My heart bleeds for better identity solutions, my brain is excited by the progress

Last week marked three years since President Obama signed the National Strategy for Trusted Identities in Cyberspace (NSTIC). In the NSTIC, the President called for a new private-public sector partnership to create an Identity Ecosystem, where all consumers could choose from a variety of credentials that could be used in lieu of passwords to enable more secure, convenient and privacy-enhancing transactions everyplace they go online. 

Looking back over the last three years, one thing that stands out is how much easier it has become to make people understand the problems with passwords – the recent Heartbleed bug is only the latest in a seemingly endless series of incidents highlighting this issue – and the need to embrace multifactor authentication as a way to protect themselves against attacks. 

While it’s been great to see the marketplace respond with increased support for two factor authentication solutions – the reality is that consumers aren’t going to respond to an effort to replace the 25-30 passwords most of us manage today with 25-30 separate, stove piped two-factor solutions. We have to do better.

To truly improve security, we need to also improve convenience.  And that requires interoperability of strong credentials – at both a technical and a policy level – enabling consumers to use (should they so choose) the same strong credential at multiple sites.

To that end, it was great to see more than 170 people gather in person at Symantec’s headquarters in Mountain View, California earlier this month – joined by another 70 online – for the 8th plenary meeting of the Identity Ecosystem Steering Group (IDESG).  The IDESG was formed 20 months ago specifically to create a framework of standards, policies and business rules for the Identity Ecosystem that would enable this interoperability. 

What stood out about this most recent meeting was how much progress the IDESG is making – in both committees and in the full plenary – on advancing the Identity Ecosystem Framework (IEF): 

  • Incoming Plenary Chair Kim Little-Sutherland and Management Council Chair Peter Brown presented on plans to craft version 1 of the Identity Ecosystem Framework by the end of 2014.  This would create a baseline for entities to self-attest to compliance with the IEF and set the stage for development of a comprehensive compliance and conformance program in 2015.  Based on the draft presented, the IDESG committees will work this year to finalize the rules, policies, standards references, and other components needed to support the Identity Ecosystem envisioned in the NSTIC.
  • We saw the Security committee present version 1 of Identity Ecosystem functional elements that will help to guide other IDESG deliverables going forward.  Adam Madlin of host Symantec shared with the plenary guidelines on how IDESG committees can leverage these functional elements and a set of requirement derived from the NSTIC to develop IEF functional requirements specific to the committees’ domains, and components necessary for the framework.
  • We saw the first round of NSTIC pilots report on their progress in catalyzing a marketplace of trusted identity solutions: Criterion, AAMVA, Internet2 and Daon participated in a panel discussion exploring the challenges in balancing the four NSTIC guiding principles in pilot design and execution.  They also stressed the importance of articulating a clear value proposition for individuals in using trusted identities to conduct online transactions to ensure pilot success.
  • We heard from two new NSTIC pilots focused on state governments: Michigan and Pennsylvania detailed how their pilots will improve online delivery of state government services by leveraging trusted identity solutions.
  • And we saw a new NSTIC cross-pilot collaboration working group meet in person in Mountain View, focused on ways to capitalize on the lessons learned in the pilots and translate these into concrete recommendations to the IDESG.  Of note, Ryan Fox of the ID.me NSTIC pilot, in a presentation to the Standards Coordination Committee, described common challenges in identity proofing across multiple pilots, including the need in the market for metrics to better measure the performance of Knowledge-Based Authentication (KBA) solutions.  Such metrics could enable relying parties, such as financial services institutions, health care providers, and retailers to assess the comparative reliability of commercially available KBA solutions to conduct online identity verification, including user authentication.  The cross-pilot working group suggested that the IDESG contemplate proposing development of a new KBA performance standard in an appropriate Standards Development Organization – a potentially very useful standard to reference in the IEF.

The role of the pilots in supporting the IDESG – and of the IDESG in supporting the pilots – continues to expand with each plenary.  As both efforts advance, they are together helping to influence the marketplace, address barriers to marketplace adoption of better identity solutions, and create a framework to support a viable Identity Ecosystem.

Three years in there is still much work to be done – but there is also tremendous progress.  With the IDESG incorporating as a formal not-for-profit corporation, the formal launch of the Federal Cloud Credential Exchange (FCCX) later this spring and a third round of NSTIC pilots set to launch in September, 2014 looks to continue to be a very exciting year. 

We appreciate the efforts so many of you have made over the last three years – and look forward to working more with you over the months and years to come as we drive material improvements in the way we enable trusted identities in cyberspace. However much it pains us to see yet another failing of poor authentication systems, it only serves to validate our efforts to date and motivate us to work harder towards the NSTIC vision.

We look forward to seeing you all at the Ninth IDESG plenary, which we are pleased to host at NIST June 17-19.

Posted in Uncategorized | Leave a comment

REMINDER: 8th IDESG Plenary Meeting in Silicon Valley, April 1-3

We cordially invite you to join us at the 8th in-person plenary meeting of the Identity Ecosystem Steering Group (IDESG), hosted by Symantec at their headquarters in Mountain View, Calif., April 1 – April 3.  In-person and virtual participation is free and open to all stakeholders interested in building an environment that ensures transparency, confidence and privacy online in a way that is easy to use and understand for businesses, governments and individuals.

Register to attend here. Review the agenda for the April plenary meeting here.

Three things stood out during the  last plenary meeting in Atlanta:

  1. The National Strategy for Trusted Identities in Cyberspace (NSTIC) pilots are starting to drive the conversation.
  2. Trustmarks matter, and the work being done in some of the NSTIC pilots is helping to drive new concepts for trustmarks forward.
  3. The White House challenge to the IDESG: develop a basic trustmark scheme for the Identity Ecosystem and get backing from a handful of high profile early adopters.

The upcoming April IDESG plenary will further advance progress on these issues and more; stay tuned for more details on what to expect in Mountain View April 1-April 3.

Since the IDESG first launched in August 2012, it has willingly taken on the complex and messy challenges of crafting a framework for identity solutions that can replace passwords, allow individuals to prove online that they are who they claim to be, and enhance privacy. Since that first meeting (more about the very first IDESG meeting here), more than 200 organizations and individual members—your colleagues, your partners and perhaps even your competitors—have joined together to help move the Identity Ecosystem Framework forward.  We look forward to you joining us in April.

Posted in Uncategorized | 1 Comment

Putting the Fed in Federation (Part 3): A New Way to Buy Identity Services

Co-authored by: Dave McClure, Associate Administrator, Office of Citizen Services and Innovative Technologies, GSA; Jeremy Grant, Senior Executive Advisor, Identity Management, NIST; and Randy Miskanic, Vice President Secure Digital Solutions, USPS

As part of the National Strategy for Trusted Identities in Cyberspace (NSTIC), President Obama directed Federal agencies to be early adopters of the Identity Ecosystem – which NSTIC defines as “an online environment where individuals and organizations are able to trust each other because they follow agreed upon standards to obtain and authenticate their digital identities.”  Specifically, NSTIC calls upon agencies to:

“… lead by example and be an early adopter of identity solutions that align with the Identity Ecosystem Framework.  By adopting Identity Ecosystem solutions as a service provider, the Federal government will raise individual’s expectations and thus drive individuals’ demand for interoperability in their transactions with the private sector and other levels of government.   As a subject, the Federal Government must also continue to leverage its buying power as a significant customer of the private sector to motivate the supply of these solutions.”

In simple terms, this means that the Federal government should leverage the benefits of a privately-led Identity Ecosystem to offer better online services for citizens and businesses. To do this, we need:

1. A way for all agencies to leverage their purchasing power to buy standardized identity and authentication services that are interoperable across agencies.

2. A common infrastructure – the Federal Cloud Credential Exchange (FCCX) – that will allow agencies to integrate with these services with minimal effort.

3. A compelling business case that encourages the private sector to get their identity and authentication solutions approved for government use via the GSA Trust Framework Solutions program.

We’ve made good progress in establishing the common infrastructure – the US Postal Service (USPS) awarded a contract last summer to stand up the FCCX.  GSA also recently updated its Trust Framework Solutions program.  Both of these actions will make it easier for government and industry to partner on identity solutions that are standardized, interoperable, and offer value to all parties.

We still have work to do on establishing a way for agencies to buy standardized identity and authentication services.  While FCCX is the infrastructure to enable shared authentication services, we still have a hole in terms of standardizing credentials and how we buy them.  As a result, some agencies that have been moving forward with non-PKI solutions at levels of assurance (LOA) 2 and 3 have been doing so with solutions that do not interoperate with each other.  This is a problem for all of us as taxpayers and as citizens – we should not be asked to obtain and manage multiple credentials to do business with the government online.  As former White House Cybersecurity Coordinator Howard Schmidt noted in a blog post:

“…a citizen who is a veteran, a college student and a taxpayer ought not to have to obtain separate digital credentials at each agency website, but instead should be able to use ones he or she already has…Doing so allows the Federal government to streamline the customer experience and recognize real cost savings just when we need to be tightening our belts.”

A government-wide acquisition strategy is vital to realizing this vision – because agencies can only benefit if they are able to leverage a wide pool of interoperable credentials, and because our private sector partners need a clear and consistent understanding of how government will pay for their services.

GSA, NIST and USPS are working on an integrated strategy that creates an approach for government to purchase standardized identity solutions using a government-wide contract.

The approach we will be pursuing is one that is fundamentally different from the way that the government has procured these kinds of services in the past.  Rather than pay for credentials we intend to pay for authentication and attribute validation services.  This is fundamentally different for two reasons:

1. It provides industry flexibility in pricing its service to include elements like identity proofing and token issuance.

2. It allows industry to be compensated for the authentication of – and attribute exchange involving – credentials that were not originally issued for government purposes.  So long as the credentials are approved for government use, credentials issued originally for commercial purposes could also be the source of additional revenues the first time the credential is used at a government site.

This model shifts the government’s acquisition focus to what it needs:  services that provide authentication and attributes. Credentials are of course a necessary element of these services – but that fact alone does not mean the government should embrace a model where it pays for citizen credential issuance. Our strategy enables the NSTIC vision of a vibrant Identity Ecosystem where the same credentials can be used across the public and private sector.

While this long-term strategy is being fleshed out, the GSA’s Federal Acquisition Service (FAS) earlier this month released a Request for Proposals (RFP) under its Alliant vehicle seeking a limited quantity of authentication services to support the first phase of the FCCX pilot.

This RFP is intended solely to support authentications services at LOA 2 and 3 for the FCCX pilot.  It does not represent the government’s long term acquisition strategy for these services.  The next logical step – which we will pursue over the next year – is an acquisition vehicle that can support millions of authentication transactions for government services each year, and that will create a path for newly certified solutions to gain a spot on this acquisition vehicle.  As we seek to benefit from the broadest array of choices in the market, we need to let the marketplace know “if you are certified, you’ll be eligible to sell to us.”

Our long term goal is to have a vibrant ecosystem where citizens can choose to use a credential they already have to access most government sites and services, as well as creating a compelling value proposition for identity providers to meet government requirements and provide identity services.

Our offices are working through this strategy now and intend to develop it further over the next few months through collaboration both with government and industry. There is more to come, so stay tuned!

Posted in Uncategorized | Leave a comment

Join Us NEXT WEEK at RSA to Discuss How Privacy Enhancing Technologies Can Secure Identity Online

Join the National Program Office’s Senior Privacy Policy Advisor Naomi Lefkovitz at the RSA Conference in San Francisco on Wednesday, February 26, from 8AM-9AM PST to discuss enhanced privacy as a critical element of building trusted interaction online, the use of privacy-enhancing technology (PET) solutions, and challenges of commercial viability for PETs in identity systems.

Right click to save .ics file. Once downloaded, double click the file to open as an Outlook calendar item.

For more on the session: Privacy Enhancing Technologies: Pipe Dream or Unfulfilled Promise? Wednesday, February 26, 2014 | 8:00 AM – 9:00 AM | West | Room: 2017

Posted in Uncategorized | Leave a comment

NSTIC.GOV Gets a Makeover

After three years of work on multiple fronts implementing the NSTIC, we are pleased to announce a new look and feel for our website, www.nstic.gov.  With three rounds of pilot funding, facilitating the launch and operations of the Identity Ecosystem Steering Group (IDESG), and getting the federal government in the game as an early adopter of the Identity Ecosystem with the Federal Cloud Credential Exchange (FCCX), we set out to refresh the existing information and provide readers with easy entry points to important information that reflects where we are today and charts our course ahead.   Here are a few highlights:

CONTENT: We have updated content throughout nstic.gov, in particular by adding a new landing page on the Federal Cloud Credential Exchange (FCCX).  The FCCX is an initiative led by the United States Post Office, the General Services Administration – with support from  the NSTIC NPO – that leverages trusted identities to improve security and enhance the privacy of citizen interaction with the federal government.  We’ve also added new content on the core NSTIC guiding principles.

NEW FEATURES:  We added new features such as individual pages for each of the NSTIC pilot projects.  This will enable you to follow the progress of each pilot and the collective effort to “catalyze the marketplace” as the pilots tackle barriers to the Identity Ecosystem and seed the marketplace with “NSTIC-aligned” solutions to enhance privacy, security and convenience in online transactions.

STREAMLINED NAVIGATION:  We’ve streamlined the structure of the website by adding features such as bottom navigation and sortable databases for news stories, resources, and government announcements, providing easier and faster access to NSTIC information.

With twelve NSTIC pilots (and more to come!), this year’s FCCX launch, and the IDESG progressing toward an Identity Ecosystem Framework, the NPO plans to update the page frequently to keep you informed on progress within the government and in the private sectors to help individuals and organizations utilize secure, efficient, easy-to-use and interoperable identity credentials to access online services in a manner that promotes confidence, privacy, choice and innovation.

So go ahead, check it out, and check it often! www.nstic.gov.

 

Posted in Uncategorized | 1 Comment

Atlanta IDESG Plenary Recap: Pilots, Progress, and the Value of Trustmarks

In just 18 months, the IDESG has come a long way from its chaotic first meeting in Chicago.  The phrase of the week for over 200 total in-person and virtual attendees this month at the Identity Ecosystem Steering Group (IDESG) plenary in Atlanta: keep your foot on the gas. With this in mind, attendees set their sights on a challenge laid down by and a senior White House cyber security official in the opening keynote: develop a trustmark scheme by the end of 2014, backed by a handful of high profile early adopters.

Responding to this challenge, the newest round of NSTIC pilots made their presence known, work on the Identity Ecosystem Framework moved forward, and the IDESG has taken a major step forward toward becoming self-sustaining, with members voting to incorporate IDESG as a not-for-profit corporation, governed by a Board of Directors.  It has established a handful of core committees that are making progress each week on components of the Identity Ecosystem Framework.  And it is starting to integrate ideas and results from NSTIC pilots.

Looking back at the plenary, three things stood out:

NSTIC pilots are starting to drive the conversation.

The IDESG and the NSTIC pilots were always envisioned as complementary efforts– with pilot outcomes and deliverables directly feeding work on the Identity Ecosystem Framework in the IDESG, and with IDESG deliverables being used to assist the pilots.  We’d already seen good examples of the latter – with each of the NSTIC pilots using the IDESG Privacy Committee’s Privacy Evaluation Methodology (PEM) to assess and refine their own adherence to the NSTIC’s privacy guiding principle– but there were fewer examples of the pilots driving IDESG activities.

That seemed to change at this most recent plenary; the work the pilots are doing is now directly informing and influencing work in IDESG committees.  This should not be a surprise – 12 NSTIC pilots are now active, and many of them are directly tackling some of the hairy policy issues that identified in committees.  In some cases, the pilots are moving forward with new and innovative approaches that the committees have not contemplated – and as they share their work and lessons learned, it is helping to drive the committee work in new directions.

Trustmarks matter

As pilots have proceeded, an issue that has come up time and time again with interested relying parties is branding.  Most federated identity solutions today require RP’s to display the logos of the different identity providers that they accept– but many companies have bristled at the notion of displaying the logos of other firms on their homepage.  We’ve seen this in two NSTIC pilots, where the “identity guys” in major firms that wanted to participate could not persuade their marketing and branding teams to allow it – the teams would not stand for other logos on their website.

Yet these same sites do have other logos that are not company names but rather trustmarks – think VISA or BBBOnline – that tell customers how payment cards will be handled or whether a firm complies with the Better Business Bureau’s code of business practices.  It’s not a new logo that is an issue, it’s that logos tied to specific brands may be off-putting.

A company-neutral trustmark for online identity that is recognized by consumers and businesses may go a long way toward enabling consumers and businesses to more readily reap the benefits of the identity ecosystem. NSTIC itself discussed the importance of this trustmark – but progress has been elusive.

To that end, the work being done in some of the NSTIC pilots is helping to drive new concepts for trustmarks forward.  GTRI and Internet2 teamed up on a “Future of Trust” session on Day 2 of the plenary that discussed some new and novel approaches for applying the trustmark concept to the identity ecosystem.

 

The White House challenge

It’s not just the pilots that are driving the trustmark conversation.  On the first day, the IDESG heard a keynote from Andy Ozment, Senior Director for Cybersecurity on National Security Staff at the White House, where Andy reinforced the importance of NSTIC not only to the nation’s efforts to improve cybersecurity, but also as a keystone to efforts to ensure the openness, freedom and interoperability of the Internet.

When asked by an audience member what single task he wanted the IDESG to tackle in 2014, Andy had a simple answer: he challenged the IDESG to develop a basic trustmark scheme for the Identity Ecosystem and get backing from a handful of high profile early adopters.

This may not be a simple task, but we believe it is achievable.  The IDESG Trust Framework and Trustmark (TFTM) committee has been hard at work over the last year, and its efforts – combined with some of the new thinking emerging from the pilots – offer plenty of elements that can move this task forward.  The challenge over the next few months is to reconcile these different approaches on how a trustmark scheme can be created, and put a roadmap in place that will allow it to advance.

To that end, the next IDESG plenary is set for April 1-3 in Silicon Valley; details are at http://www.idecosystem.org/.  We expect a great discussion and continued progress – both in the weeks leading up to it, as well as at the event – on how to drive a trustmark for the Identity Ecosystem Framework forward.

Posted in Uncategorized | Leave a comment

Building the Future of Identity Privacy

On Data Privacy Day, the NSTIC National Program Office is taking some time to reflect on our own efforts to improve privacy online. Fulfilling the promise of enhanced privacy is a critical element of building trusted interaction online. The first of the Strategy’s guiding principles, finding new solutions that are privacy-enhancing and voluntary has been a key driver of pilot project selection and the NPO’s work to drive innovative approaches to online identity. One of the primary methods for improving privacy we have been encouraging is the use of privacy-enhancing technologies (PETs) – a topic I will be discussing at the upcoming RSA Conference, in a P2P session – Privacy-enhancing Technologies: Pipe Dream or Unfulfilled Promise?

The NSTIC envisions an “Identity Ecosystem” that curbs unneeded sharing of personal data and helps limit comprehensive tracking of people through their identity transactions, while still providing for a robust marketplace of trustworthy and secure digital credentials. Trusted identities can provide a variety of benefits: enhanced security, improved privacy, new types of transactions, reduced costs, easier to use credentials, and better customer service. Minimizing the data transmitted in transactions not only protects consumers’ privacy, it can enhance businesses’ ability to protect their reputation. However, there are high-value services that require effectively validating that customers are who they claim to be – such as in the financial and health care sectors as they move into the mobile economy.

Certain types of PETs employ well-researched methods of cryptography and can provide strong assurances about users’ credentials without the need for detailed exchanges of personal information. Imagine a customer providing a valid driver’s license to prove her age without actually revealing her full birth date or other unnecessary information. Moreover, privacy-enhancing cryptography can prevent the credential issuer from tracking service providers while still providing valid identification. In other words, service providers can realize the benefits of outsourcing identity management without also enabling credential issuers to build profiles of their customers to sell to competitors.

While PETs that can provide the fundamental cryptographic support for anonymous transactions online have existed for some time, private sector adoption of these technologies has been almost non-existent. Despite growing demand for enhanced privacy online, online service providers have failed to provide solutions that would give users the ability to authenticate for privilege escalation with, for example, “zero-knowledge.” As a result, users often must disclose a large amount of personal information unrelated to purpose of their request in order to realize their desired transactional outcome. The use and storage of this personal information creates a fundamental and unnecessary barrier to building trusted transactions online.

The Federal Cloud Credential Exchange (FCCX), a cloud-based identity federation pilot being implemented by the United States Post Office, the General Administration Services and the NPO, is a developing example of how we can manage the privacy of identity interactions between citizens and the Federal government. Currently, the FCCX supports “unlinkable” interactions through the system – meaning that a broker in the middle prevents credential providers from knowing at which agencies citizens are using their credentials and prevents agencies from knowing which credential provider citizens are using. But more work must be done, and the FCCX team is currently investigating PETs to support truly unobservable transactions, so citizens can access government services without fear of outside tracking or exposure of their identities.

So why aren’t PETs more widespread? I’ll be exploring how to achieve commercial viability for PETs in identity systems at the upcoming RSA Conference in San Francisco. If you’re in the Bay Area for the conference, please grab a seat at my session, in the Peer2Peer track on February 26th. It’s time to fulfill the promise of privacy-enhancing technologies.

Posted in Uncategorized | Leave a comment

REMINDER: NSTIC Pilot Applicants’ Conference January 31

The NSTIC National Program Office is pleased to announce the kickoff of a third round of NSTIC pilot projects – providing another opportunity for stakeholders to support the President’s strategy to improve the privacy, security, and convenience of online transactions through innovation in the emerging Identity Ecosystem. The new Federal Funding Opportunity (FFO) announcement has been posted; for details, click here.

NIST will hold an Applicants’ Conference in the Washington, D.C. area on January 31st from 1:30 to 3:30 Eastern Time at NIST’s Main Campus, 100 Bureau Drive, Gaithersburg, MD 20899. This Applicants’ Conference will also be available as a webinar. The conference will be in Lecture Room A on the first floor of the Administration Building (Building 101). Pre-registration for the Washington Applicants’ Conference is required by 5:00 PM EST January 27, 2014. Due to increased security at NIST, all attendees MUST be pre-registered; NO on-site registrations will be accepted. No registration fee will be charged. Registration for both the public meeting and the webinar is at: http://www.nist.gov/itl/nstic-public-meeting.cfm. NPO staff will be on hand to review the FFO and take questions.

Posted in Uncategorized | Leave a comment

NSTIC 2014 Pilot Opportunity Underway!

The NSTIC National Program Office is pleased to announce the kickoff of a third round of NSTIC pilot projects – providing another opportunity for stakeholders to support the President’s strategy to improve the privacy, security, and convenience of online transactions through innovation in the emerging Identity Ecosystem. The new Federal Funding Opportunity (FFO) announcement has been posted; for details, click here.

Pilots have been an integral part of the NSTIC implementation plan, with NIST looking to fund pilot solutions that can demonstrate material advances in identity and authentication and build a stronger foundation for the Identity Ecosystem. The NSTIC 2014 pilot funding opportunity builds on the successful launch in 2012 and 2013 of twelve NSTIC pilot projects, cumulatively awarded over $18 million in funding.  For more information on previous year winners, click here.

NIST will hold an Applicants’ Conference in the Washington, D.C. area on January 31st from 1:30 to 3:30 Eastern Time at NIST’s Main Campus, 100 Bureau Drive, Gaithersburg, MD 20899. This Applicants’ Conference will also be available as a webinar. The conference will be in Lecture Room A on the first floor of the Administration Building (Building 101). Pre-registration for the Washington Applicants’ Conference is required by 5:00 PM EST January 27, 2014. Due to increased security at NIST, all attendees MUST be pre-registered; NO on-site registrations will be accepted. No registration fee will be charged. Registration for both the public meeting and the webinar is at:  http://www.nist.gov/itl/nstic-public-meeting.cfm. NPO staff will be on hand to review the FFO and take questions.

We were thrilled by the overwhelming show of interest in the NSTIC Pilots opportunity last year, as well as the wide array of innovative ideas that were submitted. We look forward to reviewing your proposals!

 - The NSTIC National Program Office

Posted in Uncategorized | Leave a comment

Don’t Miss: New 2013 NSTIC Pilots Update Webcast from the IDESG Atlanta Plenary January 16

Please join us Thursday, January 16 at 9:00am eastern for an Identity Ecosystem Steering Group (IDESG) plenary webcast featuring updates from the new 2013 round of NSTIC pilot projects.  Learn more about how these innovative pilots are helping to catalyze a marketplace of trusted identity solutions.

NSTIC pilot presenters will share with webinar attendees an update on the launch of their respective solutions, including how they plan to contribute to the emerging Identity Ecosystem Framework currently being developed in various IDESG committees. Jeremy Grant of the NSTIC National Program Office will moderate, including leading a question and answer period after the presentations.

The NSTIC pilots presenting are:

Exponent.  The Exponent pilot will issue secure, easy-to-use and privacy-enhancing credentials to users to help secure applications and networks at a leading social media company, a health care organization and the U.S. Department of Defense.

Georgia Tech Research Corporation.  The GTRC pilot will develop and demonstrate a “Trustmark Framework” that seeks to improve trust, interoperability and privacy within the Identity Ecosystem. Trustmarks are a badge, image or logo displayed on a website to indicate that the website business has been shown to be trustworthy by the issuing organization.

Privacy Vaults Online, Inc. (PRIVO) Children represent a unique challenge when it comes to online identity. PRIVO will pilot a solution that provides families with COPPA-compliant, secure, privacy-enhancing credentials that will enable parents and guardians to authorize their children to interact with online services in a more privacy-enhancing and usable way.

ID.me, Inc..  ID.me, Inc.’s Troop ID will develop and pilot trusted identity solutions that will allow military families to access sensitive information online from government agencies, financial institutions and health care organizations in a more privacy-enhancing, secure and efficient manner.

Transglobal Secure Collaboration Participation, Inc.  The TSCP pilot will deploy trusted credentials to conduct secure business-to-business, government-to-business and retail transactions for small and medium-sized businesses and financial services companies, including Fidelity Investments and Chicago Mercantile Exchange.

To access the IDESG plenary webcast, visit http://trustedfederal.omnovia.com/room1. When selecting to login as an attendee during the webcast, only an email address will be required.  IDESG members may also login with their preferred online accounts at www.idecosystem.org/webinar.

To add an entry to your calendar, click here:  https://www.idecosystem.org/sites/default/files/New%202013%20NSTIC%20Pilots%20Update%20Webcast%20from%20the%20IDESG%20Atlanta%20Plenary%20January%2016.ics

For support related issues, please email idecosystem@trustedfederal.com

Posted in Uncategorized | Leave a comment