The Trouble with Trust, & the case for Accountability Frameworks for NSTIC

There are many definitions of trust, and all people have their own internal perspective on what THEY trust.

As I outline in this next section, there is a lot of meaning packed into the word “trust” and it varies on context and scale. Given that the word trust is found 97 times in the NSTIC document and that the NSTIC governing body is going to be in charge of administering “trust marks” to “trust frameworks” it is important to review its meaning.

I can get behind this statement: There is an emergent property called trust, and if NSTIC is successful, trust on the web would go up, worldwide.

However, the way the word “trust” is used within the NSTIC document, it often includes far to broad a swath of meaning.

When spoken of in every day conversation trust is most often social trust.

[Read more...]

Alignment of Stakeholders around the many NSTIC Goals


The Many Goals for the Identity Ecosystem & NSTIC Governance

The NSTIC governance NOI articulates many key activities, qualities and goals for a governance system for NSTIC. NSTIC must:

  • convene a wide variety of stakeholders to facilitate consensus
  • administer the process for policy and standards
  • development for the Identity Ecosystem Framework in accordance with the Strategy’s Guiding Principles
  • maintain the rules of participating in the Identity Ecosystem
  • be private sector-led
  • be persistent and sustainable
  • foster the evolution of the Identity Ecosystem to match the evolution of cyberspace itself.

Achieving these goals will require high-performance collaboration amongst the steering group and all self-identified stakeholder groups. It will also require earning the legitimacy from the public at large and using methods that surface their experience of the Identity Ecosystem Framework as it evolves.

[Read more...]

Ecosystems Collaborate using Shared Language – NSTIC

Collaboration is a huge theme in NSTIC. Below is the initial approach to collaboration in the  document:

The National Strategy for Trusted Identities in Cyberspace charts a course for the public and private sectors to collaborate to raise the level of trust associated with the identities of individuals, organizations, networks, services, and devices involved in online transactions.

Collaboration, as defined by Eugene Kim, a collaboration expert and the first Chief Steward of Identity Commons, occurs when groups of two or more people interact and exchange knowledge in pursuit of a shared, collective, bounded goal

To achieve the challenging goals set out in NSTIC, such as raising trust levels around identities, high performance collaboration is required. Both shared language and shared understanding are prerequisites for high-performance collaboration.

This is a powerful excerpt from Eugene Kim’s blog about two experiences from technical community participants (including Drummond Reed from the user-centric identity community) that paints a clear picture of the importance of time for, and the proactive cultivation of, shared language:

[Read more...]

Ecosystem as the frame for NSTIC

What is an Ecosystem?

The National Strategy for Trusted Identities in Cyberspace paints a broad vision for an Identity Ecosystem. The strategy author’s choice to name the big picture vision an “ecosystem” is an opportunity not to be lost. An Identity Ecosystem construct will inform the choice of processes and structures appropriate to govern it.

An ecosystem is a biological environment consisting of all the organisms living in a particular area, as well as all the nonliving, physical components of the environment with which the organisms interact, such as air, soil, water and sunlight.

This definition reminds us that the context of an Identity Ecosystem is broad and goes beyond just the identities of people and devices but extends to the contexts in which they operate and interact, the network and indeed the wider world. When we discuss a person’s digital identity it should not be forgotten that we are each fundamentally biological beings living in complex social systems composed of groups, organizations and businesses, all socially constructed and embedded in a larger context, the biosphere surrounding the planet earth.

An overall Identity Ecosystem is needed because small islands of identity management online are working, but they have not been successfully woven together in a system that manages the tensions inherent in doing so to ensure long term thrivability of the overall system. [Read more...]

NSTIC Response by Identity Woman

Context for my response to the NSTIC Governance NOI

Table of Contents to Blog Posts of My Response

My Complete Response in PDF form Kaliya-NSTIC-NOI

Introductory Letter of the Response.

Context for my NSTIC NOI response

I surprised myself when writing my response to the NSTIC (National Strategy for Trusted Identities in Cyberspace)  Governance NOI (Notice of Inquiry).  I wasn’t sure exactly what I was going to say because the questions seemed like they were way ahead of where they should be interms of where things were.  I decided to begin by sharing important Context, Frames and Terms that were important before getting to the Questions of Governance and what should be done now.

I began with the word Ecosystem – what it meant and that a system was at the heart of this strategy not something simple or easily actionable.

I touched on the history of the Identity Community and how much conversation and intensive dialogue happened amongst that early community to get to a place where collaboration was natural and “easy”. A huge amount of effort went into developing shared language and understanding then and this is needed once again.  The range of self identified stakeholders for NSTIC is quite large (the range of not self identified stakeholders it could be said is everyone on the planet or at least all those with a digital connection (via phone or interent).

I put forward two different methods/tools/processes that could be used to form shared language and understanding across this stakeholder community Polarity Management and Value Network Mapping.

I suggest that the governance structure proposed a “steering group” actually have a mandate to regularly listen to and act on the recommendations of the system that are generated via 3 different well established dialogic processes (Creative Insight Council, World Cafe and Open Space Technology [What we use at IIW]. I then answer the NOI questions referencing the ideas above.

I am going to be posting the whole of my Response in a series of posts and linking them all from there.

I began with one earlier last week which is focused on “trust” both as an emergent property of the overall system AND as the current name of technology and policy/legal frameworks for identity creation.

Links to NSTIC Response Posts: (posts are in the process of being published should be up by Wednesday Sept 14th)

Here is the my opening to my response:

Dear Patrick Gallagher and Jeremy Grant,

The challenge of fostering the emergence and governance of an Identity Ecosystem is vast. I do think it is possible for a thriving ecosystem to emerge with the application of the best of available organizational, deliberative and governance processes and structures.

The high level vision outlined in the NSTIC has buy-in from a broad group of stakeholders. Making it real will involve government participation with the private commercial sector and civil society groups (neighborhood associations, schools, religious institutions, sports leagues, advocacy groups). The government also can’t abdicate responsibility and just collaborate with the private sector because its job is to be an advocate for the people and ensure that the guiding principles are not left behind because they are inconvenient or perceived to cost too much. The private sector is not just the largest IT companies, and government must remember to foster some space for new innovations to emerge. Government must, in this startup phase, develop with the broadest possible range of stakeholders, agree upon metrics (both qualitative and quantitative) for ecosystem health, balance and success, and have in place systems to monitor and feed back to the system the results from the agreed-upon indicators.

The danger of creating an unbalanced (in a range of ways) ecosystem is also present. On the one hand, because it could become very easy for virtually any company online to request highly validated identities and require the presentation of identifiers associated with “real legal name” credentials for almost all transactions and comments. This is an inhibitor of civil freedoms and creates a participatory panopticon

situation. On the other hand, a diverse range of accountability networks may not gain adoption because they are not well understood and therefore transactions online decline or people retreat into private commercially-controlled silos.

I open my response by diving into some of the terms and frames that are in NSTIC and used to talk about identity generally, along with examples from my community context. Within the history of the user-centric identity community are some key insights into how to best proceed with developing common stakeholder alignment towards collaborative action to make the vision presented in NSTIC a reality.

You will notice I take the liberty to craft questions that I wish were in the NOI. I added them because it is systems seeing and insight that will be key to effectively “steering”, or to use a more appropriate metaphor, catalyzing industry to move towards making the NSTIC vision of interoperable accountability frameworks and interoperable technologies for identities.

In the last 6 years I have worked with many talented systems thinkers, process innovators,  facilitators, and I have invited four of them to contribute in this response with me listed above as co-authors of particular sections.

My overall goal in this response is to outline several processes and structures that:

  • cultivate shared language and understanding,
  • collaboratively develop maps of common understanding of issues, ecosystem roles and value flows,
  • facilitate efficient information sharing,
  • provide efficient systems synthesis,
  • provide unique analytical tools,
  • allow the system to find pulse points to measure success and warn of imbalances,
  • have the potential to foster broad legitimacy with disinterested citizens (who after all are the ones with the identities, identifiers and claims) and
  • most importantly, foster collaboration and shared action by the wide pool of interested stakeholders working on making an Identity Ecosystem real.

I describe how they can be applied to the development of, leadership of, and ongoing accountability to all stakeholders of a “steering group”.

Because of the length and depth of my response, I have added a Table of Contents beginning on the next page.

Please let me know if you have any questions about this document.  I would be happy to answer them. I look forward to continued participation in this process.


-Kaliya, Identity Woman