Strategy: Creating an Identity Ecosystem
Creating an Identity Ecosystem
The federal government’s draft National Strategy for Trusted Identities in Cyberspace (NSTIC) outlines a step-by-step plan to establish and cultivate an identity ecosystem, including a “commitment to action” aimed at driving successful implementation and adoption. In support of this, IT and security professionals in government agencies will be called on to help establish a trusted identity infrastructure in their agencies and to tie those systems into the broader ecosystem.
An identity ecosystem is an environment in which the online credentials issued by trusted private or public identity providers are accepted by others to enable access to online applications beyond the domain of their originally intended use. Similar to the way the driver’s license is now accepted by banks, employers and airport security, the administration seeks to leverage online credentials such as user IDs and passwords that are issued by one trusted online identity provider to access other relying party applications.
Use of the ecosystem would be voluntary, and users could determine whether or not the identity provider releases their information. In an identity ecosystem, communities of interest and technology-specific profiles would be used and interactions performed based on needs and risk tolerances of the relying party and permissions granted by the end users. By creating a user-centric electronic world, characterized by interoperability and an easy-to-use, risk-based authentication and authorization scheme, the ecosystem will promote many benefits: security, efficiency, confidence in digital identities, increased privacy, greater choice and opportunities for innovation.
Many private sector companies have their own mini ecosystems or federations. While various policies, standards, technologies and federations have achieved success on a small scale, the capability to deploy a full identity ecosystem has never materialized. In order to ensure that the vision for the identity ecosystem becomes reality, the NSTIC identifies nine tactical implementation strategies.
While all nine are important to the success of the ecosystem, this report focuses on four action items that may be more critical to the successful implementation and adoption of an integrated public/private cyber environment. Those include appointing an agency lead, overcoming the liability issue, aggressively broadening implementations, and outreach and awareness. (S1710910)