In today’s online environment, individuals are asked to maintain dozens of different usernames and passwords, usually one for each website with which they interact. This approach is a burden to individuals, and it encourages behavior – like the reuse of passwords – that makes online fraud and identity theft easier. At the same time, businesses are faced with ever-increasing costs for managing customer accounts, the consequences of online fraud, and the loss of business that results from individuals’ unwillingness to create yet another account. In addition, businesses and governments are unable to offer many services online because they cannot effectively identify the individuals with whom they interact.
In April 2011, the White House introduced The National Strategy for Trusted Identities in Cyberspace (NSTIC), an initiative to work collaboratively with the private sector, advocacy groups, public sector agencies and other organizations to improve the privacy, security and convenience of online transactions. The Identity Ecosystem envisioned in the NSTIC is an online environment where individuals and organizations are able to trust each other because they follow agreed upon standards to obtain and authenticate their digital identities – and the digital identities of devices.
To achieve this objective, the NSTIC established guiding principles for the creation of an Identity Ecosystem. These principles require that the Identity Ecosystem should be developed with identity solutions that are:
- Privacy-enhancing and voluntary;
- Secure and resilient;
- Interoperable; and
- Cost-effective and easy to use.
The NSTIC vests responsibility for the creation of policy and standards for the Identity Ecosystem in the Identity Ecosystem Steering Group (IDESG), a private sector-led organization and the only one that is NSTIC-aligned. IDESG works closely with the NSTIC National Program Office, which manages the day-to-day activities of the NSTIC implementation.
The Identity Ecosystem was established during a Kickoff Meeting held in Chicago in August 2012. During this inaugural meeting, IDESG members elected officers, reviewed draft charter and by-laws and established working groups and standing committees to address specific challenges to the Identity Ecosystem that the group is charged with creating.
The IDESG is now an independent, non-profit association, and is making great progress toward delivering version one of an Identity Ecosystem Framework in late summer/early fall of 2015. This framework will deliver a baseline set of standards and policies that enables individuals and organizations to start using a new generation of more secure, convenient, privacy-enhancing credentials that are interoperable across the internet.