Strategy: Creating an Identity Ecosystem
Creating an Identity Ecosystem
The federal government’s draft National Strategy for Trusted Identities in Cyberspace (NSTIC) outlines a step-by-step plan to establish and cultivate an identity ecosystem, including a “commitment to action” aimed at driving successful implementation and adoption. In support of this, IT and security professionals in government agencies will be called on to help establish a trusted identity infrastructure in their agencies and to tie those systems into the broader ecosystem.
An identity ecosystem is an environment in which the online credentials issued by trusted private or public identity providers are accepted by others to enable access to online applications beyond the domain of their originally intended use. Similar to the way the driver’s license is now accepted by banks, employers and airport security, the administration seeks to leverage online credentials such as user IDs and passwords that are issued by one trusted online identity provider to access other relying party applications.
Use of the ecosystem would be voluntary, and users could determine whether or not the identity provider releases their information. In an identity ecosystem, communities of interest and technology-specific profiles would be used and interactions performed based on needs and risk tolerances of the relying party and permissions granted by the end users. By creating a user-centric electronic world, characterized by interoperability and an easy-to-use, risk-based authentication and authorization scheme, the ecosystem will promote many benefits: security, efficiency, confidence in digital identities, increased privacy, greater choice and opportunities for innovation.
Many private sector companies have their own mini ecosystems or federations. While various policies, standards, technologies and federations have achieved success on a small scale, the capability to deploy a full identity ecosystem has never materialized. In order to ensure that the vision for the identity ecosystem becomes reality, the NSTIC identifies nine tactical implementation strategies.
While all nine are important to the success of the ecosystem, this report focuses on four action items that may be more critical to the successful implementation and adoption of an integrated public/private cyber environment. Those include appointing an agency lead, overcoming the liability issue, aggressively broadening implementations, and outreach and awareness. (S1710910)
Table of Contents
3 Author’s Bio
4 Executive Summary
6 Trusted Identities: Building an Ecosystem
6 What’s an Identity Ecosystem?
7 Figure 1: Identity Providers Key to Ecosystem
8 What Makes Up a Trusted Identity?
8 Building on the Past
9 Mini Ecosystems
9 Figure 2: Evolution of Identity Policy and Standards
10 Keys to Success
10 Appointing Agency Leads
11 Overcoming the Liability Issue
12 Aggressively Broaden Implementations
13 Outreach and Awareness
15 Appendix
About the Author
Myisha Frazier-McElveen is identity management practice manager for Truestone, a provider of enterprise IT, cyber security and systems integration to the federal government. Ms. Frazier-McElveen has over 10 years of experience in public and private sector identity management, including business development, product and project management. She is a frequent speaker on identity management and cyber-related issues and has received an award for an identity management deployment from the Environmental Protection Agency. Ms. Frazier-McElveen holds a BS in policy analysis from Cornell University.
Be the first one to comment.