NSTIC ID Ecosystem
A Conceptual Model
v02
Andrew Hughes
September 2013
AndrewHughes3000@gmail.com - September 2013 1
This slide deck was created September 2013 by Andrew Hughes – please contact for more information or
comments. This deck b...
Objectives
• To describe the NSTIC ID Ecosystem focusing on
the interactions between members of an “Online
Community”*
• T...
Context
• This „conceptual model‟ sits above items such as
standards, use cases, functional models
• The intent is to offe...
The NSTIC ID
Ecosystem*
will consist of
different online communities
that use
interoperable
technology, processes, and pol...
Take-away Concepts
• A defining characteristic of the ID Ecosystem is
that it is comprised of “online communities”
interac...
NSTIC Vision*
Individuals and organizations
utilize secure, efficient, easy-to-use and
interoperable identity solutions
to...
Take-away Concepts
• Access to online services is the central concept of
the Vision
• “Identity Services” enable access to...
Trust Framework*
• developed by a community
• defines the rights and responsibilities of that
community‟s participants
• s...
Take-away Concepts
• The online community sets their own policies,
standards and rules around the transactions and
interac...
In A Nutshell
• Online Communities set their own rules according
to their members‟ needs
• Online Communities interact wit...
NSTIC ID Ecosystem?
AndrewHughes3000@gmail.com - September
2013
12
ID Ecosystem
Framework
Rules
Take-away Concepts
• Online Communities „inside the line‟ have been
evaluated against the ID Ecosystem Framework
policies,...
Online Community
• Take a closer look at the internal structure of an
“Online Community”
AndrewHughes3000@gmail.com - Sept...
A Proposed Point of View
• Within an Online Community, think of „Access to Online
Services‟ as an interaction or transacti...
The „Transaction‟
Point of View
In this point of view the working unit is
the interaction/transaction
between provider and...
A “Community” Unit
AndrewHughes3000@gmail.com - September
2013
17
e-Service
Provider
e-Service
Consumer
Transaction
Intera...
Where‟s the IdP?
• For that matter, where‟s the CSP, CA, IdP/V, RP
and all the other Assurance, Trust and Identity
bits?
•...
The “Online Community”
AndrewHughes3000@gmail.com - September
2013
19
The Community
• Shared values, beliefs, principles
•...
• The provider states the “Terms of Service” for
transacting or interacting with their online service
• The Terms must com...
Identity Services
• Imagine some possible Terms of Service:
• “Give me these attributes, cryptographically signed by an
At...
Some Examples of “Terms”
Business
• Payment / Money
• Information
• Eligibility
Legal
• Contract /
Agreement
• Terms and
C...
Entering the Ecosystem
• Online Communities become formal participants in
the NSTIC ID Ecosystem through an Accreditation
...
ID Ecosystem
Framework*
the overarching set of
interoperability standards,
risk models,
privacy and liability policies,
re...
Accreditation
• IDESG, via the Accreditation Authority:
• Assesses the Online Community and its participants
against that ...
Accreditation Authority*
assesses and validates
identity providers,
attribute providers,
relying parties,
and identity med...
Trust Framework*, redux
• developed by a community
• defines the rights and responsibilities of that
community‟s participa...
Interoperable?
• Interoperability within an Online Community is a
defining feature of Online Communities
• IDESG could fos...
Recap
• Online communities set their own rules according to their
members‟ needs
• Online communities interact with each o...
NSTIC ID Ecosystem?
AndrewHughes3000@gmail.com - September
2013
30
ID Ecosystem
Framework
Rules
A “Community” Unit
AndrewHughes3000@gmail.com - September
2013
31
e-Service
Provider
e-Service
Consumer
Transaction
Intera...
Next Steps
• Develop narrative scenarios that explain what an individual might
experience when seeking services or engagin...
Your Feedback
• Please consider commenting on this slide deck at
www.idimmusings.com
• Feedback, questions, concerns are w...
Upcoming SlideShare
Loading in …5
×

NSTIC IDESG ID Ecosystem Conceptual Model v02

946 views

Published on

A conceptual model of the nascent NSTIC ID Ecosystem. A proposal that the concept of Online Community is centred on the interaction between provider and consumer of online services, supported by Identity Service providers.

Published in: Business, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
946
On SlideShare
0
From Embeds
0
Number of Embeds
148
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

NSTIC IDESG ID Ecosystem Conceptual Model v02

  1. 1. NSTIC ID Ecosystem A Conceptual Model v02 Andrew Hughes September 2013 AndrewHughes3000@gmail.com - September 2013 1
  2. 2. This slide deck was created September 2013 by Andrew Hughes – please contact for more information or comments. This deck builds upon material in the presentation deck originally presented to IDESG Committees at the July 2013 IDESG Plenary meeting at MIT. AndrewHughes3000@gmail.com www.idimmusings.com This work is licensed under the Creative Commons Attribution 3.0 Unported License. To view a copy of this license, visit http://creativecommons.org/licenses/by/3.0/ or send a letter to Creative Commons, 444 Castro Street, Suite 900, Mountain View, California, 94041, USA. AndrewHughes3000@gmail.com - September 2013 2
  3. 3. Objectives • To describe the NSTIC ID Ecosystem focusing on the interactions between members of an “Online Community”* • To describe how major NSTIC Strategy Document elements work together to define an ID Ecosystem and its participants AndrewHughes3000@gmail.com - September 2013 3 * The “Online Community” is central to the NSTIC ID Ecosystem concept
  4. 4. Context • This „conceptual model‟ sits above items such as standards, use cases, functional models • The intent is to offer a view of what the target state ID Ecosystem might look like and give structure to the components of the NSTIC ID Ecosystem AndrewHughes3000@gmail.com - September 2013 4
  5. 5. The NSTIC ID Ecosystem* will consist of different online communities that use interoperable technology, processes, and policies AndrewHughes3000@gmail.com - September 2013 5 *Source: The NSTIC Strategy Document
  6. 6. Take-away Concepts • A defining characteristic of the ID Ecosystem is that it is comprised of “online communities” interacting in a variety of ways AndrewHughes3000@gmail.com - September 2013 6
  7. 7. NSTIC Vision* Individuals and organizations utilize secure, efficient, easy-to-use and interoperable identity solutions to access online services in a manner that promotes confidence, privacy, choice, and innovation. AndrewHughes3000@gmail.com - September 2013 7 *Source: The NSTIC Strategy Document
  8. 8. Take-away Concepts • Access to online services is the central concept of the Vision • “Identity Services” enable access to online services • The online services and identity services must have features and capabilities that encourage adoption and use, and mitigate concerns and barriers to acceptance AndrewHughes3000@gmail.com - September 2013 8
  9. 9. Trust Framework* • developed by a community • defines the rights and responsibilities of that community‟s participants • specifies the policies and standards specific to the community • defines the community-specific processes and procedures that provide assurance • considers the level of risk associated with the transaction types of its participants AndrewHughes3000@gmail.com - September 2013 9 *Source: The NSTIC Strategy Document
  10. 10. Take-away Concepts • The online community sets their own policies, standards and rules around the transactions and interactions of their members AndrewHughes3000@gmail.com - September 2013 10
  11. 11. In A Nutshell • Online Communities set their own rules according to their members‟ needs • Online Communities interact with each other in the ID Ecosystem • The rules of different Online Communities may be different • Access to online services enabled by identity solutions is at the heart of the ID Ecosystem AndrewHughes3000@gmail.com - September 2013 11
  12. 12. NSTIC ID Ecosystem? AndrewHughes3000@gmail.com - September 2013 12 ID Ecosystem Framework Rules
  13. 13. Take-away Concepts • Online Communities „inside the line‟ have been evaluated against the ID Ecosystem Framework policies, standards and rules • These communities meet the conditions of inclusion • The nature of the inter-community interactions is currently unknown and undefined (?) • Although there are Online Communities outside the NSTIC ID Ecosystem, they are not shown here AndrewHughes3000@gmail.com - September 2013 13
  14. 14. Online Community • Take a closer look at the internal structure of an “Online Community” AndrewHughes3000@gmail.com - September 2013 14
  15. 15. A Proposed Point of View • Within an Online Community, think of „Access to Online Services‟ as an interaction or transaction between a provider and consumer of that online service • The provider, consumer and service must abide by the rules of the Online Community – the Trust Framework rules • The online service consumer can choose which providers and services (and Communities!) meet their needs, including privacy, security, reliability, ease of use, confidence, etc. • The online service provider defines what an online service consumer must do in order to receive service – the “Terms of Service” • Some terms might be satisfied by presenting third-party credentials or tokens; or by payment; or by group affiliation or membership AndrewHughes3000@gmail.com - September 2013 15
  16. 16. The „Transaction‟ Point of View In this point of view the working unit is the interaction/transaction between provider and consumer plus the Terms of Service plus the Fulfillment of those terms meeting the community‟s Trust Framework rules – all else exists to support this interaction AndrewHughes3000@gmail.com - September 2013 16
  17. 17. A “Community” Unit AndrewHughes3000@gmail.com - September 2013 17 e-Service Provider e-Service Consumer Transaction Interaction Terms of Service Fulfillment of Terms Community Trust Framework Rules e-Service Provider e-Service Consumer Transaction Interaction Terms of Service Fulfillment of Termse-Service Provider e-Service Consumer Transaction Interaction Terms of Service Fulfillment of Termse-Service Provider e-Service Consumer Transaction Interaction Terms of Service Fulfillment of Termse-Service Provider e-Service Consumer Transaction Type Interaction Type Terms of Service Fulfillment of Terms
  18. 18. Where‟s the IdP? • For that matter, where‟s the CSP, CA, IdP/V, RP and all the other Assurance, Trust and Identity bits? • This conceptual model considers them to be the means by which Terms of Service are expressed and fulfilled – so they do not appear at this level of abstraction AndrewHughes3000@gmail.com - September 2013 18
  19. 19. The “Online Community” AndrewHughes3000@gmail.com - September 2013 19 The Community • Shared values, beliefs, principles • Common goals and objectives • Has „tools‟ for joining • Has „tools‟ for locating • Could be mandated by law The Transaction • A particular set of commercial, social, „social contract‟, or information exchanges that exist for the community, in support of their common goals Business • Shared need to perform transactions in the context of the community Legal • Trust Framework agreements • Commercial contracts • Legal Framework Technical • Protocol suites & capability • Network Connectivity • Shared Standards The Online Community Trust Framework Rules
  20. 20. • The provider states the “Terms of Service” for transacting or interacting with their online service • The Terms must comply with the Online Community Trust Framework Rules, including accessibility, privacy, security, etc. • The individual/consumer chooses which providers to interact with, in part based on the Terms offered “Terms of Service” AndrewHughes3000@gmail.com - September 2013 20
  21. 21. Identity Services • Imagine some possible Terms of Service: • “Give me these attributes, cryptographically signed by an Attribute Provider I recognize, so I can verify your eligibility” • “Prove that you have authenticated successfully with an IdP I have a trust relationship with” • “Prove that you did the authentication with a Level 4 Credential” • That’s where they are – the „typical‟ Identity Services are support mechanisms to enable Terms that leverage third party identity and credential services AndrewHughes3000@gmail.com - September 2013 21
  22. 22. Some Examples of “Terms” Business • Payment / Money • Information • Eligibility Legal • Contract / Agreement • Terms and Conditions • Lawfulness Technical • Protocols & Standards • Crypto capability • Electronic Tokens & Credentials • Other technical capabilities AndrewHughes3000@gmail.com - September 2013 22
  23. 23. Entering the Ecosystem • Online Communities become formal participants in the NSTIC ID Ecosystem through an Accreditation Program • The Accreditation Program is being designed by teams in the IDESG • The Accreditation Program will be documented within the ID Ecosystem Framework AndrewHughes3000@gmail.com - September 2013 23
  24. 24. ID Ecosystem Framework* the overarching set of interoperability standards, risk models, privacy and liability policies, requirements, and accountability mechanisms that structure the Identity Ecosystem AndrewHughes3000@gmail.com - September 2013 24 *Source: The NSTIC Strategy Document
  25. 25. Accreditation • IDESG, via the Accreditation Authority: • Assesses the Online Community and its participants against that Online Community‟s Trust Framework (Operating Rules) • Confers Trustmarks to signal to participants that Assessments and Accreditation has been done to a known standard AndrewHughes3000@gmail.com - September 2013 25
  26. 26. Accreditation Authority* assesses and validates identity providers, attribute providers, relying parties, and identity media, ensuring that they all adhere to an agreed-upon trust framework (the community’s trust framework) AndrewHughes3000@gmail.com - September 2013 26 *Source: The NSTIC Strategy Document
  27. 27. Trust Framework*, redux • developed by a community • defines the rights and responsibilities of that community‟s participants • specifies the policies and standards specific to the community • defines the community-specific processes and procedures that provide assurance • considers the level of risk associated with the transaction types of its participants AndrewHughes3000@gmail.com - September 2013 27 *Source: The NSTIC Strategy Document
  28. 28. Interoperable? • Interoperability within an Online Community is a defining feature of Online Communities • IDESG could foster technology, process and policy interoperability between Online Communities by defining common Accreditation Patterns for the inter-Community interactions • IDESG, via the Accreditation Authority, could assess and issue Trustmarks for the inter- Community interactions AndrewHughes3000@gmail.com - September 2013 28
  29. 29. Recap • Online communities set their own rules according to their members‟ needs • Online communities interact with each other in the ID Ecosystem • The rules of different Online Communities may be different • Access to online services enabled by identity solutions is at the heart of the ID Ecosystem • IDESG serves to establish the ID Ecosystem Framework and Programs needed to identify and evaluate Online Communities seeking to participate in the NSTIC ID Ecosystem AndrewHughes3000@gmail.com - September 2013 29
  30. 30. NSTIC ID Ecosystem? AndrewHughes3000@gmail.com - September 2013 30 ID Ecosystem Framework Rules
  31. 31. A “Community” Unit AndrewHughes3000@gmail.com - September 2013 31 e-Service Provider e-Service Consumer Transaction Interaction Terms of Service Fulfillment of Terms Community Trust Framework Rules e-Service Provider e-Service Consumer Transaction Interaction Terms of Service Fulfillment of Termse-Service Provider e-Service Consumer Transaction Interaction Terms of Service Fulfillment of Termse-Service Provider e-Service Consumer Transaction Interaction Terms of Service Fulfillment of Termse-Service Provider e-Service Consumer Transaction Type Interaction Type Terms of Service Fulfillment of Terms
  32. 32. Next Steps • Develop narrative scenarios that explain what an individual might experience when seeking services or engaging with a provider of services • Refine the concept of „Terms of Service‟ • Develop examples that explain how this new concept relates to real-world implementations • Define the nature of „interoperable interactions‟ between Online Communities • What policy, protocol, technology or practice conditions must exist in order to be considered „interoperable‟? • Relate the conceptual model to other IDESG work products • How does this model fit the work already completed in Standards, Security, Privacy, Functional Model, etc? AndrewHughes3000@gmail.com - September 2013 32
  33. 33. Your Feedback • Please consider commenting on this slide deck at www.idimmusings.com • Feedback, questions, concerns are welcome, please direct to AndrewHughes3000@gmail.com AndrewHughes3000@gmail.com - September 2013 33

×