IDESG Newsletter #16

The 8th Plenary of the IDESG was hosted by Symantec, at their headquarters in Mountain View, CA. In addition to providing facilities, Symantec also provided continental breakfast each morning and coffee breaks throughout the meeting. Attendance was very good with nearly 175 people combined as in-person and remote participants. Prior to the start of the Plenary a Newcomer Orientation was available to both in-person and remote participants and included helpful information to both new and old participants to understand the mission and work of the IDESG today. Presentations were made by Suzanne Lightman of the NSTIC NPO and Judith Fleenor, an active member and former committee leader of the IDESG. (Download Presentation).

Day 1 - Tuesday, April 1

The 8th Plenary was opened by Bob Blakley, Plenary Chair, as his last Plenary meeting. Opening guest speakers included Roger Casals of the host, Symantec; Jeremy Grant of the NSTIC NPO, and Bob Blakley as the moderator and facilitator of the full Plenary meeting.

Roger Casals, Symantec's Senior Director of Identity, Opening Presentation - Video Recording

During Roger Casal's presentation, he shared Symantec's vision of what identity will look like in the future. He said, "Identity is the next big thing and will change our lives dramatically." Why? Because identity is in the middle of a perfect storm that is being driven by five different trends: The Cloud, Security, Mobility, Compliance, and the Internet. Casals discussed various types of identity and access processes in use today. Symantec is focused on "one identity" for a person, Casals said, "You should be able to manage everything in your life in a centralized way...You want to prevent bad guys getting in and protect good stuff from getting out. It is that simple...We want to provide one identity through one solution that allows customers to access their world, no matter what." Casals also mentioned that passwords are one of the biggest hindrances to a leap forward in terms of identity adoption. Everybody has suffered from a password failure. "Passwords are not a good method for protecting our identity anymore."

Plenary Update, Bob Blakley - Video Recording

Reporting on the Plenary's Progress, Bob Blakley said efforts continue on furthering the work plan for the year and on coordinating activities across the various committees to produce IDESG deliverables. The Management Council has had extensive discussions focused on the organization's and committees' resources to produce a set of deliverables to get us to the minimum viable (baseline) product by the end of 2014. The Management Council is holding a focused retreat to develop a strategic framework for 2014 objectives and short-range goals. What we produce must be understood and guided by the community to whom we are delivering things and must be achievable with mostly volunteer resources. Blakley closed by referencing that elections are now complete and a new set of Plenary Officers and Management Council Representatives will take office on April 15. 

NSTIC NPO Update - Jeremy Grant, NSTIC NPO Director - Video Recording

"It's been 20 months since the IDESG first convened in August 2012 and the range of issues we are working to address -  issues associated with identity and account creation - continue to be a real challenge," said Grant. The identity ecosystem we have does not sufficiently address all the needs of Americans. "We don't have an identity ecosystem today that allows all people to prove who they are online. We also don't have the ability for people to protect themselves amid the collection of their data.  Consumers are shying away from some online commerce because they don't trust what some firms and organizations are doing with their data."

Grant also gave an update on the pilots. "As of today, the NPO Office has awarded 12 NSTIC Pilots and you will hear from a number of them in the pilots panel this week. In January we announced a third round of NSTIC Pilots. We received 42 applications, and last Friday we selected 8 of them as finalists for the last round. We expect to make a few new pilot awards in September. Pilots represent the best way to take the ideas encompassed in the NSTIC and test them out while the IDESG focuses on crafting an identity ecosystem framework and business rules to provide a foundation for the ecosystem.  The lessons learned from pilots can help us find the right path for this organization to take on certain issues and for some of the IDESG deliverables to be applied by the pilots in real-time. For example, this past year the pilots used the IDESG's Privacy Evaluation Methodology. This has helped many of the pilots to better identify and evaluate privacy issues in their projects."

In closing, Grant said that "the next round of funding for the IDESG (organization) will be very different from the initial funding the government provided. The initial grant was focused on funding an entity to create a brand new organization. The follow-on round of support will be focused on supporting the organization's work activities and the advancement of the identity ecosystem framework."

Breakout Sessions

After the opening sessions, the Plenary participated in 4 breakout committee sessions: Standards, Functional Model, Healthcare, and Joint Policy and Financial Services. The Healthcare Committee heard from Mike Farnsworth of the Cross Sector Digital Identity Initiative during their breakout. 

Management Council, Board of Directors, and Executive Director Updates - Video Recording

Kay Chopard Cohen announced that the next Plenary will be held June 17-19 at NIST in Gaithersburg, MD. Details are forthcoming and will be posted towww.idecosystem.org. She also announced that as of May 1 she will be leaving her position of Executive Director at IDESG. Recognizing the important and critical work of the IDESG, she thanked them for the opportunity to work together and encouraged them to continue with their work in balancing the interests of their diverse stakeholders to enhance the identity ecosystem framework.  

Peter Brown announced that with Kay moving to a new position on May 1, Trusted Federal Systems will hire a short term replacement for Executive Director for the next 3-4 months(In the meantime, as announced a week after the plenary, Mary Ellen Condon has been appointed to take over from Kay and is already working hand-in-hand with her during a transition period). The transition to the new leaders elected this spring will take place on April 15. An early job of the Board of Directors/Management Council will be to select a new long term Executive Director.

Peter also announced that the outgoing and incoming Management Council Members and Board of Directors will meet for 2 days in late April to discuss organizational strategy, the current organizational structure and examine whether it is fit for its purposes and goals.  They will also discuss the resourcing of the organization and ensure that the IDESG has the materials and finances to enable it to do the tasks assigned. During this time, the leaders will also discuss changes that may need to be made to the Rules of Association and will revisit the proposed fee scheduled and come back to the Plenary with new proposals. 

The Board of Directors will create the official submission for grant funding from NIST.  It will include a serious business case, budget, and clear outline of priorities and work that needs to be done. They will seek three areas of funding: 1) Basic operational expenses and staff - including an Executive Director, 2) Infrastructure Services (website, collaboration, etc.), and 3) a Framework Management Office to manage the provisioning of subject matter experts to support the work of the committees.

Security Committee Report: Functional Elements - Video Recording - Presentation

The first draft of the Functional Elements was introduced at the Atlanta Plenary in January 2014. It was then made available for comments and input across the committees. The Functional Elements is a living document. It is a component of the entire Functional Model that will eventually go through a plenary approval process. It can be downloaded at the Functional Model Wiki. It has been updated to reflect the feedback received from other committees. The Committee welcomes any feedback and encourages more people to start participating in this work. The Security Committee meets on Thursday afternoons.

Policy Committee Report: Policy Incentives Work - Video Recording - Presentation

One task written into the Policy Committee charter was to look at the policies and influences outside the IDESG that may affect policies within the IDESG or in the identity management realm. This particular project was to examine what kinds of incentives can be established to spur voluntary participation in the identity management policies and infrastructure that the IDESG and NSTIC have been developing. The presentation to the full Plenary was made by David Temoshok on behalf of Dan Chenok, Policy Committee Chair, who was unable to attend in person.

Day 2 - Wednesday, April 2

Standards Coordination Committee Report: Use Case Ad Hoc Group (AHG) - Video Recording - Presentation

The AHG is working through the Use Case Lifecycle. The first two stages are completed. Currently work is on the third stage "Committee review." Comments have been received from the Management Council, the Privacy Committee and the Security Committee. Next steps will be to complete AHG review, receive approval of the Standards Coordination Committee, and present the initial set of use cases for Plenary approval which can then be published. 

Committee Breakout Sessions

Four Breakout Sessions followed: 1) International Coordination Committee, 2) Privacy Coordination Committee, 3) Trust Framework and Trust Mark Committee, and 4) Attributes Ad Hoc Group. 

Birds of a Feather (BOF) Lunch Sessions

Following the Breakout Sessions, there was lunch and two BOF Sessions: 

1. Machine Understandable Trustmarks hosted by GRTI - Video Recording -Presentation
2. Government Mobile Security and Derived Credentials - Audio Recording

You say 'Ecosystem'; I say 'Framework'...what are we saying?! - Peter Brown and Kim (Little) Sutherland - Video Recording - Presentation

One role of the Management Council is to ensure that all the work of the committees is being well coordinated. 

• As work ramps up in various committees several questions have been raised: Are we sure we are talking about the same thing? When you say ecosystem, are we building something new from scratch? And if so, what is wrong with the existing ecosystem or ecosystems? When you say framework, what do you mean? What is it that we are trying to build when we talk about an identity ecosystem framework? Brown and Sutherland took an informal sounding of the plenary, to affirm that when IDESG talks about "the ecosystem", it does so in the sense of the sum state of existing online identity systems and practices; and that when IDESG talks about "the identity ecosystem framework", it does so in the sense of the overarching set of policies, practices, standards, and technologies that taken together will help "steer" the identity ecosystem to a safer, more trustworthy, and privacy-enhancing space.
• Using those definitions of identity ecosystem and framework, Brown and Sutherland next looked at a snapshot of where we are in respect to the overarching mission of the organization in delivering against the key goals laid out in the National Strategy. They offered recommendations that the goal for the IDESG can be for a complete version 1 of the identity ecosystem framework (IEF) by December 31, 2014. Along with this goal, proposals were made to map tasks to committees with possible timelines. This high level discussion was presented as a starting point as the organization continues to stretch towards goals needed to implement the NSTIC principles.

Committee Breakout Sessions

The four afternoon breakout sessions were: 1) Use Case Ad Hoc Group, 2) User Experience Committee, 3) Healthcare Committee, and 4) Joint Security and TFTM Committee. The Healthcare Committee heard from Britton Wanick of Resilient Network Systems during their breakout session. 

Day 3 - Thursday, April 3

Pilot Presentations and Updates 

• 2013 State Government Recipient: Commonwealth of Pennsylvania
  • Video Recording
  • Presentation
• 2013 State Government Recipient: Michigan Department of Human Services
  • Video Recording
  • Presentation
• Pilot Panel Session
  • Video Recording

International Coordination Committee Presentation - Video Recording

Liaisons and Special Project: Identity Systems that Leverage Banking and Financial Processes - Presentation

The International Committee has been working on comparing three systems that leverage bank cards: 1) SecureKey, 2) BankID Norge, and 3) STORK 2 banking pilot. In the presentation, the committee used the same analysis criteria against each system. Some of the lessons learned are: 

• Leverage what the user already possesses for greater convenience
• Re-use identity attributes from authoritative source or trusted online banking identifier as per risk and CFT/AML requirement
• Both government/private and private sector only governance models can work
• Publish and make freely available, a well-tested pattern or recipe for re-use in different contexts
• To get adoption quickly, the value proposition should be comprehensive (2-3 benefits) yet lightweight to avoid complexity and cost to drag it down

International Presentations, Pilots and Platforms Relevant to NSTIC - Presentation

The mission of the International Committee is to build a bridge between the work of the IDESG/NSTIC and other similar projects around the world.  The goal is a two-way exchange of information with like-minded organizations to communicate what we are doing here and also learn best practices from others. Presentations have been planned for EEMA activities in London the first week of June. Jeremy Grant and Mike Garcia from the NPO, Don Thibeau, Russ Chung, and others from the committee will present at that meeting and other international events. At the last Plenary the International Committee arranged to hear from David Rennie from the UK Assurance Programme.  The Committee hopes to have other similar international speakers present at every other plenary meeting.

Committee Update: Healthcare Committee - Video Recording

The Healthcare Committee presented some of the lessons learned from the Resilient Network Systems Pilot Healthcare Pilot. 

Challenges to the project: 

• Sustainable revenue and  business drivers take priority in ecosystem participation before privacy or security
• State of adoption of eReferrals nationwide is low but there exists a great need for information exchange to coordinate care
• Existing manual methods (fax, phone) are entrenched

Potential solutions: 

• Common, interoperable and adaptable infrastructure enabled across HIEs for eReferrals and health information exchange supporting Meaningful Use
• Many use cases now solvable by common capabilities for lightweight exchange
• Minimal impact to user convenience was key to adoption; minimum needed to meet the policy or regulation

Seating of New IDESG Officers and Recognition of Outgoing Officers - Video Recording

The following outgoing leaders were recognized and thanked for their service:    

• Bob Blakley - Plenary Chair
• Dazza Greenwood - Plenary Vice Chair
• Don Thibeau  - Management Council Delegate At Large
• Lee Tien - Management Council Privacy & Civil Liberties Delegate 
• Kimberly (Little) Sutherland - Management Council Identity and Attributes Providers Delegate. Sutherland will continue as Plenary Chair beginning April 15. 
• Kay Chopard Cohen  - Executive Director 

Birds of a Feather (BOF) Sessions

Day 3 featured two more BOF Sessions during the lunch hour: 

• Big Data and Identity - Video Recording
• Pseudonymity and Anonymity Discussion - Video Recording

Committee Reports - Video Recording

• Privacy Committee - Since the last Plenary Meeting, the committee has done its first review of the initial glossary submitted by the Taxonomy AHG. They have also given feedback on the Use Cases. Work continues on improving and revising the Privacy Evaluation Methodology. Other work items include: editing their charter and improving their operational efficiency. 
• Use Case Ad Hoc Group - At the breakout session on Day 2, the group discussed the Use Case Criteria. This new criteria will be used for the next set of Use Cases. The group is always accepting new use cases. As they come in, please inform the AHG that they have been submitted to the Wiki. 
• Attributes Ad Hoc Group - During the breakout session they discussed Attributes Assurance. We should have standards and guidelines for establishing levels of assurance for attributes. The group will be narrowing the scope of its efforts due to limited resources. More information is available on the Attributes Wiki Page. 
• Trust Framework and Trustmark Committee - In their breakout session they had a discussion on the ecosystem versus the framework. In addition, they discussed what might be needed to support the overall mission. The committee is working on work stream number one and has identified seven deliverables. 
• User Experience Committee - Presentation - The committee has revised their charter.  It is currently being reviewed by committee members prior to submitting it to the Management Council. The committee has three new leaders: Mary Hodder - Chair, Marc Dupuis - Vice Chair, and Steve Bruck - Secretary. 
• Security Committee - The committee has been focused on the Functional Model. The first main task is the Functional Elements, a component of the Functional Model. This was presented more in-depth to the Plenary earlier. Functional Model Wiki Page. 
• Taxonomy - A new "on-demand" process will be used going forward. Taxonomy Ad Hoc Glossary Wiki Page. 

New Business - Video Recording 

• Topic: Organizing IDESG's Stakeholder Communities
• Topic: Donation by Dazza Greenwood of IDESG.com to the IDESG 
• Topic: Inclusiveness and Outreach by Bob Blakley

NEXT Plenary Meeting

June 17-19 at the National Institute of Standards and Technology (NIST), 100 Bureau Dr., Gaithersburg, MD 20899. See you there!

Save the Date for the September Plenary

The last in-person Plenary for 2014 will be held September 17-19 in conjunction with the Global Identity Summit (GIS) in Tampa, FL at the Tampa Convention Center, a waterfront location in the heart of Tampa, FL. The convention center is a short 15-minute cab ride from Tampa International Airport and has three adjacent hotels. GIS will be offering a discounted registration fee for one-day attendance at the GIS on September 16 created specifically for IDESG participants. The GIS dates are September 16-18. The schedule and registration will be finalized in the future to accommodate the IDESG Plenary agenda. Details will be provided at the June Plenary.