A governance steering group charged with implementing an identity ecosystem, as envisioned in the National Strategy for Trusted Identities in Cyberspace (.pdf), should be in place by year end, according to Jeremy Grant, senior executive advisor for identity management at the National Institute of Standards and Technology.

The goal is to have the NSTIC environment fully functioning by Jan. 1, 2016, said Grant while speaking June 9 in Washington, D.C. at the first of three NIST-moderated workshops on NSTIC implementation.

Since its April 15 release by the White House, NSTIC has simply been a set of principles. But on June 9 the strategy moved from intent to action when NIST posted a Notice of Inquiry (.pdf) seeking comment on the requirements of, and possible models for, an NSTIC steering group. Comments on the NOI are due on or before July 22, 2011.

"We're hoping to generate a report by the end of the summer, dealing specifically with the governance structure and the steering group. We'd very much like to go through the mechanisms as needed on the governance side to establish the actual steering group by the end of 2011. The responses we get from the NOI will inform and guide those decisions," said Grant.

During the workshop, government, industry and consumer advocacy groups discussed what the implementation of NSTIC will actually look like in various breakout sessions.

"One of the things that's so great about NSTIC is that it says the right things," said Dazza Greenwood, co-founder of the eCitizen Foundation.

Building consensus around a governance structure, steering group initiation process and stakeholder representation will be much harder, however.

"This is not just a standard-setting project," said Tom Smedinghoff, co-chair of the federated identity management legal task force at the American Bar Association. "This is also not just a legal project."

A recurring issue mentioned by attendees is the breadth of the NSTIC document. The vague, and some charged idealistic, principles brought forward in the strategy will take a great deal of interpretation for it to gel into a durable, constructive system. "The more I look at [the NSTIC document], it makes me think there's less rather than more here," said one attendee.

Some common ideas did emerge from the workshop discussions, however. Many attendees said the standards body will need a charter; it could possibly refer back to the NSTIC document and changes in the charter would allow some form of government veto. As this will be a private-sector led effort, some attendees feared a scenario where over time the body may deviate from its initial mission. Similarly too much government involvement or constraint could inhibit the evolution and scalability of the ecosystem.

Attendees also appeared to rally around the idea of a nine- to 15-member steering group with a chair and a co chair. The group would have representation from a variety of stakeholders and the individual representing each group would be chosen by members of the stakeholder segment. A mix of committees and ad hoc groups were also considered, which would inform the steering group.

Reports on workshop discussions will be be compiled and considered along with the formal comments submitted to NIST in response to the NOI.

For more:
- see the Notice of Inquiry (.pdf)

Related Articles:
White House releases plan for an Internet 'identity ecosystem' 
White House, Commerce prepare for trusted identities in cyberspace 
Online 'personas' at heart of privacy protection in identity ecosystem, says U.K. think tank
Q&A: Lord Erroll on NSTIC and online identity management 
Rand: Multifactor authentication adoption so far mostly compulsory