1 / 9

Identity Ecosystem Framework and Charter Gap Analysis

Identity Ecosystem Framework and Charter Gap Analysis. Putting It All Together to Form Enforceable “Operating Rules ”*. Identity Proofing. Technical Specifications. Warranties. Liability for Losses. Credential Issuance. Privacy Standards. Existing Law. Existing Law.

yan
Download Presentation

Identity Ecosystem Framework and Charter Gap Analysis

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Identity Ecosystem Framework and Charter Gap Analysis

  2. Putting It All Together to Form Enforceable “Operating Rules”* Identity Proofing Technical Specifications Warranties Liability for Losses Credential Issuance Privacy Standards Existing Law Existing Law Dispute Resolution Security Standards Termination Rights Authentication Requirements Audit & Assessment Oversight Measure of Damages Reliance Rules Enforcement Mechanisms Enrolment Rules Credential Management Business and Technical Rules Enforcement Element Contract(s): “I Agree” to . . . Legal Rules (Contractual) * Content on this slide created by Thomas Smedinghoff of Edwards Wildman Palmer LLP

  3. IE Framework Proposed Components Warranties Liability for Losses Existing Law Dispute Resolution Termination Rights Enforcement Mechanisms Measure of Damages Legal Rules (Contractual) Operating Rules (Business and Technical) Credential Management Rules Accreditation/Certification Rules Security Standards Authentication Rules Privacy Policies and Rules Risk and Assurance Models/Rules NSTIC Strategy Document Identity Proofing Standards Interoperability Rules Technical and Process Standards and Specs Data Management/ Transmission Rules Additional IDESG Needs Attribute Management Rules Enrollment and Registration Rules IDESG Sustainment Plan Usability and Accessibility Guidelines Participant Business Models Red Circles = Potential component additions to Tom Smedinghoff’sconcept

  4. Committee-Framework Gap Analysis * Committees that are not listed (Health Care, Financial, Communications, Policy, International) have a contributory and advisory role – to contribute and advise on requirements for their respective domains/sectors to develop these Framework Components .

  5. Charter-Framework Gap Analysis

  6. Filling the Gaps—Recommendations • General: • Establish an Identity Ecosystem (IE) Operating Rules Committee to manage the maintenance of the IE Framework, identify gaps in the Framework, and where necessary develop components to fill those gaps. • Establish a Business Model Committee to create participant business models and value propositions; these are not necessarily “framework components” but are vital to promoting adoption of the Identity Ecosystem. • Credential Management Rules and Enrollment/Registration Rules: • Designate the Operating Rules Committee as the lead; these components do not fit clearly into the purpose and scope of existing committees and this committee is intended to address such gaps. • Or • Designate the Accreditation/Trust Framework (TF) Committee as the lead; the committee could address these as part of the accreditation process for IE participants.

  7. Filling the Gaps—Recommendations • Attribute Management Rules: • Establish an Attribute Management Committee as the lead; this component does not fit clearly into the purpose and scope of existing committees and the level of work needed to develop requirements for the IE attribute trust model necessitates the creation of a dedicated committee. • Or • Designate the Accreditation/TF Committee as the lead; the committee could address these rules as part of the accreditation process for IE participants. Additionally, some trust frameworks have begun efforts to address attribute management—this committee would be best placed to liaise with the trust frameworks and incorporate these efforts.

  8. Filling the Gaps—Recommendations • Interoperability Rules: • Designate the Accreditation/TF Committee as the lead; this committee will need to develop a means to ensure interoperability in the IE for adopted standards and specifications as part of the accreditation process for participants. This committee will need to work closely with the Standards Committee in the development of interoperability rules. • Or • Designate the Standards Committee as the lead; this committee will have the responsibility for reviewing and recommending standards and specifications for adoption and could also lead the development of interoperability rules for the implementation of adopted standards and specifications.

  9. Filling the Gaps—Recommendations • Data Management and Transmission Rules: • Designate the Security Committee as the lead with significant input from the Privacy Committee; Data Management and Transmission Rules are intended to address the specifications and controls for data interface, transmission, receipt and recording/maintenance which are primarily security issues. • Or • Designate the Privacy Committee and Security Committee as co-leads with responsibility for the Data Management and Transmission Rules which fall under their respective charters. Regardless of how the lead is established for this framework component, there will need to be significant coordination between these committees.

More Related