~ August 2015 ~

Welcome from the Executive Director

Our momentum is building, but we have more to do. Most importantly, we must continue to build our membership ranks to invite new insight and perspectives, put more "feet on the street" to share our message and get more people in the trenches of committee work. To do that, we have aligned ourselves so we don't compete with like-minded organizations, we collaborate. We are in the process of devising a committee specifically to recruit organizations, to build up our force. And with greater gusto, move more quickly to our goals and stay ahead of the vulnerabilities for digital identities that may occur in the future. As Sal D'Agostino, IDESG's President, noted during our recent Plenary, the key and core strength of the IDESG is our numbers and our dialogue. I look forward to our continued growth and encourage you to search your networks for people and organizations who can keep our momentum going.

~ Marc-Anthony Signorino, IDESG Executive Director


Chairperson's Corner

By Kimberly Little Sutherland, Plenary Chair


Another plenary, another success. Thank you for all of the hard work and dedication of all our members, past and present, in completing the first version of the Baseline Requirements for the Identity Ecosystem Framework (IDEF). Throughout this effort, we have learned tremendous lessons that we will be able to use as we continue to develop the IDEF into a tool that organizations can use to create identity credentials that support meaningful privacy and security protections.

However, this first version of the Baseline Requirements is not intended to be the highest bar; rather, it is meant to be a means of improvement and constant progression. It will be released soon, along with its supporting documentation, so that all participants in the Identity Ecosystem can assess it and provide us feedback on how to make it stronger and more meaningful to those who issue, use, or consume IDEF credentials. The fact that Version 1 is near completion does not mean our work is also near completion. Instead, this is just the beginning of our efforts to establish the only NSTIC-aligned framework in the Identity Ecosystem. This is just the beginning of our efforts to establish the only community-developed, NSTIC-aligned framework in the Identity Ecosystem.

By voting to accept the Baseline Requirements for Version 1.0 of the IDEF, we have met a critical milestone. Ours is a multi-phase approach, and as each phase is achieved it raises the bar and set the pace for the rest of our work. We are not just creating requirements and a framework; we are creating an ideal for organizations to envision and achieve.

I look forward to completion of the full IDEF Version 1.0 and our sharing it with the broader Identity Ecosystem of organizations and individuals for feedback, alignment and adoption. Again, great work and a big thank you to everyone!


Around the Ecosystem

  • May 19th - 22nd - Ann Racuya-Robbins and Luis Enriquez presented at OWASP AppSecEu 2015
  • June 3rd - Rene McIver was at the Health Privacy Summit, Washington, DC, part of Breakout Session 1c: The Low-Hanging Fruit: Why Data Breaches Continue and Panel Discussion
  • June 4th - Doug Blough spoke at the International Conference on Collaboration Technologies and Systems (CTS 2015) "Privacy in the Information Sharing Age: Lost Cause or the Next Frontier?"
  • June 8th - 11th
    • Cloud Identity Summit in La Jolla, CA
      • Ian Glazer presented a Keynote Speech at the Cloud Identity Summit focusing on Identity's TCP/IP Moment
      • Michael Garcia and Kimberly Little Sutherland presented "State of the NSTIC: Introducing the Identity Ecosystem Framework"
      • Jenn Behrens presented "User-centric Privacy of Identity"
    • SCA-Government Conference, Washington, DC
      • Salvatore D'Agostino presented "What is an Identity Anyway and How is Identity Management Evolving?"
  • June 9th - SCA-Government Conference, Washington, DC
    • Rene McIver was a presenter in Track Session 2: ID Security Implementation & Policy, Speaker #3 on Connect.Gov - Simplifying Secure Access to Online Services
    • Sal D'Agostino moderated "Challenges Agencies Are Facing To Use 2-Factor Authentication"
  • June 10th - The 14th Annual Smart Card Alliance Government Conference,
    • ID Security Implementation & Policy, Marc-Anthony Signorino & Rene McIver
    • Healthcare ID Security, Neville Pattinson
    • Government Use Cases for High Assurance Credentials, Mark DiFraia
  • June 15th - Jack Suess presented at the Terena Conference in Portugal
  • June 22nd - 26th - Peter Alterman presented "Assuring the trust infrastructure for signatures and eID" during ETSI Security Week
  • June 25th - 14th Plenary Meeting (virtual)
  • June 26th - Denise Tayloe spoke at the National Association for Media Literacy Education Conference on the topic of "Conquering US Child Online Privacy Mandates: Empowering Educators with Consent Tools to Grant Kids Access to Online Media Resources"
  • June 30th - Michael Garcia attended the OIX Economics of Identity Workshop in London, UK

From the FMO

The Framework Management Office tracks the progress of deliverables from each of the IDESG Committees in the "Dashboard." This tabular display is updated monthly. The most recent version is linked via the main IDESG web page at https://idecosystem.org/filedepot_download/1817/1686. Highlights of IDESG Committee activities tracked in the dashboard during June include:

  • All committees have continued refinement of IDESG Requirements definitions and supplemental information
  • The Privacy Coordination Committee completed review of two additions to the Standards Registry
  • The Standards Coordination Committee sent two NIST standards for Plenary approval, and began analysis of four others, as well as continuing to refine the Standards Adoption Policy
  • The Trust Framework and Trustmark Committee continued assembling the administrative framework for a Self-Assessment Listing Service (SALS) based on the IDESG Requirements v1.0 approved in the June 25th Plenary.

From the NSTIC NPO

NIST invites comments on draft NISTIR 8062 until 7/31 (newly extended deadline). Privacy Risk Management for Federal Information Systems lays the groundwork for greater understanding of privacy impacts and the capability to address them in federal information systems through risk management. csrc.nist.gov/publications/PubsDrafts.html#NIST-IR-8062

Upcoming Events

Stay Safe Online Tweet chat
Stay Safe Online scheduled a Tweet Chat on two-factor authentication scheduled for Thursday, July 16th from 3:00 - 4:00 p.m. EST. To join, use #ChatSTC and follow @staysafeonline.

Upcoming Speaking Engagements

  • September 26th - October 1st - During the ASIS International 61st Annual Meeting (and pre-seminar programs), Sal D'Agostino will present:
    • New Frontiers: Legal and Operational Principles for Evaluating and Managing Emergent Security Technologies
    • Securing Healthcare Facilities with Future Expectations, New Programs, and Security Officer Implementations
    • Addressing Cyber Security Concerns in Physical Security
    • Panel Discussion: Role of Security Controls in Managing Risk
  • September 29th - October 1st - Privacy.Security.Risk (IAPP Privacy Academy and CSA Congress), Jenn Behrens, Dave Burhop, Tim Reiniger and Lee Aber will participate in the panel "Digital Identity and You (Real Life Lessons Learned)"


To share your presentations with IDESG members, send a hyperlink or attachment to maryalice@IDecosystem.org, and a link will be included in the next newsletter.


In The Media

This newsletter was prepared by the Identity Ecosystem Steering Group, Inc. using Federal funds under award 70NANB14H215 from the National Strategy for Trusted Identities in Cyberspace (NSTIC) National Institute of Standards and Technology (NIST), U.S. Department of Commerce. The statements, findings, conclusions, and recommendations are those of the author(s) and do not necessarily reflect the views of NIST, NSTIC, or the U.S. Department of Commerce.