IDESG Newsletter #18
8th Plenary Hosted at Symantec Headquarters
in Mountain View, CA
The 8th Plenary of the IDESG was hosted by Symantec, at their headquarters in Mountain View, CA. In addition to providing facilities, Symantec also provided continental breakfast each morning and coffee breaks throughout the meeting. Attendance was very good with nearly 175 people combined as in-person and remote participants. Prior to the start of the Plenary a Newcomer Orientation was available to both in-person and remote participants and included helpful information to both new and old participants to understand the mission and work of the IDESG today. Presentations were made by Suzanne Lightman of the NSTIC NPO and Judith Fleenor, an active member and former committee leader of the IDESG. (Download Presentation).
Day 1 - Tuesday, April 1
The 8th Plenary was opened by Bob Blakley, Plenary Chair, as his last Plenary meeting. Opening guest speakers included Roger Casals of the host, Symantec; Jeremy Grant of the NSTIC NPO, and Bob Blakley as the moderator and facilitator of the full Plenary meeting.
Roger Casals, Symantec's Senior Director of Identity, Opening Presentation - Video Recording
During Roger Casal's presentation, he shared Symantec's vision of what identity will look like in the future. He said, "Identity is the next big thing and will change our lives dramatically." Why? Because identity is in the middle of a perfect storm that is being driven by five different trends: The Cloud, Security, Mobility, Compliance, and the Internet. Casals discussed various types of identity and access processes in use today. Symantec is focused on "one identity" for a person, Casals said, "You should be able to manage everything in your life in a centralized way...You want to prevent bad guys getting in and protect good stuff from getting out. It is that simple...We want to provide one identity through one solution that allows customers to access their world, no matter what." Casals also mentioned that passwords are one of the biggest hindrances to a leap forward in terms of identity adoption. Everybody has suffered from a password failure. "Passwords are not a good method for protecting our identity anymore."
Plenary Update, Bob Blakley - Video Recording
Reporting on the Plenary's Progress, Bob Blakley said efforts continue on furthering the work plan for the year and on coordinating activities across the various committees to produce IDESG deliverables. The Management Council has had extensive discussions focused on the organization's and committees' resources to produce a set of deliverables to get us to the minimum viable (baseline) product by the end of 2014. The Management Council is holding a focused retreat to develop a strategic framework for 2014 objectives and short-range goals. What we produce must be understood and guided by the community to whom we are delivering things and must be achievable with mostly volunteer resources. Blakley closed by referencing that elections are now complete and a new set of Plenary Officers and Management Council Representatives will take office on April 15.
NSTIC NPO Update - Jeremy Grant, NSTIC NPO Director - Video Recording
"It's been 20 months since the IDESG first convened in August 2012 and the range of issues we are working to address - issues associated with identity and account creation - continue to be a real challenge," said Grant. The identity ecosystem we have does not sufficiently address all the needs of Americans. "We don't have an identity ecosystem today that allows all people to prove who they are online. We also don't have the ability for people to protect themselves amid the collection of their data. Consumers are shying away from some online commerce because they don't trust what some firms and organizations are doing with their data."
Grant also gave an update on the pilots. "As of today, the NPO Office has awarded 12 NSTIC Pilots and you will hear from a number of them in the pilots panel this week. In January we announced a third round of NSTIC Pilots. We received 42 applications, and last Friday we selected 8 of them as finalists for the last round. We expect to make a few new pilot awards in September. Pilots represent the best way to take the ideas encompassed in the NSTIC and test them out while the IDESG focuses on crafting an identity ecosystem framework and business rules to provide a foundation for the ecosystem. The lessons learned from pilots can help us find the right path for this organization to take on certain issues and for some of the IDESG deliverables to be applied by the pilots in real-time. For example, this past year the pilots used the IDESG's Privacy Evaluation Methodology. This has helped many of the pilots to better identify and evaluate privacy issues in their projects."
In closing, Grant said that "the next round of funding for the IDESG (organization) will be very different from the initial funding the government provided. The initial grant was focused on funding an entity to create a brand new organization. The follow-on round of support will be focused on supporting the organization's work activities and the advancement of the identity ecosystem framework."
After the opening sessions, the Plenary participated in 4 breakout committee sessions: Standards, Functional Model, Healthcare, and Joint Policy and Financial Services. The Healthcare Committee heard from Mike Farnsworth of the Cross Sector Digital Identity Initiative during their breakout.
Management Council, Board of Directors, and Executive Director Updates - Video Recording
Kay Chopard Cohen announced that the next Plenary will be held June 17-19 at NIST in Gaithersburg, MD. Details are forthcoming and will be posted towww.idecosystem.org. She also announced that as of May 1 she will be leaving her position of Executive Director at IDESG. Recognizing the important and critical work of the IDESG, she thanked them for the opportunity to work together and encouraged them to continue with their work in balancing the interests of their diverse stakeholders to enhance the identity ecosystem framework.
Peter Brown announced that with Kay moving to a new position on May 1, Trusted Federal Systems will hire a short term replacement for Executive Director for the next 3-4 months(In the meantime, as announced a week after the plenary, Mary Ellen Condon has been appointed to take over from Kay and is already working hand-in-hand with her during a transition period). The transition to the new leaders elected this spring will take place on April 15. An early job of the Board of Directors/Management Council will be to select a new long term Executive Director.
Peter also announced that the outgoing and incoming Management Council Members and Board of Directors will meet for 2 days in late April to discuss organizational strategy, the current organizational structure and examine whether it is fit for its purposes and goals. They will also discuss the resourcing of the organization and ensure that the IDESG has the materials and finances to enable it to do the tasks assigned. During this time, the leaders will also discuss changes that may need to be made to the Rules of Association and will revisit the proposed fee scheduled and come back to the Plenary with new proposals.
The Board of Directors will create the official submission for grant funding from NIST. It will include a serious business case, budget, and clear outline of priorities and work that needs to be done. They will seek three areas of funding: 1) Basic operational expenses and staff - including an Executive Director, 2) Infrastructure Services (website, collaboration, etc.), and 3) a Framework Management Office to manage the provisioning of subject matter experts to support the work of the committees.
Security Committee Report: Functional Elements - Video Recording - Presentation
The first draft of the Functional Elements was introduced at the Atlanta Plenary in January 2014. It was then made available for comments and input across the committees. The Functional Elements is a living document. It is a component of the entire Functional Model that will eventually go through a plenary approval process. It can be downloaded at the Functional Model Wiki. It has been updated to reflect the feedback received from other committees. The Committee welcomes any feedback and encourages more people to start participating in this work. The Security Committee meets on Thursday afternoons.
Policy Committee Report: Policy Incentives Work - Video Recording - Presentation
One task written into the Policy Committee charter was to look at the policies and influences outside the IDESG that may affect policies within the IDESG or in the identity management realm. This particular project was to examine what kinds of incentives can be established to spur voluntary participation in the identity management policies and infrastructure that the IDESG and NSTIC have been developing. The presentation to the full Plenary was made by David Temoshok on behalf of Dan Chenok, Policy Committee Chair, who was unable to attend in person.
Day 2 - Wednesday, April 2
Standards Coordination Committee Report: Use Case Ad Hoc Group (AHG) - Video Recording - Presentation
The AHG is working through the Use Case Lifecycle. The first two stages are completed. Currently work is on the third stage "Committee review." Comments have been received from the Management Council, the Privacy Committee and the Security Committee. Next steps will be to complete AHG review, receive approval of the Standards Coordination Committee, and present the initial set of use cases for Plenary approval which can then be published.
Committee Breakout Sessions
Four Breakout Sessions followed: 1) International Coordination Committee, 2) Privacy Coordination Committee, 3) Trust Framework and Trust Mark Committee, and 4) Attributes Ad Hoc Group.
Birds of a Feather (BOF) Lunch Sessions
Following the Breakout Sessions, there was lunch and two BOF Sessions:
You say 'Ecosystem'; I say 'Framework'...what are we saying?! - Peter Brown and Kim (Little) Sutherland - Video Recording - Presentation
One role of the Management Council is to ensure that all the work of the committees is being well coordinated.
Committee Breakout Sessions
The four afternoon breakout sessions were: 1) Use Case Ad Hoc Group, 2) User Experience Committee, 3) Healthcare Committee, and 4) Joint Security and TFTM Committee. The Healthcare Committee heard from Britton Wanick of Resilient Network Systems during their breakout session.
Day 3 - Thursday, April 3
Pilot Presentations and Updates
International Coordination Committee Presentation - Video Recording
Liaisons and Special Project: Identity Systems that Leverage Banking and Financial Processes - Presentation
The International Committee has been working on comparing three systems that leverage bank cards: 1) SecureKey, 2) BankID Norge, and 3) STORK 2 banking pilot. In the presentation, the committee used the same analysis criteria against each system. Some of the lessons learned are:
International Presentations, Pilots and Platforms Relevant to NSTIC - Presentation
The mission of the International Committee is to build a bridge between the work of the IDESG/NSTIC and other similar projects around the world. The goal is a two-way exchange of information with like-minded organizations to communicate what we are doing here and also learn best practices from others. Presentations have been planned for EEMA activities in London the first week of June. Jeremy Grant and Mike Garcia from the NPO, Don Thibeau, Russ Chung, and others from the committee will present at that meeting and other international events. At the last Plenary the International Committee arranged to hear from David Rennie from the UK Assurance Programme. The Committee hopes to have other similar international speakers present at every other plenary meeting.
Committee Update: Healthcare Committee - Video Recording
The Healthcare Committee presented some of the lessons learned from the Resilient Network Systems Pilot Healthcare Pilot.
Challenges to the project:
Seating of New IDESG Officers and Recognition of Outgoing Officers - Video Recording
The following outgoing leaders were recognized and thanked for their service:
Birds of a Feather (BOF) Sessions
Day 3 featured two more BOF Sessions during the lunch hour:
Committee Reports - Video Recording
New Business - Video Recording
NEXT Plenary Meeting
June 17-19 at the National Institute of Standards and Technology (NIST), 100 Bureau Dr., Gaithersburg, MD 20899. See you there!
Save the Date for the September Plenary
The last in-person Plenary for 2014 will be held September 17-19 in conjunction with the Global Identity Summit (GIS) in Tampa, FL at the Tampa Convention Center, a waterfront location in the heart of Tampa, FL. The convention center is a short 15-minute cab ride from Tampa International Airport and has three adjacent hotels. GIS will be offering a discounted registration fee for one-day attendance at the GIS on September 16 created specifically for IDESG participants. The GIS dates are September 16-18. The schedule and registration will be finalized in the future to accommodate the IDESG Plenary agenda. Details will be provided at the June Plenary.