The document outlines a conceptual model for the NSTIC ID ecosystem, which emphasizes the role of online communities that utilize interoperable technologies for accessing identity solutions. It describes the ecosystem's framework, focusing on how these communities interact, define their own policies, and the accreditation process necessary for participation. The model aims to enhance access to online services while ensuring trust, privacy, and security among users.

1. NSTIC ID Ecosystem
A Conceptual Model
v02
Andrew Hughes
September 2013
AndrewHughes3000@gmail.com - September 2013 1

2. This slide deck was created September 2013 by Andrew Hughes – please contact for more information or
comments. This deck builds upon material in the presentation deck originally presented to IDESG
Committees at the July 2013 IDESG Plenary meeting at MIT.
AndrewHughes3000@gmail.com
www.idimmusings.com
This work is licensed under the Creative Commons Attribution 3.0 Unported License. To view a copy of
this license, visit http://creativecommons.org/licenses/by/3.0/ or send a letter to Creative Commons, 444
Castro Street, Suite 900, Mountain View, California, 94041, USA.
AndrewHughes3000@gmail.com - September
2013
2

3. Objectives
• To describe the NSTIC ID Ecosystem focusing on
the interactions between members of an “Online
Community”*
• To describe how major NSTIC Strategy Document
elements work together to define an ID Ecosystem
and its participants
AndrewHughes3000@gmail.com - September
2013
3
* The “Online Community” is central to the NSTIC ID Ecosystem concept

4. Context
• This „conceptual model‟ sits above items such as
standards, use cases, functional models
• The intent is to offer a view of what the target
state ID Ecosystem might look like and give
structure to the components of the NSTIC ID
Ecosystem
AndrewHughes3000@gmail.com - September
2013
4

5. The NSTIC ID
Ecosystem*
will consist of
different online communities
that use
interoperable
technology, processes, and policies
AndrewHughes3000@gmail.com - September
2013
5
*Source: The NSTIC Strategy
Document

6. Take-away Concepts
• A defining characteristic of the ID Ecosystem is
that it is comprised of “online communities”
interacting in a variety of ways
AndrewHughes3000@gmail.com - September
2013
6

7. NSTIC Vision*
Individuals and organizations
utilize secure, efficient, easy-to-use and
interoperable identity solutions
to access online services
in a manner that
promotes confidence, privacy, choice, and
innovation.
AndrewHughes3000@gmail.com - September
2013
7
*Source: The NSTIC Strategy
Document

8. Take-away Concepts
• Access to online services is the central concept of
the Vision
• “Identity Services” enable access to online
services
• The online services and identity services must
have features and capabilities that encourage
adoption and use, and mitigate concerns and
barriers to acceptance
AndrewHughes3000@gmail.com - September
2013
8

9. Trust Framework*
• developed by a community
• defines the rights and responsibilities of that
community‟s participants
• specifies the policies and standards specific to the
community
• defines the community-specific processes and
procedures that provide assurance
• considers the level of risk associated with the
transaction types of its participants
AndrewHughes3000@gmail.com - September
2013
9
*Source: The NSTIC Strategy
Document

10. Take-away Concepts
• The online community sets their own policies,
standards and rules around the transactions and
interactions of their members
AndrewHughes3000@gmail.com - September
2013
10

11. In A Nutshell
• Online Communities set their own rules according
to their members‟ needs
• Online Communities interact with each other in the
ID Ecosystem
• The rules of different Online Communities may be
different
• Access to online services enabled by identity
solutions is at the heart of the ID Ecosystem
AndrewHughes3000@gmail.com - September
2013
11

12. NSTIC ID Ecosystem?
AndrewHughes3000@gmail.com - September
2013
12
ID Ecosystem
Framework
Rules

13. Take-away Concepts
• Online Communities „inside the line‟ have been
evaluated against the ID Ecosystem Framework
policies, standards and rules
• These communities meet the conditions of inclusion
• The nature of the inter-community interactions is
currently unknown and undefined (?)
• Although there are Online Communities outside
the NSTIC ID Ecosystem, they are not shown
here
AndrewHughes3000@gmail.com - September
2013
13

14. Online Community
• Take a closer look at the internal structure of an
“Online Community”
AndrewHughes3000@gmail.com - September
2013
14

15. A Proposed Point of View
• Within an Online Community, think of „Access to Online
Services‟ as an interaction or transaction between a
provider and consumer of that online service
• The provider, consumer and service must abide by the rules
of the Online Community – the Trust Framework rules
• The online service consumer can choose which providers
and services (and Communities!) meet their needs, including
privacy, security, reliability, ease of use, confidence, etc.
• The online service provider defines what an online service
consumer must do in order to receive service – the “Terms of
Service”
• Some terms might be satisfied by presenting third-party credentials
or tokens; or by payment; or by group affiliation or membership
AndrewHughes3000@gmail.com - September
2013
15

16. The „Transaction‟
Point of View
In this point of view the working unit is
the interaction/transaction
between provider and consumer
plus the Terms of Service
plus the Fulfillment of those terms
meeting the community‟s Trust Framework rules
– all else exists to support this interaction
AndrewHughes3000@gmail.com - September
2013
16

17. A “Community” Unit
AndrewHughes3000@gmail.com - September
2013
17
e-Service
Provider
e-Service
Consumer
Transaction
Interaction
Terms
of Service
Fulfillment
of Terms
Community Trust Framework Rules
e-Service
Provider
e-Service
Consumer
Transaction
Interaction
Terms
of Service
Fulfillment
of Termse-Service
Provider
e-Service
Consumer
Transaction
Interaction
Terms
of Service
Fulfillment
of Termse-Service
Provider
e-Service
Consumer
Transaction
Interaction
Terms
of Service
Fulfillment
of Termse-Service
Provider
e-Service
Consumer
Transaction Type
Interaction Type
Terms
of Service
Fulfillment
of Terms

18. Where‟s the IdP?
• For that matter, where‟s the CSP, CA, IdP/V, RP
and all the other Assurance, Trust and Identity
bits?
• This conceptual model considers them to be the
means by which Terms of Service are expressed
and fulfilled – so they do not appear at this level of
abstraction
AndrewHughes3000@gmail.com - September
2013
18

19. The “Online Community”
AndrewHughes3000@gmail.com - September
2013
19
The Community
• Shared values, beliefs, principles
• Common goals and objectives
• Has „tools‟ for joining
• Has „tools‟ for locating
• Could be mandated by law
The Transaction
• A particular set of commercial,
social, „social contract‟, or
information exchanges that exist
for the community, in support of
their common goals
Business
• Shared need to perform
transactions in the context
of the community
Legal
• Trust Framework
agreements
• Commercial contracts
• Legal Framework
Technical
• Protocol suites & capability
• Network Connectivity
• Shared Standards
The Online Community
Trust Framework Rules

20. • The provider states the “Terms of Service” for
transacting or interacting with their online service
• The Terms must comply with the Online Community
Trust Framework Rules, including accessibility,
privacy, security, etc.
• The individual/consumer chooses which providers
to interact with, in part based on the Terms offered
“Terms of Service”
AndrewHughes3000@gmail.com - September
2013
20

21. Identity Services
• Imagine some possible Terms of Service:
• “Give me these attributes, cryptographically signed by an
Attribute Provider I recognize, so I can verify your
eligibility”
• “Prove that you have authenticated successfully with an
IdP I have a trust relationship with”
• “Prove that you did the authentication with a Level 4
Credential”
• That’s where they are – the „typical‟ Identity Services
are support mechanisms to enable Terms that
leverage third party identity and credential services
AndrewHughes3000@gmail.com - September
2013
21

22. Some Examples of “Terms”
Business
• Payment / Money
• Information
• Eligibility
Legal
• Contract /
Agreement
• Terms and
Conditions
• Lawfulness
Technical
• Protocols &
Standards
• Crypto capability
• Electronic Tokens &
Credentials
• Other technical
capabilities
AndrewHughes3000@gmail.com - September
2013
22

23. Entering the Ecosystem
• Online Communities become formal participants in
the NSTIC ID Ecosystem through an Accreditation
Program
• The Accreditation Program is being designed by
teams in the IDESG
• The Accreditation Program will be documented
within the ID Ecosystem Framework
AndrewHughes3000@gmail.com - September
2013
23

24. ID Ecosystem
Framework*
the overarching set of
interoperability standards,
risk models,
privacy and liability policies,
requirements, and
accountability mechanisms
that structure the Identity Ecosystem
AndrewHughes3000@gmail.com - September
2013
24
*Source: The NSTIC Strategy
Document

25. Accreditation
• IDESG, via the Accreditation Authority:
• Assesses the Online Community and its participants
against that Online Community‟s Trust Framework
(Operating Rules)
• Confers Trustmarks to signal to participants that
Assessments and Accreditation has been done to a
known standard
AndrewHughes3000@gmail.com - September
2013
25

26. Accreditation Authority*
assesses and validates
identity providers,
attribute providers,
relying parties,
and identity media,
ensuring that they all adhere
to an agreed-upon trust framework
(the community’s trust framework)
AndrewHughes3000@gmail.com - September
2013
26
*Source: The NSTIC Strategy
Document

27. Trust Framework*, redux
• developed by a community
• defines the rights and responsibilities of that
community‟s participants
• specifies the policies and standards specific to the
community
• defines the community-specific processes and
procedures that provide assurance
• considers the level of risk associated with the
transaction types of its participants
AndrewHughes3000@gmail.com - September
2013
27
*Source: The NSTIC Strategy
Document

28. Interoperable?
• Interoperability within an Online Community is a
defining feature of Online Communities
• IDESG could foster technology, process and
policy interoperability between Online
Communities by defining common Accreditation
Patterns for the inter-Community interactions
• IDESG, via the Accreditation Authority, could
assess and issue Trustmarks for the inter-
Community interactions
AndrewHughes3000@gmail.com - September
2013
28

29. Recap
• Online communities set their own rules according to their
members‟ needs
• Online communities interact with each other in the ID
Ecosystem
• The rules of different Online Communities may be different
• Access to online services enabled by identity solutions is at
the heart of the ID Ecosystem
• IDESG serves to establish the ID Ecosystem Framework
and Programs needed to identify and evaluate Online
Communities seeking to participate in the NSTIC ID
Ecosystem
AndrewHughes3000@gmail.com - September
2013
29

30. NSTIC ID Ecosystem?
AndrewHughes3000@gmail.com - September
2013
30
ID Ecosystem
Framework
Rules

31. A “Community” Unit
AndrewHughes3000@gmail.com - September
2013
31
e-Service
Provider
e-Service
Consumer
Transaction
Interaction
Terms
of Service
Fulfillment
of Terms
Community Trust Framework Rules
e-Service
Provider
e-Service
Consumer
Transaction
Interaction
Terms
of Service
Fulfillment
of Termse-Service
Provider
e-Service
Consumer
Transaction
Interaction
Terms
of Service
Fulfillment
of Termse-Service
Provider
e-Service
Consumer
Transaction
Interaction
Terms
of Service
Fulfillment
of Termse-Service
Provider
e-Service
Consumer
Transaction Type
Interaction Type
Terms
of Service
Fulfillment
of Terms

32. Next Steps
• Develop narrative scenarios that explain what an individual might
experience when seeking services or engaging with a provider of
services
• Refine the concept of „Terms of Service‟
• Develop examples that explain how this new concept relates to real-world
implementations
• Define the nature of „interoperable interactions‟ between Online
Communities
• What policy, protocol, technology or practice conditions must exist in order to
be considered „interoperable‟?
• Relate the conceptual model to other IDESG work products
• How does this model fit the work already completed in Standards, Security,
Privacy, Functional Model, etc?
AndrewHughes3000@gmail.com - September
2013
32

33. Your Feedback
• Please consider commenting on this slide deck at
www.idimmusings.com
• Feedback, questions, concerns are welcome,
please direct to AndrewHughes3000@gmail.com
AndrewHughes3000@gmail.com - September
2013
33