US to foster a climate of trust on the Internet

US to Foster a Climate of Trust online

In April 2011, President Obama signalled a courageous policy initiative when he signed the "National Strategy for Trusted Identities in Cyberspace" (NSTIC). Whilst recognising the need for federal government action, the Strategy is largely to be a private-sector driven initiative.

NSTIC (pronounced "in-stick") will be a multi-year program, managed out of the Department of Commerce, with NIST acting as program officer and ultimately under the watchful eye of Cybersecurity Coordinator, Howard A Schmidt, in the President's Executive Office.

What is NSTIC?

Under the banner "Making Online Transactions Safer, Faster and More Private", NSTIC as a federal government program will have its work cut out.

The drivers are clear - increase in identity theft, worries about managing multiple passwords and identities online, increased technology complexity - but the roadmap will be difficult.

NIST intends to provide a gentle hand on the management tiller to steer the program in the general direction outlined in the strategy document.

Many technology firms feel they have something to offer, if not an entire infrastructure. However, the main challenge will be in putting together a stable and sustainable model of governance that will have the authority and trust to carry the program through its three year plan of work.

Aside from the workshop on governance, NIST have also held a workshop on privacy and a further discussion on the role of standards will be held during the next Internet Identity Workshop in Silicon Valley in October 2011.

Together with colleagues in OASIS and arnage of other standards organizations, I have proposed further ideas for discussion - in my case particularly focusing on how existing ISO, IEEE and OASIS standards - not just in the identity space but also the Reference Model for Service Oriented Architecture - could play a valuable role in the program's overall governance.

Why am I involved?

I took part in the first workshop of the program concerned, appropriately enough, with how to get the program up and running and in particular, how to go about establishing a governance infrastructure that would represent the vasy array of stakeholders involved as well as provide quality management oversight of the program.

You remember Donkey in the film Shrek? "Pick me, pick me, ooooh, pick meeee..."

That's how a large part of the workshop felt - a considerable number of solution vendors, piling on the pressure and charm, to be picked to implement their solution - but to a problem that had as yet to be clearly defined or scoped.

I decided to get involved because of my experience in issues of governance. Not just my practical, hands-on experience in chairing the OASIS Board of Directors or in managing major programs in the past - but also to bring to the table some tools and methods to help establish the governance structures in the first place, natobaly using the work we have done in "Transformational Government".

In response to a general invitation, I submitted my comments to NIST about the initiative's governance models.

Peter F Brown

Transforming Our Relationships With Information Technologies