IDESG Newsletter #9


Introduction of New Leaders 

This Plenary marks a new phase in the IDESG development as it passes from an interim leadership team to one elected for a first full term under its recently adopted rules. The Santa Clara Plenary began with remarks from Plenary Chair, Bob Blakley; Management Council Chair, Peter Brown; and NSTIC National Program Office Director, Jeremy Grant, followed by an introduction of the newly elected Management Council Members and Plenary Leaders. Special recognition was given to the outgoing Management Council leaders who did not stand for re-election: Brett McDowell, past chair; Mary Ruddy, Aaron Titus, past stakeholder delegates, and Jay Unger, past stakeholder delegate and chair of the Technical Advisory Subcommittee. 


Work Planning Subcommittee Recommendations

Paul Laurent, chair of the Management Council Work Planning Subcommittee, kicked off the meeting with an update of the IDESG Work Plan recommendations. The Work Plan covers IDESG Priority Objectives, IDESG Priority Activities, and IDESG Structural Issues. The five priority objectives for 2013 that the subcommittee recommended are:

  • Establish and implement an IDESG Self-Sustainment Plan
  • Establish and implement an IDESG Accreditation and Trustmark Program
  • Establish defined liaison relationships
  • Implement IDESG Accreditation Program for at least two NSTIC Pilots
  • Establish and implement the Identity Ecosystem Framework Development and Adoption Process   
You can read more about these recommendations in the Workplanning Report Slides.pdf and the Work Planning Word Document
Use Case Workshop - Notes and Next Steps

After a break the group launched into a Use Case Workshop led by Standards Coordination Committee Chair Cathy Tilton and Scott Shorter. Use cases are important to our work across the IDESG because they help define the problem(s) we are trying to solve, provide a context for the development of other work products, which can be "tested" against the use cases, and generally keep our collective efforts aligned.  The intent is to develop high level "functional" use cases which provide the "what and why", but not the "how" of a given user story or scenario.


Use case collection began following the February plenary and is a continuous, ongoing activity.  By this plenary, over 70 use cases had been submitted to the IDESG Wiki, in various stages of completion and refinement.  This was the result of numerous solicitations to the IDESG committees and participants.


The purpose of the workshop was to advance the use case activity and increase IDESG involvement by familiarizing the wider IDESG with the use case format, content, and process - in other words, it was meant to be a "learning experience".  To this end, a set of example use cases were pulled from the Wiki for discussion and to "practice on".  These did NOT represent a final or complete set! Download the Use Case Workshop Presentation


As part of the workshop, a set of draft criteria against which the use cases could be assessed were presented.  The criteria is intended to provide guidance to use case developers and eventually to allow us as a group to select an initial set of use cases for inclusion in an IDESG deliverable.  They help us to make the use cases a more valuable tool!  As a starting point for our discussions, the draft criteria included relevance, completeness, level, diversity (as a set), and support for the NSTIC guiding principles.  Our next step will be to send these to the IDESG committees for comment.


Although the workshop received mixed reviews, we did receive some valuable feedback on the use cases and process.  For example, feedback like "this use case is too implementation specific" shows that participants were able to apply the proposed "level" criteria! The primary benefit resulting from the workshop is that IDESG participants are now more actively engaged in the use case effort and are in a much better position to contribute to the ongoing work AND to use the relevant use cases ultimately developed as a tool in their own committee work.


If you are wondering how you can be more involved, consider a) giving thoughtful review to the draft criteria, b) contributing a use case that is derived from the Strategy and that is technology and implementation neutral, or c) joining the Use Case Ad Hoc Group. Information is available on the Use Case Wiki home page.  Your inputs are valuable!  Help us to create a useful and relevant set of use cases to inform the development of the identity ecosystem framework.

NSTIC Pilot Session Presentations
Day One of the meeting concluded with a 25-30 minute report from each of the five NSTIC Pilot Programs. A recording of each of these reports will be posted to the IDESG Website as soon as possible at The presentations are linked to below:
Social Event
Day One concluded with a joint social event organized by the Internet Identity Workshop (IIW) to whom we extend our gratitude for their generosity and inclusiveness. 

IDESG Success Metrics 

Day Two (May 10) began with a discussion about IDESG Success Metrics to engage the Plenary in a conversation about organizational and identity ecosystem health led by Bob Blakley, Plenary Chair. Some suggestions from the Plenary included:

  • Timely achievement of milestones in the Work Plan 
  • Making the IDESG a legal entity as a top priority
  • Analyze who is actively participating, who is dropping out, who is joining, and why 
  • Determine in business terms the value of IDESG Membership
  • Determine a process to create revenue 
  • Goal: List of Success Metrics circulated at next Plenary
  • Clearly articulate how the work of the IDESG makes electronic access easier, safer, and more private for consumers 
  • Media Coverage of the IDESG 

Business Plan Subcommittee Presentation on Organizational Sustainability

After a break, The Business Plan Subcommittee of the Management Council provided information about their ongoing efforts on organization sustainability in a presentation by Subcommittee Chair Kim Little. She covered key steps that must be taken to establish a legal entity, as well as discussing the various revenue models, business types and entity types that have been and continue to be evaluated by the subcommittee. Little also shared the business models of other similar organizations that have been reviewed by the group. The next steps for the subcommittee include defining membership benefits and determining the IDESG's unique value propositions. Download the Business Plan Report Slides.pdf


Terminology Work in Ongoing Joint Committee Meetings

Colin Soutar, former chair of the Security Committee, then provided an update and led a discussion about Terminology work that has begun during Joint Standards and Security Meetings that occur every other Thursday. Visit the Security Committee Calendar to view meeting phone and webinar access information. Read more at Download Terminology Slides.pdf


Committee Breakouts
Committees then had approximately 1.5 hours to conduct their own committee meetings in breakout rooms with in-person and remote participants. Information on Committee work may be found in their respective listservcommittee page and document folder.
Privacy Evaluation Methodology (PEM) 2.0 
After the committee breakouts, Jim Elste, chair of the Privacy Committee, reviewed the new Privacy Evaluation Methodology (PEM) 2.0 that will be used to evaluate work products created by the IDESG in the future.  He ended with a proposal for the Privacy Committee to begin work on a Privacy "Articulation" Deliverable. Download Privacy Articulation Proposal.pdf
New Vice Chair Closes Meeting with Announcement of Next Plenary Location
Vice Chair Dazza Greenwood closed the meeting with an announcement that the next Plenary Meeting will be held at the MIT Media Lab July 24-26. Register

Peter Brown, Management Council Chair, offered his thoughts in closing that the window into the work of the IDESG is the work of the committees. Our core challenge is to communicate outwards while continuing to refine our internal processes. The IDESG now needs to test ideas, involve our members and outreach to others not yet engaged about the future of the IDESG and the work of the identity ecosystem. 


The closing of the plenary was notable when an attendee suggested that the work of the IDESG was focused primarily on "...trying to solve a problem for the ordinary citizen" and asked "what is the value of solving this problem to business?"


Jeremy Grant, NSTIC National Program Office Director, responded that the work of the IDESG is extraordinarily relevant to businesses - noting that when businesses are breached due to reliance on passwords and poor authentication - and when customers abandon websites because they are unwilling to create a new account or try to remember their password - it has a very material impact on businesses.  He noted that the work the IDESG is tackling has major financial implications for business and there are significant economic gains to be realized for organizations that can solve these problems. 


Jeremy noted that the NSTIC pilots are starting to demonstrate potential solutions to these problems - but that without an Identity Ecosystem Framework of standards and policies, pilots and other efforts will be challenged to scale in the marketplace.  This is why the work of the IDESG is so important; our job is to collectively create a foundation to enable a vibrant Identity Ecosystem.  


Finally in closing, Dazza Greenwood asserted that what is different about the IDESG is that this is a coalition of many sectors that need to be involved in the process.  The value is not in the is right now.



  • What: 5th IDESG Plenary Meeting
  • When: July 24-26 
  • Where: Massachusetts Institute of Technology (MIT) Media Labs - 75 Amherst St., Cambridge, MA 02139
  • Nearby Hotels
  • To change your registration, just fill out the Registration Form again with your new updated registration information.  



  • What: 6th IDESG Plenary Meeting
  • When: October 16-18, 2013
  • Where: NIST Red Auditorium - 100 Bureau Dr, Gaithersburg, MD 20899
  • To change your registration, just fill out the Registration Form again with your new updated registration information. 


Of particular importance to the NSTIC/IDESG Community: 

Draft SP 800-73-4 (PIV Card Application Data Model and Interfaces) and Draft SP 800-78-4 (PIV Cryptographic Specification) have just been published for public commenting. These SPs have been updated to align with Candidate Final FIPS 201-2.

The public comment period ends June 14th 2013. 

The documents, short summaries and comment templates are available at:


ATTENTION COMMITTEES! Update the entire IDESG on your progress in the next newsletter by