakley, Plenary Chair presented on Electronic Deliberation. Download the E-Deliberation Procedure Proposal, the proposal is also linked to from the IDESG homepage. The objectives of this proposal include: 

  • Replicate the deliberative process used at in-person meetings
  • Retain the best features of our current electronic ballot
  • Add the ability to accept amendments
  • View diagrams of this proposal.

6th Plenary Meeting at NIST

October 16-18, Main NIST Administration Building

Preliminary Agenda
  • Wednesday, October 16
    • Management Council, Optional Breakouts and Newcomers' Orientation Session in the Morning
    • Executive Session of the Management Council may be held Tuesday afternoon, October 15, more information to come
    • Plenary Session begins at 1:00pm
  • Thursday, October 17
    • All day Plenary featuring keynote NSTIC presentation from the White House and more breakout sessions in the afternoon
  • Friday, October 18
    • Plenary Meeting ends at 1:00pm
In-Person Registration Details 
  • Registration closes on Wednesday, October 9. ALL ATTENDEES MUST BE PRE-REGISTERED. 
  • This is a U.S. Government Facility. Walk-Ins and late registrants will not be able to enter the NIST Campus. 
  • U.S. Persons must present valid government-issued photo ID at the Visitor Center. Non U.S attendees are required to present a passport. Attendees must wear their conference badge at all times while on the campus

ATTENTION COMMITTEES! Update the entire IDESG on your progress in the next newsletter by emailinglaura.baareman@trustedfederal.com.