In a Press Release from the White House, the US Administration has just released a much more fully developed National Strategy for Trusted Identities in Cyberspace (NSTIC). Much is promised.
The Strategy envisions most of the research effort, innovation and service provision needed to deliver will come from the private sector. But unless the National Program Office is well resourced and provides a driving force, I suspect it will be a very slow road. The US Administration has been promising a National Strategy for Trusted Identities in Cyberspace (NSTIC) for some time.
And now a much more fully developed NSTIC strategy has been released. In a significant Press Release from the White House, much is promised. Indeed, some will argue that the Press Release has a lot of warm air blowing through it.
But don't dismiss it too quickly. It is much more important to read the just released NSTIC Strategy itself.
I have had a quick read and the meat starts on page 21 of the new Strategy document in a Chapter called the Identity Ecosystem. The Identity Ecosystem Execution Components described on page 22 appear to be highly consistent with the Laws of Identity first described by Kim Cameron and in the subsequent Identity Metasystem (also summarised in Wikipedia). The key would appear to be the Identity Ecosystem Framework described on p 24 which is described as “the overarching set of interoperability standards, risk models, privacy and liability policies, requirements, and accountability mechanisms that structure the Identity Ecosystem”. Hence the work of Kantara on User Managed Access (UMA) and others are important in shaping those standards. The other components described in this part of the NSTIC strategy are equally important.
But their expectations of how this evolves are probably best summed up in the following para on p 25:
“The Identity Ecosystem Framework will not be developed overnight It will take time for different participants to reach agreement on all of the policy and technical standards necessary to fulfill the Strategy’s vision Initially, the Identity Ecosystem Framework is likely to contain a fairly minimal set of commonly agreed upon standards The Identity Ecosystem Framework will become more robust over time as participants are able to come to agreement on different standards”
Quite sensible goals and objectives for putting all this in place are set out on p 29.
The key will be the extent to which the US administration and private sector parties commit resources to delivering them.
Is this gloss or will there be serious effort? Hence it will be interesting to see how the National Program Office described on page 38 is resourced. While the Strategy envisions most of the research effort, innovation and service provision needed to deliver it will come from the private sector, unless the National Program Office provides a driving force, I suspect it will be a very slow road.