Identity Ecosystem Framework


Text from the National Strategy for Trusted Identities in Cyberspace (NSTIC) Strategy Document.

The Identity Ecosystem will consist of different online community of Interests that use interoperable technology, processes, and policies. These will be developed over time—but always with a baseline of privacy, interoperability, and security. The different components include:

The Identity Ecosystem Framework is the overarching set of interoperability standards, risk models, privacy and liability policies, requirements, and accountability mechanisms that structure the Identity Ecosystem.

  • A steering group will administer the process for policy and standards development for the Identity Ecosystem Framework in accordance with the Guiding Principles in this Strategy. The steering group will also ensure that accreditation authorities validate participants’ adherence to the requirements of the Identity Ecosystem Framework.
  • A Trust Framework is developed by a community whose members have similar goals and perspectives It defines the rights and responsibilities of that community’s participants in the Identity Ecosystem; specifies the policies and standards specific to the community; and defines the community-specific processes and procedures that provide assurance A Trust Framework considers the level of risk associated with the transaction types of its participants; for example, for regulated industries, it could incorporate the requirements particular to that industry. Different trust frameworks can exist within the Identity Ecosystem, and sets of participants can tailor trust frameworks to meet their particular needs. In order to be a part of the Identity Ecosystem, all trust frameworks must still meet the baseline standards established by the Identity Ecosystem Framework.
  • An Accreditation Authority assesses and validates Identity Provider (IDP), Attribute Providers, Relying Party, and identity media, ensuring that they all adhere to an agreed-upon Trust Framework. Accreditation Authorities can issue Trustmarks to the participants that they validate.
  • A Trustmark Scheme is the combination of criteria that is measured to determine service provider compliance with the Identity Ecosystem Framework.

The Identity Ecosystem Framework will not be developed overnight. It will take time for different participants to reach agreement on all of the policy and technical standards necessary to fulfill the NSTIC’s vision. Initially, an interim Identity Ecosystem Framework is likely to contain a fairly minimal set of commonly agreed upon standards and policies. The Identity Ecosystem Framework will become more robust over time as participants are able to come to agreement on different standards and policies.

The Identity Ecosystem Framework provides a baseline set of standards and policies that apply to all of the participating Trust Frameworks. This baseline is more permissive at the lowest Levels of assurance, to ensure that it does not serve as an undue barrier to entry, and more detailed at higher levels of assurance, to ensure that participants have adequate protections.

More Information#

There might be more information for this subject on one of the following: