National Strategy for Trusted Identities in Cyberspace: Identifying a Trusted Ecosystem

Transcription

1 National Strategy for Trusted Identities in Cyberspace: Identifying a Trusted Ecosystem Mike Garcia Deputy Director, NSTIC National Program Office National Institute of Standards and Technology

2 What s this Identity Ecosystem Thingy? The foundation of enhanced online trust, reduced fraud and better customer experiences Individuals can choose among multiple identity providers and digital credentials for convenient, secure, and privacy-enhancing transactions anywhere, anytime.

3 Why do we need it? A marketplace exists but there are barriers the market has not yet addressed on its own Private sector will lead the effort Private sector is in the best position to drive solutions and ensure the Identity Ecosystem offers improved online trust and better customer experiences Federal government can serve as a convener, facilitator, and a catalyst states maybe could do more

4 Guiding Principles Identity solutions will be: Privacy-Enhancing and Voluntary Secure and Resilient Interoperable What re we gonna do? Cost-Effective and Easy To Use Implementation Steps Convene the private sector Identity Ecosystem Steering Group Catalyze a marketplace 12 pilot grants, ~$20M in 2 years Eat our own dog food Federal Cloud Exchange FICAM updates for modularity

5 How re we gonna do it? Modularity Replace failing pieces, not the whole Switching costs no longer rule the day Metcalf s law The current paradigm: lots of nodes within a single system The ecosystem model: lots of nodes within a complex of systems Performance, not technology lock-in Any technology could lose; hopefully many different ones win Solving policy conundrums catalyzes breakthrough

6 Who re we gonna trust? A trustmark is used to indicate that a product or service provider has met the requirements of the Identity Ecosystem The trustmark helps individuals and organizations make informed choices about the Identity Ecosystem-related practices of the service providers and identity media they select

7 How re we gonna trust em? Old School Core Operations Administration Transaction Registration ing Intermediation and Let s say instead of a big whopping framework, Maintenance Application Provisioning IDESG Functional Elements we dissect it into more discrete functions Request Request Sure, I ll get certified! Blinding Umm, I gotta do all Recovery of these?!? Attribute Control Token Binding Presentation Attribute Control Pseudonymization Updates (Periodic & Event Based) Attribute Verification Attribute Binding Validation Attribute Verification Exchange Redress Eligibility Decision Revocation Decision Decision

8 Core Operations IDESG Functional Elements How re we gonna trust em? New School Registration ing Transaction Intermediation Administration and Maintenance Application Provisioning Request Request Sure, I ll get certified! Blinding I m quite happy only Recovery doing these. Attribute Control Token Binding Presentation Attribute Control Pseudonymization Updates (Periodic & Event Based) Attribute Verification Attribute Binding Validation Attribute Verification Exchange Redress Eligibility Decision Revocation Decision Decision

9 Questions? Dr. Michael Garcia Deputy Director, NSTIC National Program Office National Institute of Standards and Technology