A Retrospective Look: Smelling the roses in the IDESG

The Identity Ecosystem Steering Group (IDESG), now in its third year, is a key part of the National Strategy for Trusted Identities in Cyberspace (NSTIC). It serves as a forum to build the core set of rules and standards to promote privacy, security, interoperability, and ease of use for online services. I wouldn’t say IDESG meetings are exactly like standards development meetings, but they are similar in that much of the contention and dissention makes me sure of two things:

1. There is some good old-fashioned policymaking going on, and
2. Something that really matters must be on the agenda.

If we hit the pause usa-button and take a moment to reflect, it turns out there’s some really promising forest amongst all those trees. In the IDESG in 2014, we saw a Strategic Plan that sets in place a broad series of outcomes and a Framework Development Plan that more granularly describes how the work would get done. Implicit—and sometimes explicit—in those documents are a thousand decisions IDESG members must collectively make. Colin Soutar, a consultant who has supported our office the last two years and was previously chair of the IDESG security committee, likes to remind us that, “nothing raises folks' level of attention like the whiff of a decision being made.” These decisions and deadlines are the smelling salts of policymaking and cross-organizational collaboration. What is great about the IDESG is that it offers a public-private sector forum with broad, open membership, no cost for entry, and global availability for all plenary and committee meetings (with time zone apologies to our IDESG members overseas). With a consensus process that gives everyone multiple opportunities to present solutions and provide feedback, the IDESG is set up to address tough issues and get sometimes contentious deliverables done right. The process is not always smooth, of course. Indeed, the bumps in the road are often the hallmark of an inclusive and exhaustive process that is working toward products and programs of real consequence. As the IDESG evolves in its third year, we are seeing work on the Identity Ecosystem Framework (IDEF) progressing deliberately and in an organized manner. The IDEF is a foundational document that presents the core requirements and standards, functional model, and means to assess and recognize conformance for the participants of the Identity Ecosystem. As noted, the IDESG issued a Framework Development Plan last year that calls for the IDESG committees to work collaboratively to implement the IDEF and a self-assessment and attestation program later this year. If you’ve been paying close attention, you’ve seen the IDESG committees set a real cadence. Key to this progress is the IDESG Framework Management Office, which was established last year to be the focal point across the IDESG for all framework development efforts. This past September the IDESG held one of its most significant meetings to date—approving its functional model, a strategic plan, and a framework development plan. At its January meeting, the IDESG continued this progress, assessing draft IDEF requirements and welcoming a new Executive Director. The wheels are turning and the IDESG is most definitely accelerating its pace. There is no question that the rest of 2015 will be critical for the IDESG to build on its current momentum and deliver on its goals, but what exactly should this look like? For my money, the most important question is whether the IDESG can stay focused on getting two key things done right:

1. Getting requirements approved and standards adopted. Two of the most essential components of the Identity Ecosystem Framework are requirements and standards—a fact emphasized in both the Strategic Plan and the Framework Development Plan.
2. Establishing a self-assessment and attestation program. While not the ultimate end-state of the IDESG recognition program, it is a critical step for the IDESG.

Accomplishing these two objectives this year should jumpstart the ability of multiple organizations and online service providers to identify and adopt trusted identity solutions and improve their delivery of secure, efficient, and privacy enhancing online services. With the Framework Management Office in full swing and ushering these processes along, a full-time executive director, dedicated communication support, and streamlining of governance and approval processes underway, the IDESG has the structures in place to continue increasing the pace of progress in accomplishing its goals. So too must our expectations. We should all continue to drive deliverables to help the IDESG in its mission to develop the IDEF. The IDESG is better positioned for success than it has ever been before and with continued effort, sharp focus, and clear prioritization, the organization is poised to demonstrate tangible and valuable progress to its members, stakeholders, and the identity market as a whole. So what’s in store for the IDESG in the near future? I believe we will see some major products, such as the Identity Ecosystem Framework (v.1) and the Self-Assessment and Attestation Program (v.1). And if progress continues to accelerate, we might just find the IDESG coming up roses in 2015. If you’re at RSA, attend the IDESG/NIST joint event today! April 22, 4:00pm PT, Moscone South, Room 300. Read more here. Register to join the Identity Ecosystem Steering Group here. Follow the NSTIC NPO on Twitter for the latest updates.