NSTIC pilots fuel discussion on identity functions
Pilot testing identity solutions that follow the guiding principles of the National Strategy for Trusted Identities in Cyberspace has revealed confusion around functional roles--a problem that was initially thought to be a mere "terminology disconnect" among stakeholders.
In today's market, identity solutions can be implemented by a variety of participants, depending on the particular product or use case, says an Aug. 6 post from the NSTIC national program office.
Discussions at the Identity Ecosystem Steering Group's fifth plenary meeting in Cambridge, Mass., in late July showed there is a great deal of confusion due to a focus on the vendors and legacy interpretations of functions, says the NPO.
"Once the focus was placed on the functions themselves, people started understanding each other," says the post.
The NPO is expanding the discussion around identity functions.
According to an Aug. 2 blog post from the NPO, some functions by participants include: users, identity providers, attribute providers, attribute verifiers, intermediaries and relying parties.
There are also some functions that can be used to support a wide range of identity system use cases. For example, identity proofing and authentication. More and more these multi-application functions are being separated into "atomic" functions that support identity systems, says the NPO.
Functional atomization, as the NPO calls it, is promoting binding mechanisms between roles, and intermediary technology layers are emerging to orchestrate transactions, adds the post.
Many other aspects of NSTIC implementation rely on the IDESG and NPO wrapping their arms around these issues of functional roles. The roles should give way to a functional model and the NPO says a clear definition of a functional model will allow an accreditation scheme to be developed based on ownership and data flow relating to credentials.
The post goes on to say that the NPO anticipates that ongoing analysis of use cases by the IDESG Standards Committee will reduce functionality down to a basis set of functional components.