IDESG Newsletter #12
NSTIC Notes Blog Post: Getting Down to the Nitty Gritty: Perspectives on the IDESG MIT Plenary
We were thrilled to see more than 150 in-person and remote participants take time out of their summers to attend the fifth Identity Ecosystem Steering Group (IDESG) plenary at the MIT Media Lab. Beyond strong attendance, we were most excited by comments from enthusiasts and skeptics alike that the IDESG was getting down to the nitty gritty - taking a number of steps to flesh out the Identity Ecosystem Framework and move us ever closer to realizing the vision of the NSTIC.... Continue reading at the NSTIC Notes Blog.
IDESG MIT PLENARY SUMMARY
Wednesday Starts with Pre-Plenary Meetings
Many groups took advantage of face-to-face time together before the Plenary began. The Management Council and the Use Case Ad Hoc Group both held meetings on Wednesday morning that allowed for in-person and remote participants. An Ad-Hoc Voting Method Discussion was led by David Rosenberg. The 5th Plenary Meeting devoted a lot of time to Committee, Subcommittee, and Ad Hoc Group breakout meetings.
The first IDESG/NSTIC Orientation Session was held with both great attendance and tremendous approval and appreciation. The orientation session was hosted by the Communications and Outreach Subcommittee and led by Judith Fleenor, a member of the Subcommittee. Information was provided about the IDESG organization and opportunities to engage, as well as specific information on the breakout committee meetings and sessions at the Plenary itself. The session participants and Secretariat staff extend grateful thanks to Judith Fleenor for delivering an outstanding presentation with valuable information and explanation of the IDESG tools and opportunities for involvement. Download PowerPoint Slides from the Orientation Session.
IDESG Members Participate in MIT Mobile Phone "Unique in the Crowd" Demo
At the beginning of the meeting, attendees were given the opportunity to install an app on their Android phone, or borrow an MIT Android phone to participate in a real time experiment and demo. This app then collected information about their whereabouts during the next 24 hours. The data from those who participated was analyzed and included in the presentation that Professor Sandy Pentland gave on Thursday. The app demonstrated that anonymity is very difficult to achieve. Learn more at https://ecitizen.mit.edu.
NSTIC NPO Updates
In his update to the IDESG, Jeremy Grant, NSTIC NPO Director, noted that in the time since NSTIC was first launched, there has already been an increase in consumer awareness about the need for something stronger than a simple password. Issues with account takeovers have gotten people talking about the very issues the IDESG is trying to solve. Although awareness has improved, there is still a need for a comprehensive framework so that we can address security issues in a way that is interoperable, cost-effective, easy-to-use, privacy-enhancing, secure, and resilient. The IDESG is focused on creating this very framework.
Grant also discussed the related topic of accreditation. He said that on the one hand, the Steering Group could stand up a brand-new accreditation program for identity ecosystem participants including providers and relying parties - and the Steering Group would charge them a fee to be accredited. On the other hand, there are participants who are already in the accreditation business today. They have concerns that the Steering Group will encroach on their business. Then there are organizations that don't want to pay for accreditation at all. Grant suggested that it may be time to talk about accreditation that isn't overly prescriptive on this topic. An identity ecosystem framework is not something that can be developed overnight. At the end of the day, NSTIC is a strategy, and that strategy does not insist on a particular method to get to the end goal.
Grant noted that the Trust Framework and Trustmark Committee gives the IDESG an opportunity to take a step back and contemplate different approaches that could unite participants and drive progress towards the realization of the NSTIC. So instead of trying to define up front what the accreditation program will look like, perhaps IDESG members should switch their focus to craft model trustmarks that embody the NSTIC framework and guiding principles.
Another important topic that Grant raised were policies and incentives. He discussed how the strategy is just a strategy, and it may need policies to back it up to correctly incentivize the behavior that is needed.
Grant also talked about how the five pilot projects that addressed the IDESG during the May Plenary Meeting in Santa Clara will be joined by seven new pilot projects in September.
Business Plan Subcommittee Update
Next, Kim Little gave an update about the progress of the Business Plan Subcommittee that she chairs. First, the Pfau Englund Nonprofit Law, P.C. was selected as the IDESG's legal counsel to assist with the transition to a self-sustaining organization. Little also explained that the legal counsel has recommended that the IDESG be a Non-Profit Organization since it is a widely recognized and understood legal structure and it is the easier form with which to apply for federal tax-exempt status. She described various Revenue Models that the IDESG could utilize, such as Member Dues, Sponsorships, and Corporate Donations. She also described how the subcommittee was doing research on the types of members the IDESG already has, so they can get a better idea on how to structure potential membership fees.
The Subcommittee recommended that the best governance structure for the IDESG would be a structure that leveraged the current approved structure and the Rules of Association wherever possible. For example, they are looking to make a Board of Directors that consists of the Management Council.
Little ended her presentation on the topic of IDESG Value Propositions and mentioned that the next step for the subcommittee is getting input from the plenary on the following questions "What are the top reasons why you and/or the organization you represent are a current member of the IDESG?" and "What will be required for you and/or your organization to become a member of a self-sustaining organization." These questions were sent to IDESG members in the form of an emailed survey. If you have not received this survey, please email email@example.com. Download Presentation.
Organizational Direction Update
After committee breakout sessions in the afternoon, Plenary Chair, Bob Blakley closed the day with a presentation that he created for the Cloud Identity Summit. The presentation centered around the questions "What Will the IDESG Do?" and "And How Will We Do It?" He summed the answers to these questions into these statements:
Trusted Identities for a New Deal on Data
On Thursday, MIT Media Lab Profesor, Sandy Pentland and his MIT Human Dynamic Lab team introduced the idea of a Personal Data System (PDS). They discussed the technical components of each PDS, such as sources of personal data, identity providers, relying parties, and user/owner of the PDS. They also discussed what an openPDS is, including openPDS principles, design, and architecture. They then tied in the "Unique in the Crowd" Android app demo that was introduced on Wednesday. This demo discussed the privacy bounds of human mobility. Of the 25 people who participated in the 24 hour demo, 22 people were found to be unique. Find more information atwww.funf.org and openpds.media.mit.edu. Dazza Greenwood, Plenary Vice-Chair closed the presentation by discussing the unique relationship between business, legal, and technology with the PDS concept. Download Presentation.
Taxonomy Ad Hoc Group Report
After lunch and a tour of the MIT Media Lab, Adam Madlin, Security Committee Chair, and Win Baylies gave an update on the Taxonomy Ad Hoc Group's progress. This presentation covered the group's objectives, approach, completed and in-process definitions, next terms to be defined, and IDESG glossary usage. The presentation concluded with a recommendation from the AHG that a common glossary be used for all IDESG internal deliverables and external interactions. The group also had proposed to the plenary a process for submissions for adoption. Download Presentation.
Use Case Criteria and Life Cycle Update
Cathy Tilton, Chair of the Standards Coordination Committee, presented a status update on the IDESG Use Cases. She mentioned that the purpose of Use Cases is that they provide a "basis for the development of other work products" and they "determine commonalities so as to be able to design services." The Use Case Ad Hoc Group is still active and the Use Case area of the Wiki is being used for the collection of Use Cases. Tilton discussed feedback the group had received on the Use Case Workshop that was held during the May Plenary Meeting. She also showed a diagram on the Use Case Life Cycle Stages and Use Case Process Flow. More information on this session can be found by Downloading the Presentation.
NSTIC IDESG Policy Incentives: A Small Research Initiative
Dan Chenok, Policy Committee Chair, and Jeremy Grant, NSTIC NPO Director then presented on policy incentives. They discussed the value of membership including: how policy initiatives can focus on tangible value to current and prospective participants, and how the value of membership can vary based on the type of participant (provider, relying party, user) or the level of trust framework engagement (basic member, accreditation, trustmark, etc.). To start, information must be gathered from a small group of key industry players. The Policy Committee is planning informal discussions with these players this summer to ask a consistent set of questions. The committee will then report back to the plenary the common themes and recommendations found from these discussions. One example question is: "What policy issues around the establishment of an Identity Ecoystem Framework, intended to transform how online transactions and digital identities are created and used, interest your organization?" Download Presentation.
Pilot Presentation from UCAID and MIT
Mike Grady, UCAID, Jeffrey Schiller, MIT and David LaPorte, MIT then presented on "Scalable Privacy: MFA (Multi-Factor Authentication) Conhortium - Issues Identified & Lessons to Learn." The objective of the MFA Conhortium is to advance the deployment of MFA in Higher Education. There are roughly 40 institutions participating. It is a collaboration effort to held each understand the business case, technologies, deployment models, issues, costs, requirements, ROI, etc. the surround deployment MFA in Higher Education. Some issues that the pilot has identified include: accessibility support, FERPA issues in the release of PII to a third-party authenticator, cloud authentication & high availability, and failover strategies. One lesson already learned is that Federated Multilateral MFA will have the best ROI - but this still needs to be measured and documented. Download Presentation #1. Download Presentation #2 about Two-Factor Authentication at MIT.
Comms and Work Planning Report - Download Presentation
Standards Coordination Committee Report - Download Presentation
E-Deliberation Procedure Proposal
After the committee reports, Bob Blakley, Plenary Chair presented on Electronic Deliberation. Download the E-Deliberation Procedure Proposal, the proposal is also linked to from the IDESG homepage. The objectives of this proposal include:
6th Plenary Meeting at NIST
October 16-18, Main NIST Administration Building
In-Person Registration Details
ATTENTION COMMITTEES! Update the entire IDESG on your progress in the next newsletter by firstname.lastname@example.org.