NSTIC ID Ecosystem
A Conceptual Model
Andrew Hughes
September 2013
AndrewHughes3000@gmail.com - September 2013 1
This slide deck was created September 2013 by Andrew Hughes – please contact for more information or
comments. This deck b...
Introduction
• The IDESG is seeking a way to represent the ID
Ecosystem and ID Ecosystem Framework
concepts
• Currently, t...
Objectives
• To describe the ID Ecosystem from the point of
view of an “Online Community”, its Transactions
and the role o...
Design Considerations
• The transaction between Online Community Members is the
central concern: all else exists to suppor...
NSTIC Vision*
Individuals and organizations
utilize secure, efficient, easy-to-use and
interoperable identity solutions
to...
The ID Ecosystem*
will consist of
different online communities
that use
interoperable
technology, processes, and policies
...
Trust Framework*
• developed by a community
• defines the rights and responsibilities of that
community‟s participants
• s...
The Central Concern
• The relationship and transactions that drive most (not all!) of
the requirements and use cases:
The ...
The View From The Moon
AndrewHughes3000@gmail.com - September
2013
10
e-Service
Provider
e-Service
Consumer
Transaction
Te...
Where‟s the IdP?
• For that matter, where‟s the CSP, CA, IDPV, RP?
• This conceptual model does not need them at the
highe...
The View From Voyager 1
AndrewHughes3000@gmail.com - September
2013
12
THE NSTIC ID ECOSYSTEM!
ID Ecosystem
Framework*
the overarching set of
interoperability standards,
risk models,
privacy and liability policies,
re...
The View From The 757
• The next three slides:
• The Online Community
• “Terms of Service”
• Fulfillment of Terms
• Keep i...
The “Online Community”
AndrewHughes3000@gmail.com - September
2013
15
The Community
• Shared values, beliefs,
principles
•...
“Terms of Service”
AndrewHughes3000@gmail.com - September
2013
16
Business
• Payment / Money
• Information
• Eligibility
L...
IdP, IDPV, Credentials,
Tokens
• Imagine some likely Terms of Service:
• Give me these attributes, cryptographically signe...
Fulfillment of Terms
AndrewHughes3000@gmail.com - September
2013
18
Business
• Payment / Money
• Information
• Eligibility...
An Online Community
AndrewHughes3000@gmail.com - September
2013
19
e-Service
Provider
e-Service
Consumer
Transaction
Terms...
A Question of Trust
• Question:
Who should the Online Community trust?
• Answer:
Community participants accredited by an A...
Accreditation Authority*
assesses and validates
identity providers,
attribute providers,
relying parties,
and identity med...
Trust Framework*, redux
• developed by a community
• defines the rights and responsibilities of that
community‟s participa...
Who Do You Trust?
• IDESG, via the Accreditation Authority:
• Assesses the Online Community and its participants
against t...
Interoperate Me
• Interoperability within an Online Community is a
defining feature of Online Communities
• IDESG could fo...
Now What?
• Starting with the conceptual model rationale in this
presentation, to build the ID Ecosystem:
• IDESG must sea...
These Slides
• These slides attempt to capture the concept and
pattern of the ID Ecosystem and ID Ecosystem
Framework as s...
Upcoming SlideShare
Loading in …5
×

A Conceptual Model for the NSTIC ID Ecosystem - Discussion Draft

283 views

Published on

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
283
On SlideShare
0
From Embeds
0
Number of Embeds
23
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

A Conceptual Model for the NSTIC ID Ecosystem - Discussion Draft

  1. 1. NSTIC ID Ecosystem A Conceptual Model Andrew Hughes September 2013 AndrewHughes3000@gmail.com - September 2013 1
  2. 2. This slide deck was created September 2013 by Andrew Hughes – please contact for more information or comments. This deck builds upon material in the presentation deck originally presented to IDESG Committees at the July 2013 IDESG Plenary meeting at MIT. AndrewHughes3000@gmail.com www.idimmusings.com This work is licensed under the Creative Commons Attribution 3.0 Unported License. To view a copy of this license, visit http://creativecommons.org/licenses/by/3.0/ or send a letter to Creative Commons, 444 Castro Street, Suite 900, Mountain View, California, 94041, USA. AndrewHughes3000@gmail.com - September 2013 2
  3. 3. Introduction • The IDESG is seeking a way to represent the ID Ecosystem and ID Ecosystem Framework concepts • Currently, there is no simple image that captures what the ID Ecosystem is as envisioned in the NSTIC Strategy document • This deck is an attempt to build a conceptual model that shows the nature of the ID Ecosystem and its essential aspects AndrewHughes3000@gmail.com - September 2013 3
  4. 4. Objectives • To describe the ID Ecosystem from the point of view of an “Online Community”, its Transactions and the role of the IDESG • To demonstrate a conceptual model of the ID Ecosystem that can be used as a tool to discover potential ecosystem participants and to explain what it means to be part of the ecosystem AndrewHughes3000@gmail.com - September 2013 4
  5. 5. Design Considerations • The transaction between Online Community Members is the central concern: all else exists to support the transaction • Must embody the NSTIC Guiding Principles • ID Solutions will be: privacy-enhancing and voluntary; secure and resilient; interoperable; cost-effective and easy to use • The conceptual model must be able to explain all possible ID Ecosystem candidate members • The conceptual model must predict flexibility in design of the ID Ecosystem • Start the conceptual model at the highest level of abstraction and slowly increase the specificity AndrewHughes3000@gmail.com - September 2013 5
  6. 6. NSTIC Vision* Individuals and organizations utilize secure, efficient, easy-to-use and interoperable identity solutions to access online services in a manner that promotes confidence, privacy, choice, and innovation. AndrewHughes3000@gmail.com - September 2013 6 *Source: The NSTIC Strategy Document
  7. 7. The ID Ecosystem* will consist of different online communities that use interoperable technology, processes, and policies AndrewHughes3000@gmail.com - September 2013 7 *Source: The NSTIC Strategy Document
  8. 8. Trust Framework* • developed by a community • defines the rights and responsibilities of that community‟s participants • specifies the policies and standards specific to the community • defines the community-specific processes and procedures that provide assurance • considers the level of risk associated with the transaction types of its participants AndrewHughes3000@gmail.com - September 2013 8 *Source: The NSTIC Strategy Document
  9. 9. The Central Concern • The relationship and transactions that drive most (not all!) of the requirements and use cases: The transaction between the e-Service Provider and their Customer • The e-Service Provider tells the Customer the Terms of Service for the transaction • The Customer fulfills the Terms of Service in order to receive service • All else exists to support, facilitate, and secure these interactions! AndrewHughes3000@gmail.com - September 2013 9
  10. 10. The View From The Moon AndrewHughes3000@gmail.com - September 2013 10 e-Service Provider e-Service Consumer Transaction Terms of Service Fulfillment of Terms The Online Community
  11. 11. Where‟s the IdP? • For that matter, where‟s the CSP, CA, IDPV, RP? • This conceptual model does not need them at the highest levels of abstraction • Wait for it – it‟s coming up in a few slides AndrewHughes3000@gmail.com - September 2013 11
  12. 12. The View From Voyager 1 AndrewHughes3000@gmail.com - September 2013 12 THE NSTIC ID ECOSYSTEM!
  13. 13. ID Ecosystem Framework* the overarching set of interoperability standards, risk models, privacy and liability policies, requirements, and accountability mechanisms that structure the Identity Ecosystem AndrewHughes3000@gmail.com - September 2013 13 *Source: The NSTIC Strategy Document
  14. 14. The View From The 757 • The next three slides: • The Online Community • “Terms of Service” • Fulfillment of Terms • Keep in mind: • The elements listed on the next few slides, constrained by and driven by IDESG designated interoperability standards, risk models, privacy and liability policies, requirements, and accountability mechanisms ARE the ID Ecosystem Framework AndrewHughes3000@gmail.com - September 2013 14
  15. 15. The “Online Community” AndrewHughes3000@gmail.com - September 2013 15 The Community • Shared values, beliefs, principles • Common goals and objectives • Has „tools‟ for joining • Has „tools‟ for locating • Could be mandated by law The Transaction • A particular set of commercial, social, „social contract‟, information exchanges that exist for the community, in support of their common goals Business • Shared need to perform transactions in the context of the community Legal • Trust Framework agreements • Commercial contracts • Legal Framework Technical • Protocol suites & capability • Network Connectivity • Shared Standards The Online Community
  16. 16. “Terms of Service” AndrewHughes3000@gmail.com - September 2013 16 Business • Payment / Money • Information • Eligibility Legal • Contract / Agreement • Terms and Conditions • Lawfulness Technical • Protocols & Standards • Crypto capability • Electronic Tokens & Credentials • Other technical capabilities
  17. 17. IdP, IDPV, Credentials, Tokens • Imagine some likely Terms of Service: • Give me these attributes, cryptographically signed by an Attribute Provider I recognize, so I can verify your eligibility • Prove that you have authenticated successfully with an IdP I have a trust relationship with • Prove that you did the authentication with a Level 4 Credential • That’s where they are – the „typical‟ federation entities are support mechanisms to enable Terms that leverage „outsourced/externalized/federated‟ services AndrewHughes3000@gmail.com - September 2013 17
  18. 18. Fulfillment of Terms AndrewHughes3000@gmail.com - September 2013 18 Business • Payment / Money • Information • Eligibility Proof Legal • Contract / Agreement • Terms and Conditions • Lawfulness Technical • Protocols & Standards • Crypto capability • Electronic Tokens & Credentials • Other technical capabilities
  19. 19. An Online Community AndrewHughes3000@gmail.com - September 2013 19 e-Service Provider e-Service Consumer Transaction Terms of Service Fulfillment of Terms The Online Community
  20. 20. A Question of Trust • Question: Who should the Online Community trust? • Answer: Community participants accredited by an Accreditation Authority • Question: Whose Trust Framework does the Accreditation Authority assess against? • Answer: The Community‟s Trust Framework, of course AndrewHughes3000@gmail.com - September 2013 20
  21. 21. Accreditation Authority* assesses and validates identity providers, attribute providers, relying parties, and identity media, ensuring that they all adhere to an agreed-upon trust framework (the community’s trust framework) AndrewHughes3000@gmail.com - September 2013 21 *Source: The NSTIC Strategy Document
  22. 22. Trust Framework*, redux • developed by a community • defines the rights and responsibilities of that community‟s participants • specifies the policies and standards specific to the community • defines the community-specific processes and procedures that provide assurance • considers the level of risk associated with the transaction types of its participants AndrewHughes3000@gmail.com - September 2013 22 *Source: The NSTIC Strategy Document
  23. 23. Who Do You Trust? • IDESG, via the Accreditation Authority: • Assesses the Online Community and its participants against that Online Community‟s Trust Framework (Operating Rules) • Confers Trustmarks to signal to participants that Assessments and Accreditation has been done to a known standard AndrewHughes3000@gmail.com - September 2013 23
  24. 24. Interoperate Me • Interoperability within an Online Community is a defining feature of Online Communities • IDESG could foster technology, process and policy interoperability between Online Communities by defining common Accreditation Patterns for the inter-Community interactions • IDESG, via the Accreditation Authority, could assess and issue Trustmarks for the inter- Community interactions AndrewHughes3000@gmail.com - September 2013 24
  25. 25. Now What? • Starting with the conceptual model rationale in this presentation, to build the ID Ecosystem: • IDESG must search for and find the Online Communities that resemble and are compatible with the conceptual model of the ID Ecosystem • Analyze the Online Community participants according to the parameters described in the conceptual model • That is: identify the transaction types, terms of service, mechanisms to fulfill terms, the archetypal e-Service Providers and e-Service Consumers • Document the ID Ecosystem Framework in concert with the discovery and analysis activities AndrewHughes3000@gmail.com - September 2013 25
  26. 26. These Slides • These slides attempt to capture the concept and pattern of the ID Ecosystem and ID Ecosystem Framework as set out in the NSTIC Strategy document • Further work is needed to refine and expand on the entities described in this deck, in order to achieve a more directly pragmatic level of detail AndrewHughes3000@gmail.com - September 2013 26

×