HOPE X
Updates from the
Online Identity Battlefield
Joint Presentation by:
Aestetix @aestetix
Kaliya “Identity Woman” @ide...
Our Intentions:
1) Update on the history #nymwars
Did we “win” with G+ acquiescing?
2) The Battle continues - at its cente...
Who are we? - contextual intro’s from each of us
Aestetix - reveiw of talk from Hope 9
Kaliya - Indie Advocate for user-ce...
aestetix
“is a mononym”
• #nymwars
• HOPE Number Nine
• What is a “real” name?
• NSTIC/IDESG
#nymwars
#nymwars
Eric Schmidt, Executive Chairman at Google:
• “The only way to manage this is true transparency and no
anonymity....
#nymwars
Mark Zuckerberg, CEO at Facebook:
“The days of you having a different image for
your work friends or co-workers a...
#nymwars
Ian Donald Calvin Euclid Zappa
Independent Advocate for the Rights
and Dignity of our Digital Selves
Saving the world with User-Centric Identity
I have h...
Early 2000’s I was working on developing
Distributed Social Networks for Transformation
Protocol:
How Control Exists
after Decentralization
by Alexander R. Galloway
Protocols are Political
They matter! as Snowd...
We founded IIW in 2005
Internet Identity Workshop
Unconference Format
Hailstorm SAML
v1 & 2
BTOracleSUN
XRI
XDI
Passport
Microsoft
FireFly
Liberty Alliance
Kantara Intiative
Planetwork
Link Ta...
Broad Base of Participation
BIG COMPANY SPONSORS
MSFT
PingID
SUN
Facebook
Google
Yahoo
Cisco
Plaxo
Commerce Net
Adobe
BT
N...
Lots of Open Standards
XRI/XDI
SAML
Information
Cards
I founded this in 2010
Goal connect starutps around the world building tools for
individual collect manage and get value f...
Privacy: Increasingly Complex as
Volumes of Personal Data Grow
27
Source: World Economic Forum, “Rethinking Personal Data:...
The Leola Group
2014
I founded
NSTIC
Where did we meet?
2009
10. Build a cybersecurity-based
identity management vision and
strategy that addresses privacy
and civil liberties interes...
2009
13. Implement, for high-value
activities (e.g., the Smart Grid),
an opt-in array of interoperable
identity management syst...
Says we must maintain anonymity
& pseudonymity in cyberspace
Called for in President’s Cyberspace Policy Review (May 2009):
a “cybersecurity focused identity management vision and
str...
Where is this / Where are we?
CREEPY NSA (and others) SPYING
CREEPY NSA (and others) SPYING
Rules for Lawful Intercept
Where is this / Where are we?
CREEPY NSA (and others) SPYING
Rules for Lawful Intercept
IN THIS BIGYELLOW BOX
Where is this / Where are we?
CREEPY NSA (and others) SPYING
Rules for Lawful Intercept
NORMATIVE RULES
BUSINESS PRACTICES
TECHNOLOGIES
FOR EVERY DAY LI...
CREEPY NSA (and others) SPYING
Rules for Lawful Intercept
NORMATIVE RULES
BUSINESS PRACTICES
TECHNOLOGIES
FOR EVERY DAY LI...
What does the IDESG do:
It is proceeding to define how EVERYONE will be able to express
their identity online in the future...
As the White House announcement details below, today [April 2014]
marked the release of the Cybersecurity Framework crafte...
NSTIC is focused on consumer use cases, but the
standards and policies that emerge from the privately-led
Identity Ecosyst...
The BIG IDEA behind NSTIC IS NOT DUMB
+
Multi-Factor
Authentication
Authentication is NOT:
Enrollment or
IdentityVerification
You need strong multi-factor
authentication for
pseudonyms too.
The BIG IDEA behind NSTIC IS NOT DUMB
Text
Text
50
states
3,144
counties
Text
50
states
3,144
counties
19,355
incorporated places
50
states
Lots of Government Entities in the US - who’s job it is
to interact wi...
Each Government agency could issue a “strong” mutli-
factor ID that included verification on enrollment.
Cost $12-$120 per person - per year to manage ID
This would be a National ID
People get services from the private sector with ID.
People get services from the private sector with ID.
Gov ID for employees, contractors under HSPD12 - 12million
How can they use this ID at their private sector accounts?
A tone of liability
& “trust” issues
A tone of liability
& “trust” issues
NSTIC
NSTICTRUST
FRAMEWORKS
“TRUST”
Frameworks
TECHNOLOGY
LEGAL/POLICY
TECHNOLOGY
LEGAL/POLICY
TECHNOLOGYLEGAL/POLICY
TRUST FRAMEWORK
TRUST FRAMEWORK
We must create Legal/Policy - Tech
that will underlies what should
become an Ecosystem..
We need lots of d...
Private sector will lead the effort
• Not a government-run identity program
• Private sector is in the best position to dr...
NPO
Jeremy
Grant
Program Office Announced
inside: National Institute of Standards
under: Department of Commerce
Friday, Jan...
NPO Hires a STAFF
David Temoshuck
Naomi Lefkovitz
James “Jim” Sheire
Michael “Mike” Garcia
NPO ACTION: Notice of Inquiry.
SUMMARY: The Department of Commerce (Department) is conducting a comprehensive
review of go...
NPONPO Workshops
Governance
Privacy
Technology
July 2011
May 2011
with IIW
Oct 2011
NPO April 2011 at chamber of commerce
NPO
Charter
“Committees” by
Immaculate Conception
Bylaws
NPO
Charter
“Committees” by
Immaculate Conception
Bylaws
The First Plenary meeting was August 2012
NPO
a complete 2 year
work PLAN!
THE Identity Ecosystem
Steering Group STRUCTURENPO
THE SECRETARIAT
Put out a Bid
and then hired
private company
to run Sec...
The Plenary
NPO THE IDESG STRUCTURE
THE SECRETARIAT
Any person and any organization in the world
(yes the world) can sign ...
The Plenary
NPO
THE SECRETARIAT
You pick a stakeholder category
• Privacy Advocate
• Small Business - Entrepreneur
• Regul...
The Plenary
NPO
THE SECRETARIAT
Each Stakeholder Group elects
a member of the management council.
The Plenary
NPO
THE SECRETARIAT
THATS
“Me”
I represent small businesses
and entrepreneurs.
The Plenary
Chair
Management
Council
Vice-Chair
NPO
THE SECRETARIAT
Chair
Management
Council
Vice-Chair Vice-Chair
Plenary
Chair
NPO
THE SECRETARIAT
The first multi-day face to face
meeting w...
The Plenary
Chair
Management
Council
Vice-Chair
Vice-Chair
Plenary
Chair
PRIVACY
Security Standards
Trust
Framework
Trust ...
The Plenary
Chair
Management
Council
Vice-Chair
Vice-Chair
Plenary
Chair
PRIVACY
Security Standards
Trust
Framework
Trust ...
The Plenary
Chair
Management
Council
Vice-Chair
Vice-Chair
Plenary
Chair
PRIVACY
Security Standards
Trust
Framework
Trust ...
The Plenary
Chair
Management
Council
Vice-Chair
Vice-Chair
Plenary
Chair
NPO
THE SECRETARIAT
Management
Council
Sub-Commit...
The Plenary
NPO THE IDESG STRUCTURE
THE SECRETARIAT
Any person and any organization in the world
(yes the world) can sign ...
The Plenary
NPO THE IDESG STRUCTURE
THE SECRETARIAT
They have Face to Face meetings once a quarter.
+ they are all broadca...
NPO
The
Chair
Vice-
Vice-
PlePRI
Sec Stan
Trust
Stan
In
Pol Communications:
30 Mailing lists
No Wiki
Document Repository
D...
The
Ch
Vi Vi
PlPR
Se St
Trus
St
I P
THE SECRETARIAT
NPO
IDENTITY ECOSYSTEM
STEERING GROUP
Year 1
Pilots
Year 2
Pilots
Year...
NPO
The
Chair
Vice-
Vice-
PlePRI
Sec Stan
Trust
Stan
In
Pol
BIG ISSUES:
DIVERSITY - INCLUSION
TRUST FRAMEWORK CREATION
* N...
The Importance of Diversity & Inclusion in the
NSTIC
National Strategy for Trusted Identities in Cyberspace
IDESG
Identity...
63
CensusViewer US 2010 Census Latino Population as a heatmap by census
tract.
63
Anti-Racist Organizations in the US
http://en.wikipedia.org/wiki/Category:
Anti-racist_organizations_in_the_United_Stat...
62
List of LGBT Groups
http://en.wikipedia.org/wiki/
List_of_LGBT-
related_organizations
63
Civil Liberties Advocacy Groups in the US
http://en.wikipedia.org/wiki/
Category:Civil_liberties_advocacy_groups
_in_th...
64
National Council of Churches
http://en.wikipedia.org/wiki/
Category:Members_of_the_National
_Council_of_Churches
List o...
Why James
Chartrand
Wears Women’s
Underpants
http://www.copyblogger.com/james-chartrand-underpants/ 65
List of Women’s
Org...
65
List of Disabled Rights Organizations in the US
http://en.wikipedia.org/wiki/
List_of_disability_rights_organizations
A...
69
69
http://criterioninstitute.org/about/our-approach/methodology/
in March I did a BLOG POST re: next election
to IDESG Management Council
Articulating serious ISSUES
including lack of div...
The Last Plenary....
Panel with the:
NAACP
Association of the Blind
ACLU
I was involved in
helping design it.
They are Continuing AHEAD.....
NPO
The
Chai
Vic Vic
PlePRI
Sec Sta
Trust
Sta
I
P
The list of DELIVERABLES
The list of DERIVED REQUIREMENTS
Created not by...
NPO
The
Chair
Vice
Vice
PlePRI
Sec Sta
Trust
Sta
I
Po Identity
Ecosystem
Steering
Group
The
Chair
Vice Vice
PlePRI
Sec Sta...
NPO
The
Chair
Vice
Vice
PlePRI
Sec Sta
Trust
Sta
I
Po Identity
Ecosystem
Steering
Group
The
Chair
Vice Vice
PlePRI
Sec Sta...
NPO
The
Chair
Vice Vice
PlePRI
Sec Sta
Trust
Sta
I
Po IDESG INC
501(c)3
+ 501(c)6
Now we are
Independent
YEAH!
Opportunity...
The Nym Online
Identity Battlefield
Key Words
& Key Concepts
“Trust”
Bond between
parent and child
What is Trust?
(at different scales)
http://www.flickr.com/photos/symphoney/127526363
People trusting themselves: SELF TRUST
http://www.flickr.com/photos/mikebaird/6827018
People trusting each other: RELATIONSHIP TRUST
http://www.flickr.com/photos/west_point/5570799
Groups of people working together: ORGANIZATIONAL
TRUST
http://www.flickr.com/photos/wordridden/
For organizations there is: MARKET TRUST
http://www.flickr.com/photos/nate/295939
Beyond the business or nonprofits is:
SOCIETAL TRUST
http://www.flickr.com/photos/bethscupham/
7663247816
Beyond the societal trust is: ECOSYSTEM
Bonus:
TECHNICAL TRUST
“TRUST”
Frameworks
TECHNOLOGY
LEGAL/POLICY
TECHNOLOGY
LEGAL/POLICY
TECHNOLOGYLEGAL/POLICY
TRUST FRAMEWORK
The Trouble with Trust:
and the Case for Accountability Frameworks
On my Identity Woman blog
National
Strategy
Trusted
Identities
Identity is
socially constructed
and contextual.
Identity is subjective
Identity is subjective
Pointers to things
within particular
contexts.
Abrahamic
Cultural Frame
Relational
Cultural
Frame
Identity along with all things
flows down from GOD.
Identity and all things are present in
the world and relate to each oth...
What does industry mean by “Trusted Identity”?
Here are some headlines + press releases.
“Verified”
AirBnB
“Verified”
AirBnB
What does this mean toVerified
What does this mean toVerified
What does this mean to beVerified?
Who is qualified to validate or verify.
Who is qualified to certify verifiers.
FCCX - system
with Post Office
run by Secure Key
(said: f6)
We didn’t have time to get into this.
?
Anonymous
Limited Liability Persona
?
Anonymous
?
?
? ?
Per-Post Per-Session
Anonymous
Limited Liability Persona
?
Anonymous
Limited Liability Persona
?
Anonymous
!
Verified
?
Anonymous
!
Verified
! ! !
Verified
! !!
Documentation In Person
Verification
Biometric
Capture
?
Anonymous
!
Verified
?
Anonymous
One Site Multi-Site
Self-Asserted VerifiedSocially
Validated
!
Pseudonymous
?
Anonymous
One Site Multi-Site
Self-Asserted Socially
Validated
Verified
!
Pseudonymous
?
Anonymous
One Site Multi-Site
Self-Asserted Socially
Validated
Verified
!
Pseudonymous
?
Anonymous
One Site Multi-Site
Self-Asserted Socially
Validated
Verified
!
Pseudonymous
?
Anonymous
One Site Multi-Site
Self-Asserted Socially
Validated
Verified
!
Pseudonymous
?
Anonymous
One Site Multi-Site
Self-Asserted Socially
Validated
Verified
!
Pseudonymous
?
Anonymous
One Site Multi-Site
Self-Asserted Socially
Validated
Verified
!
Pseudonymous
?
Anonymous
One Site Multi-Site
Self-Asserted Socially
Validated
Verified
!
Pseudonymous
?
Anonymous
One Site Multi-Site
Self-Asserted Socially
Validated
Verified
!
Pseudonymous
?
Anonymous
One Site Multi-Site
Self-Asserted Socially
Validated
Verified
!
Pseudonymous
?
!
Verified Anonymity
?
Anonymous
One Site Multi-Site
Self-Asserted Socially
Validated
Verified
!
Pseudonymous
?
!
Verified Anonymity
Ms.Sue Don...
?
Anonymous
One Site Multi-Site
Self-Asserted Socially
Validated
Verified
!
Pseudonymous
?
!
Verified Anonymity
Ms.Sue Don...
?
Anonymous
One Site Multi-Site
Self-Asserted Socially
Validated
Verified
!
Pseudonymous
?
!
Verified Anonymity
Over 18 ye...
?
Anonymous
One Site Multi-Site
Self-Asserted Socially
Validated
Verified
!
Pseudonymous
?
Anonymous
One Site Multi-Site
Self-Asserted Socially
Validated
Verified
!
Pseudonymous
!!
?
Anonymous
One Site Multi-Site
Self-Asserted Socially
Validated
Verified
!
Pseudonymous
!!
?
Anonymous
One Site Multi-Site
Self-Asserted Socially
Validated
Verified
!
Pseudonymous
!!
?
Anonymous
One Site Multi-Site
Self-Asserted Socially
Validated
Verified
!
Pseudonymous
!!
Limited
Liability
Persona
Persona 1 Persona 2
Context 1 Context 2
Persona 1
Persona 2
Context
Context 1 Context 2
Persona
Reputation
Reputation
Klout scores all
the way down…
HoloCosmos.com Turtle Island
Back to Circles and Triangles
We won #nymwars….. right?
In Conclusion: HOPE!
We won #nymwars….. right?
In Conclusion: HOPE!
USING THE BC SERVICES CARD TO ACCESS ONLINE SERVICES
British Columbia Services Card
A Triple Blind System - very good & mo...
The Government set two
specific tasks for the Panel:
1. Review the Province’s
approach to digital
services, recommending
a...
In Conclusion: HOPE!
Opportunity
that is NSTIC!
Protect
Anonymity and Pseudonymity
Prevent Defense Industry Running ID
In Conclusion: HOPE!
CREEPY NSA (and others) SPYING
Rules for Lawful Intercept
IN THIS BIGYELLOW BOX
Where is NSTIC ?
Not - SEXY Secrecy
Not Re...
Share your eMail with us.
Join an NSTIC andVOTE
Join an NSTIC Committee
My blog has details - its a
simple 15 step process...
Come to next Plenary:
Florida at the Biometrics
Conference
Sept 17-19
www.idecosystem.org
Come to the next IIW
last week of October :)
Internet Identity Workshop
Questions
+ We posted a resource list
identitywoman.net/hopex
Hope x talk
Hope x talk
Hope x talk
Hope x talk
Hope x talk
Hope x talk
Hope x talk
Hope x talk
Hope x talk
Hope x talk
Hope x talk
Hope x talk
Hope x talk
Hope x talk
Hope x talk
Hope x talk
Hope x talk
Hope x talk
Hope x talk
Hope x talk
Hope x talk
Hope x talk
Hope x talk
Hope x talk
Hope x talk
Hope x talk
Upcoming SlideShare
Loading in...5
×

Hope x talk

4,805

Published on

0 Comments
3 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
4,805
On Slideshare
0
From Embeds
0
Number of Embeds
16
Actions
Shares
0
Downloads
11
Comments
0
Likes
3
Embeds 0
No embeds

No notes for slide

Hope x talk

  1. 1. HOPE X Updates from the Online Identity Battlefield Joint Presentation by: Aestetix @aestetix Kaliya “Identity Woman” @identitywoman
  2. 2. Our Intentions: 1) Update on the history #nymwars Did we “win” with G+ acquiescing? 2) The Battle continues - at its center are key words & concepts and the struggle for meaning. 3) Share more about one battlefield : NSTIC Hoped for result some of you choose to “participate” struggling & using this lever to protect psydonymity and anonymity.
  3. 3. Who are we? - contextual intro’s from each of us Aestetix - reveiw of talk from Hope 9 Kaliya - Indie Advocate for user-centrism + IIW How we Connected - NSTIC! Kaliya - What is NSTIC? - rapid history Aestetix - Experience w/ Nym Issues to NSTIC Words & Concepts on the Battlefield: [Triangles - Circles] Trust Identity Verified Reputation Paths Forward: Limited Liability Persona BC Government Solution Turtles all the Way Down Writing out what we want! NSTIC Next Steps “Hacking the Trust Frameworks” + Next Meeting Florida Biometrics Con. How should it work from a freedom civil liberties perspective?
  4. 4. aestetix “is a mononym” • #nymwars • HOPE Number Nine • What is a “real” name? • NSTIC/IDESG
  5. 5. #nymwars
  6. 6. #nymwars Eric Schmidt, Executive Chairman at Google: • “The only way to manage this is true transparency and no anonymity. In a world of asynchronous threats, it is too dangerous for there not to be some way to identify you. We need a [verified] name service for people. Governments will demand it.” (Techonomy, August 2010) • “If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place."(CNBC Interview, December 2009)
  7. 7. #nymwars Mark Zuckerberg, CEO at Facebook: “The days of you having a different image for your work friends or co-workers and for the other people you know are probably coming to an end pretty quickly. Having two identities for yourself is an example of a lack of integrity.” (Interview, October 2011)
  8. 8. #nymwars Ian Donald Calvin Euclid Zappa
  9. 9. Independent Advocate for the Rights and Dignity of our Digital Selves Saving the world with User-Centric Identity I have had my identity woman blog for almost 10 years
  10. 10. Early 2000’s I was working on developing Distributed Social Networks for Transformation
  11. 11. Protocol: How Control Exists after Decentralization by Alexander R. Galloway Protocols are Political They matter! as Snowden said today at HOPEX
  12. 12. We founded IIW in 2005 Internet Identity Workshop
  13. 13. Unconference Format
  14. 14. Hailstorm SAML v1 & 2 BTOracleSUN XRI XDI Passport Microsoft FireFly Liberty Alliance Kantara Intiative Planetwork Link Tank Identity Commons (1) Identity Gang Identity Commons (2) OpenID v2 OpenID Foundation Open Identity Exchange Information Card Foundation IMI Identity Metasystem Interoperability Information Card Standard VENN OF IDENTITY Higgins Project Lots of Companies Project to be annouced at IIW IBM Project to be annouced at IIW Pamela Project TIME Internet Identity Workshop Loose Affiliations of People Current Organizations Organizations (no longer) Company Proprietary Service (no longer) Protocol standardized at OASIS Protocol standardized at OASIS earlier version (no longer) Independent Open Protocol Independent Open Protocol (no longer) Paper:Shared Understanding Event Project with Code Evolution of Identity Community
  15. 15. Broad Base of Participation BIG COMPANY SPONSORS MSFT PingID SUN Facebook Google Yahoo Cisco Plaxo Commerce Net Adobe BT Novell Facebook AOL Ping Identity Paypal / eBay NONPROFIT SPONSORS ISOC Kantara/Liberty Alliance Info Card Foundation OASIS IDTrust Mozilla Higgins Project Bandit Project Planetwork Internet Society CORPORATE PARTICIPANTS Paypal Booz Allen Hamilton Apple Burton Group Hewlett Packared International Business Machines Intuit LexisNexis Nippon Telegraph and Telephone Corporation Nokia Siemens Networks NRI Oracle Orange Rackspace Radiant Logic Sony Ericsson The MITRE Corporation Tucows Inc VeriSign, Inc. Vodafone Group R &D Alcatel-Lucent Acxiom Identity Solutions Acxiom Research Equifax LinkedIn Amazon SMALL COMPANY SPONSORS FuGen Solutions OUNO Rel-ID Poken Vidoop Chimp Authentrus Sxip ClaimID IETF W3C OASIS SMALL COMPANY PATICIPANTS Ångströ Digg, Inc. Privo Expensify FamilySearch.org FreshBooks Gigya Gluu Janrain Kynetx NetMesh Inc. Protiviti Socialtext TriCipher, Inc. Trusted-ID Wave Systems Six Apart NONPROFIT PARTICIPANTS Center for Democracy and Technology DataPortability Project IdM Network Netherlands OCLC Open Forum Foundation World Economic Forum UNIVERSITY PARTICIPANTS Goldsmiths, University of London Newcastle University Stanford University GOVERNMENT PARTICIPANTS Office of the Chief Informaiton Office, Province of British Columbia and more...
  16. 16. Lots of Open Standards XRI/XDI SAML Information Cards
  17. 17. I founded this in 2010 Goal connect starutps around the world building tools for individual collect manage and get value from their personal data along with fostering ethical data markets.
  18. 18. Privacy: Increasingly Complex as Volumes of Personal Data Grow 27 Source: World Economic Forum, “Rethinking Personal Data: Strengthening Trust,”
  19. 19. The Leola Group 2014 I founded
  20. 20. NSTIC Where did we meet?
  21. 21. 2009
  22. 22. 10. Build a cybersecurity-based identity management vision and strategy that addresses privacy and civil liberties interests, leveraging privacy-enhancing technologies for the Nation. Table 2: NEAR-TERM ACTION PLAN
  23. 23. 2009
  24. 24. 13. Implement, for high-value activities (e.g., the Smart Grid), an opt-in array of interoperable identity management systems to build trust for online transactions and to enhance privacy. Table 3: MID-TERM ACTION PLAN
  25. 25. Says we must maintain anonymity & pseudonymity in cyberspace
  26. 26. Called for in President’s Cyberspace Policy Review (May 2009): a “cybersecurity focused identity management vision and strategy…that addresses privacy and civil-liberties interests, leveraging privacy-enhancing technologies for the nation.” Guiding Principles –Privacy-Enhancing and Voluntary –Secure and Resilient –Interoperable –Cost-Effective and Easy To Use NSTIC calls for an Identity Ecosystem, “an online environment where individuals and organizations will be able to trust each other because they follow agreed upon standards to obtain and authenticate their digital identities.” 36 What is NSTIC?
  27. 27. Where is this / Where are we? CREEPY NSA (and others) SPYING
  28. 28. CREEPY NSA (and others) SPYING Rules for Lawful Intercept Where is this / Where are we?
  29. 29. CREEPY NSA (and others) SPYING Rules for Lawful Intercept IN THIS BIGYELLOW BOX Where is this / Where are we?
  30. 30. CREEPY NSA (and others) SPYING Rules for Lawful Intercept NORMATIVE RULES BUSINESS PRACTICES TECHNOLOGIES FOR EVERY DAY LIFE Business - Business Business - Consumer Business - Government Citizen/Person - Gov Where is this / Where are we?
  31. 31. CREEPY NSA (and others) SPYING Rules for Lawful Intercept NORMATIVE RULES BUSINESS PRACTICES TECHNOLOGIES FOR EVERY DAY LIFE Business - Business Business - Consumer Business - Government Citizen/Person - Gov Where is this / Where are we?
  32. 32. What does the IDESG do: It is proceeding to define how EVERYONE will be able to express their identity online in the future.  It is to answer questions like:  * How can people define their own names, gender identity, race, other   identifying information? * Will we retain the right to use "nicknames"/pseudonyms? * Will we be able to speak anonymously online?   The strategy document "says" we should be able to do so but this institution will define HOW the ecosystem actually built. Only if we are there to ensure our freedoms online will they be retained.  * What are the methods of verification        of enrollment (how you get into the system) what methods of                  authentication (passwords or device ID or biometrics)?
  33. 33. As the White House announcement details below, today [April 2014] marked the release of the Cybersecurity Framework crafted by NIST – with input from many stakeholders – in response to President Obama’s Executive Order on Improving Critical Infrastructure Cybersecurity issued one year ago.    NSTIC is not discussed in the framework itself – but both it and the IDESG figure prominently in the Roadmap that was released as a companion to the Framework.  The Roadmap highlights authentication as the first of nine different, high- priority “areas of improvement” that need to be addressed through future collaboration with particular sectors and standards-developing organizations.   The inadequacy of passwords for authentication was a key driver behind the 2011 issuance of the National Strategy for Trusted Identities in Cyberspace (NSTIC), which calls upon the private sector to collaborate on development of an Identity Ecosystem that raises the level of trust associated with the identities of individuals, organizations, networks, services, and devices online.  The results of this W ILL BECOME POLICY
  34. 34. NSTIC is focused on consumer use cases, but the standards and policies that emerge from the privately-led Identity Ecosystem Steering Group (IDESG) established to support the NSTIC – as well as new authentication solutions that emerge from NSTIC pilots – can inform advances in authentication for critical infrastructure as well. NIST will focus in these areas: ·         Continue to support the development of better identity and authentication solutions through NSTIC pilots, as well as an active partnership with the IDESG; ·         Support and participate in identity and authentication standards activities, seeking to advance a more complete set of standards to promote security and interoperability; this will include standards development work to address gaps that may emerge from new approaches in the NSTIC pilots The results of this W ILL BECOME POLICY
  35. 35. The BIG IDEA behind NSTIC IS NOT DUMB
  36. 36. + Multi-Factor Authentication
  37. 37. Authentication is NOT: Enrollment or IdentityVerification You need strong multi-factor authentication for pseudonyms too.
  38. 38. The BIG IDEA behind NSTIC IS NOT DUMB Text
  39. 39. Text 50 states
  40. 40. 3,144 counties Text 50 states
  41. 41. 3,144 counties 19,355 incorporated places 50 states Lots of Government Entities in the US - who’s job it is to interact with citizens and provide services.
  42. 42. Each Government agency could issue a “strong” mutli- factor ID that included verification on enrollment.
  43. 43. Cost $12-$120 per person - per year to manage ID
  44. 44. This would be a National ID
  45. 45. People get services from the private sector with ID.
  46. 46. People get services from the private sector with ID.
  47. 47. Gov ID for employees, contractors under HSPD12 - 12million How can they use this ID at their private sector accounts?
  48. 48. A tone of liability & “trust” issues
  49. 49. A tone of liability & “trust” issues NSTIC
  50. 50. NSTICTRUST FRAMEWORKS
  51. 51. “TRUST” Frameworks
  52. 52. TECHNOLOGY LEGAL/POLICY
  53. 53. TECHNOLOGY LEGAL/POLICY
  54. 54. TECHNOLOGYLEGAL/POLICY
  55. 55. TRUST FRAMEWORK
  56. 56. TRUST FRAMEWORK We must create Legal/Policy - Tech that will underlies what should become an Ecosystem.. We need lots of different parties at the table to create them. We should have an “open” mutli- stakeholder process to figure it out.
  57. 57. Private sector will lead the effort • Not a government-run identity program • Private sector is in the best position to drive technologies and solutions… • …and ensure the Identity Ecosystem offers improved online trust and better customer experiences Federal government will provide support • Help develop a private-sector led governance model • Facilitate and lead development of interoperable standards • Provide clarity on national policy and legal framework around liability and privacy • Fund pilots to stimulate the marketplace • Act as an early adopter to stimulate demand 70 What does NSTIC call for?
  58. 58. NPO Jeremy Grant Program Office Announced inside: National Institute of Standards under: Department of Commerce Friday, January 7, 2011
  59. 59. NPO Hires a STAFF David Temoshuck Naomi Lefkovitz James “Jim” Sheire Michael “Mike” Garcia
  60. 60. NPO ACTION: Notice of Inquiry. SUMMARY: The Department of Commerce (Department) is conducting a comprehensive review of governance models for a governance body to administer the processes for policy and standards adoption for the Identity Ecosystem Framework in accordance with the National Strategy for Trusted Identities in Cyberspace (NSTIC or “Strategy”). The Strategy refers to this governance body as the “steering group.” The Department seeks public comment from all stakeholders, including the commercial, academic and civil society sectors, and consumer and privacy advocates on potential models, in the form of recommendations and key assumptions in the formation and structure of the steering group. The Department seeks to learn and understand approaches for: 1) the structure and functions of a persistent and sustainable private sector-led steering group and 2) the initial establishment of the steering group. This Notice specifically seeks comment on the structures and processes for Identity Ecosystem governance. This Notice does not solicit comments or advice on the policies that will be chosen by the steering group or specific issues such as accreditation or trustmark schemes, which will be considered by the steering group at a later date. Responses to this Notice will serve only as input for a Departmental report of government recommendations for establishing the NSTIC steering group.
  61. 61. NPONPO Workshops Governance Privacy Technology July 2011 May 2011 with IIW Oct 2011
  62. 62. NPO April 2011 at chamber of commerce
  63. 63. NPO Charter “Committees” by Immaculate Conception Bylaws
  64. 64. NPO Charter “Committees” by Immaculate Conception Bylaws The First Plenary meeting was August 2012
  65. 65. NPO a complete 2 year work PLAN!
  66. 66. THE Identity Ecosystem Steering Group STRUCTURENPO THE SECRETARIAT Put out a Bid and then hired private company to run Secretariat
  67. 67. The Plenary NPO THE IDESG STRUCTURE THE SECRETARIAT Any person and any organization in the world (yes the world) can sign up to be a part of making the Identity Ecosystem Framework
  68. 68. The Plenary NPO THE SECRETARIAT You pick a stakeholder category • Privacy Advocate • Small Business - Entrepreneur • Regulated Industries • Relying Party • etc...there are 14
  69. 69. The Plenary NPO THE SECRETARIAT Each Stakeholder Group elects a member of the management council.
  70. 70. The Plenary NPO THE SECRETARIAT THATS “Me” I represent small businesses and entrepreneurs.
  71. 71. The Plenary Chair Management Council Vice-Chair NPO THE SECRETARIAT
  72. 72. Chair Management Council Vice-Chair Vice-Chair Plenary Chair NPO THE SECRETARIAT The first multi-day face to face meeting was 18 months after we were first elected. The management council meets every 2 weeks on the phone.
  73. 73. The Plenary Chair Management Council Vice-Chair Vice-Chair Plenary Chair PRIVACY Security Standards Trust Framework Trust Mark Standards Int’l Policy NPO THE SECRETARIAT Committees are where all the work happens. The NPO defined all the committees BEFORE the management council ever met.
  74. 74. The Plenary Chair Management Council Vice-Chair Vice-Chair Plenary Chair PRIVACY Security Standards Trust Framework Trust Mark Standards Int’l Policy NPO THE SECRETARIAT They meet in a “chairs call” every 2 weeks. The committees elect chairs
  75. 75. The Plenary Chair Management Council Vice-Chair Vice-Chair Plenary Chair PRIVACY Security Standards Trust Framework Trust Mark Standards Int’l Policy NPO THE SECRETARIAT NYM ISSUES? Aestetix tried to bring Nym Issues Committee forward...its still in limbo.
  76. 76. The Plenary Chair Management Council Vice-Chair Vice-Chair Plenary Chair NPO THE SECRETARIAT Management Council Sub-Committees
  77. 77. The Plenary NPO THE IDESG STRUCTURE THE SECRETARIAT Any person and any organization in the world (yes the world) can sign up to be a part of making the Identity Ecosystem Framework HOW MANY PEOPLE are active in IDESG? Under 100! A difference can be made with this institution with not that many people showing up.
  78. 78. The Plenary NPO THE IDESG STRUCTURE THE SECRETARIAT They have Face to Face meetings once a quarter. + they are all broadcast live.
  79. 79. NPO The Chair Vice- Vice- PlePRI Sec Stan Trust Stan In Pol Communications: 30 Mailing lists No Wiki Document Repository Drupal Site No clear vision from management council about what we are actually supposed to do. 10+ Committees & Sub-Committees
  80. 80. The Ch Vi Vi PlPR Se St Trus St I P THE SECRETARIAT NPO IDENTITY ECOSYSTEM STEERING GROUP Year 1 Pilots Year 2 Pilots Year3 Pilots ? • Daon, Inc. • The American Association of Motor Vehicle Administrators • Criterion Systems • Resilient Network Systems, Inc. • University Corporation for Advanced Internet Development • Transglobal Secure Collaboration Participation • Georgia Tech Research Institute • Exponent • ID.me, Inc. • Privacy Vaults Online, Inc.
  81. 81. NPO The Chair Vice- Vice- PlePRI Sec Stan Trust Stan In Pol BIG ISSUES: DIVERSITY - INCLUSION TRUST FRAMEWORK CREATION * NAMING ISSUES REASONABLE PROCESS for CITIZEN INVOLVEMENT
  82. 82. The Importance of Diversity & Inclusion in the NSTIC National Strategy for Trusted Identities in Cyberspace IDESG Identity Ecosystem Steering Group by Kaliya “Identity Woman” Hamlin Management Council Member for Small Business and Entrepreneur Stakeholder Group October 18, 2013 - Boston Plenary Presentation shared remotely in New Business Section This was at close of plenary and was invited after Kaliya raised the issue of the lack of diverse participants in producing the outcomes of Security Committee was reviewing. Told it was out of scope of the committee to address the issue and it should be brought to end of day chairs debrief.
  83. 83. 63 CensusViewer US 2010 Census Latino Population as a heatmap by census tract.
  84. 84. 63 Anti-Racist Organizations in the US http://en.wikipedia.org/wiki/Category: Anti-racist_organizations_in_the_United_States Ethnic & Racial Minorities in US http://en.wikipedia.org/wiki/ Category:Ethnic_groups_in_the_Unite d_States Asian American http://en.wikipedia.org/wiki/Category:Asian_American Lists of US Cities with non-white majority populations http://en.wikipedia.org/wiki/Lists_of_U.S._cities_with_non-white_majority_populations
  85. 85. 62 List of LGBT Groups http://en.wikipedia.org/wiki/ List_of_LGBT- related_organizations
  86. 86. 63 Civil Liberties Advocacy Groups in the US http://en.wikipedia.org/wiki/ Category:Civil_liberties_advocacy_groups _in_the_United_States Human Rights Advocacy Groups in the US http://en.wikipedia.org/wiki/ Category:Human_rights_organizations_based _in_the_United_States
  87. 87. 64 National Council of Churches http://en.wikipedia.org/wiki/ Category:Members_of_the_National _Council_of_Churches List of Gurdwaras http://en.wikipedia.org/wiki/List_of_ gurdwaras_in_the_United_States
  88. 88. Why James Chartrand Wears Women’s Underpants http://www.copyblogger.com/james-chartrand-underpants/ 65 List of Women’s Organizations in the US http://en.wikipedia.org/ wiki/List_of_women %27s_organizations#Unit ed_States
  89. 89. 65 List of Disabled Rights Organizations in the US http://en.wikipedia.org/wiki/ List_of_disability_rights_organizations Alliance for Full Participation http://en.wikipedia.org/wiki/ Alliance_for_Full_Participation
  90. 90. 69
  91. 91. 69 http://criterioninstitute.org/about/our-approach/methodology/
  92. 92. in March I did a BLOG POST re: next election to IDESG Management Council Articulating serious ISSUES including lack of diversity almost no civil society groups Uninvited by the NPO to a International ID Conference at White House Conference Center.
  93. 93. The Last Plenary.... Panel with the: NAACP Association of the Blind ACLU I was involved in helping design it.
  94. 94. They are Continuing AHEAD.....
  95. 95. NPO The Chai Vic Vic PlePRI Sec Sta Trust Sta I P The list of DELIVERABLES The list of DERIVED REQUIREMENTS Created not by Plenary but by Deloitte Consultants
  96. 96. NPO The Chair Vice Vice PlePRI Sec Sta Trust Sta I Po Identity Ecosystem Steering Group The Chair Vice Vice PlePRI Sec Sta Trust Sta I Po IDESG INC 501(c)3 + 501(c)6 THE SECRETARIAT
  97. 97. NPO The Chair Vice Vice PlePRI Sec Sta Trust Sta I Po Identity Ecosystem Steering Group The Chair Vice Vice PlePRI Sec Sta Trust Sta I Po IDESG INC 501(c)3 + 501(c)6 THE SECRETARIAT Now we are Independent YEAH!
  98. 98. NPO The Chair Vice Vice PlePRI Sec Sta Trust Sta I Po IDESG INC 501(c)3 + 501(c)6 Now we are Independent YEAH! Opportunity to “reset” the process + how we are governed. The main committee where key work is happening is in the Trust Framework and Trust Mark Committee
  99. 99. The Nym Online Identity Battlefield Key Words & Key Concepts
  100. 100. “Trust” Bond between parent and child
  101. 101. What is Trust? (at different scales)
  102. 102. http://www.flickr.com/photos/symphoney/127526363 People trusting themselves: SELF TRUST
  103. 103. http://www.flickr.com/photos/mikebaird/6827018 People trusting each other: RELATIONSHIP TRUST
  104. 104. http://www.flickr.com/photos/west_point/5570799 Groups of people working together: ORGANIZATIONAL TRUST
  105. 105. http://www.flickr.com/photos/wordridden/ For organizations there is: MARKET TRUST
  106. 106. http://www.flickr.com/photos/nate/295939 Beyond the business or nonprofits is: SOCIETAL TRUST
  107. 107. http://www.flickr.com/photos/bethscupham/ 7663247816 Beyond the societal trust is: ECOSYSTEM
  108. 108. Bonus: TECHNICAL TRUST
  109. 109. “TRUST” Frameworks
  110. 110. TECHNOLOGY LEGAL/POLICY
  111. 111. TECHNOLOGY LEGAL/POLICY
  112. 112. TECHNOLOGYLEGAL/POLICY
  113. 113. TRUST FRAMEWORK
  114. 114. The Trouble with Trust: and the Case for Accountability Frameworks On my Identity Woman blog
  115. 115. National Strategy Trusted Identities
  116. 116. Identity is socially constructed and contextual.
  117. 117. Identity is subjective
  118. 118. Identity is subjective
  119. 119. Pointers to things within particular contexts.
  120. 120. Abrahamic Cultural Frame Relational Cultural Frame
  121. 121. Identity along with all things flows down from GOD. Identity and all things are present in the world and relate to each other.
  122. 122. What does industry mean by “Trusted Identity”? Here are some headlines + press releases.
  123. 123. “Verified” AirBnB
  124. 124. “Verified” AirBnB
  125. 125. What does this mean toVerified
  126. 126. What does this mean toVerified
  127. 127. What does this mean to beVerified? Who is qualified to validate or verify. Who is qualified to certify verifiers.
  128. 128. FCCX - system with Post Office run by Secure Key (said: f6) We didn’t have time to get into this.
  129. 129. ? Anonymous Limited Liability Persona
  130. 130. ? Anonymous ? ? ? ? Per-Post Per-Session Anonymous Limited Liability Persona
  131. 131. ? Anonymous Limited Liability Persona
  132. 132. ? Anonymous ! Verified
  133. 133. ? Anonymous ! Verified ! ! ! Verified ! !! Documentation In Person Verification Biometric Capture
  134. 134. ? Anonymous ! Verified
  135. 135. ? Anonymous One Site Multi-Site Self-Asserted VerifiedSocially Validated ! Pseudonymous
  136. 136. ? Anonymous One Site Multi-Site Self-Asserted Socially Validated Verified ! Pseudonymous
  137. 137. ? Anonymous One Site Multi-Site Self-Asserted Socially Validated Verified ! Pseudonymous
  138. 138. ? Anonymous One Site Multi-Site Self-Asserted Socially Validated Verified ! Pseudonymous
  139. 139. ? Anonymous One Site Multi-Site Self-Asserted Socially Validated Verified ! Pseudonymous
  140. 140. ? Anonymous One Site Multi-Site Self-Asserted Socially Validated Verified ! Pseudonymous
  141. 141. ? Anonymous One Site Multi-Site Self-Asserted Socially Validated Verified ! Pseudonymous
  142. 142. ? Anonymous One Site Multi-Site Self-Asserted Socially Validated Verified ! Pseudonymous
  143. 143. ? Anonymous One Site Multi-Site Self-Asserted Socially Validated Verified ! Pseudonymous
  144. 144. ? Anonymous One Site Multi-Site Self-Asserted Socially Validated Verified ! Pseudonymous ? ! Verified Anonymity
  145. 145. ? Anonymous One Site Multi-Site Self-Asserted Socially Validated Verified ! Pseudonymous ? ! Verified Anonymity Ms.Sue Donna DOB = 1/21/1982 1823 6th Ave. Alameda, CA
  146. 146. ? Anonymous One Site Multi-Site Self-Asserted Socially Validated Verified ! Pseudonymous ? ! Verified Anonymity Ms.Sue Donna DOB = 1/21/1982 1823 6th Ave. Alameda, CA
  147. 147. ? Anonymous One Site Multi-Site Self-Asserted Socially Validated Verified ! Pseudonymous ? ! Verified Anonymity Over 18 years Woman Voter CA Congressional District 9 Ms.Sue Donna DOB = 1/21/1982 1823 6th Ave. Alameda, CA
  148. 148. ? Anonymous One Site Multi-Site Self-Asserted Socially Validated Verified ! Pseudonymous
  149. 149. ? Anonymous One Site Multi-Site Self-Asserted Socially Validated Verified ! Pseudonymous !!
  150. 150. ? Anonymous One Site Multi-Site Self-Asserted Socially Validated Verified ! Pseudonymous !!
  151. 151. ? Anonymous One Site Multi-Site Self-Asserted Socially Validated Verified ! Pseudonymous !!
  152. 152. ? Anonymous One Site Multi-Site Self-Asserted Socially Validated Verified ! Pseudonymous !! Limited Liability Persona
  153. 153. Persona 1 Persona 2 Context 1 Context 2
  154. 154. Persona 1 Persona 2 Context
  155. 155. Context 1 Context 2 Persona
  156. 156. Reputation
  157. 157. Reputation Klout scores all the way down…
  158. 158. HoloCosmos.com Turtle Island
  159. 159. Back to Circles and Triangles
  160. 160. We won #nymwars….. right? In Conclusion: HOPE!
  161. 161. We won #nymwars….. right? In Conclusion: HOPE!
  162. 162. USING THE BC SERVICES CARD TO ACCESS ONLINE SERVICES British Columbia Services Card A Triple Blind System - very good & model to consider. In Conclusion: HOPE!
  163. 163. The Government set two specific tasks for the Panel: 1. Review the Province’s approach to digital services, recommending actions the Province can take to build citizens’ confidence in the Services Card and in the digital services that take advantage of the opportunities it creates. 2. Recommend principles and priorities for the design and implementa- tion of digital services and the next phase of the provincial identity management program to support the Province’s vision to save citizens’ time in their interaction with government and make it easier to access better quality services. From the White Paper: Designing the Digital Service Consultation 36 random from diversity of provinces met over 2 weekends to determine future policies of how tech should be used. In Conclusion: HOPE! Citizen Engagement for the British Columbia Services Card
  164. 164. In Conclusion: HOPE!
  165. 165. Opportunity that is NSTIC! Protect Anonymity and Pseudonymity Prevent Defense Industry Running ID In Conclusion: HOPE!
  166. 166. CREEPY NSA (and others) SPYING Rules for Lawful Intercept IN THIS BIGYELLOW BOX Where is NSTIC ? Not - SEXY Secrecy Not Resisting “the Man” In an Open Government Process - anyone can join. The results will become Tech+ policy and affect EVERYONE! DEFINING NORMATIVE RULES BUSINESS PRACTICES TECHNOLOGIES FOR EVERY DAY LIFE Citizen/Person - Gov Business - Consumer Business - Government Business - Business
  167. 167. Share your eMail with us. Join an NSTIC andVOTE Join an NSTIC Committee My blog has details - its a simple 15 step process :) Join Nym Rights! www.nymrights.org
  168. 168. Come to next Plenary: Florida at the Biometrics Conference Sept 17-19 www.idecosystem.org
  169. 169. Come to the next IIW last week of October :) Internet Identity Workshop
  170. 170. Questions + We posted a resource list identitywoman.net/hopex
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×