Over a week-ago I tweeted that I had experienced NSTIC whiplash yet again and wasn’t sure how to deal with it. I have been known to speak my mind and get some folks really upset for doing so – Given that I know the social media savy NSTIC NPO reads all tweets related to their program they know I said this. They also didn’t reach out to ask what I might be experiencing whiplash about.
First of all since I am big on getting some shared understanding up front – what do I mean by “whiplash” it is that feeling like your going along … you think you know the lay of the land the car is moving along and all of a sudden out of nowhere – a new thing “appears” on the path and you have to slam on the breaks and go huh! what was that? and in the process your head whips forward and back giving you “whip-lash” from the sudden stop/double-take.
I was toddling through and found this post. What does it Mean to Embrace the NSTIC Guiding Principles?
I’m like ok – what does it mean? and who decided? how?
I read through it and it turns out that in September the NPO just decided it would decide/define the meaning and then write it all out and then suggest in this odd way it so often does that “the committees” just go with their ideas.
“We believe that the respective committees should review these derived requirements for appropriate coverage of the identity ecosystem. We look forward to continued progress toward the Identity Ecosystem Framework and its associated trustmark scheme.”
Why does the NPO continue to “do the work” that the multi-stakeholder institution they set up was created to do that is to actually figure out the “meaning” of the document.
[Read more…] about NSTIC WhipLash – Making Meaning – is a community thing.
I have heard over the past few years from friends and associates in the user-centric ID / Personal Cloud/ VRM Communities or those people who care about the future of people’s identities online say to me literally – “Well its good you are paying attention to NSTIC so I don’t have to.”
I’m writing to say the time for that choice is over. There is about 1 more year left in the process until the “outputs” become government policy under the recently released White House Cyber Security Framework (See below for the specifics).
[Read more…] about I'm not your NSTIC "delegate" any more … pls get involved.
I have been working in the identity industry for over 10 years. It was not until the IDESG – NSTIC plenary that some folks said they were working on a functional model that I heard the term. I as per is normal for me pipped up and asked “what is a functional model”, people looked at me, looked back at the room and just kept going, ignoring my question. I have continued to ask it and on one has answered it.
I will state it out loud here again –
What is a Functional Model?
The Identity Ecosystem Steering Group is a multi-stakeholder organization (See this post about how join.) Technically You can participate on lists even if you are not members but it is better that you go through the process of joining to be “officially” part of the organization.
If you join the IDESG it is good to actively participate in at least one active committee because that is where organization work is done by committees – any person or organization from any stakeholder category can participate.
The committees have mailing lists – that you subscribe to (below click through where it says Join Mailing list and put in the e-mail address you want to use, share your name and also a password).
On the list the group chats together on the list and talk about the different work items they are focused on. They have conference calls as well to talk together (these range from once a week to once a month). You can also contact the chair of the committee and “officially” join but that is not required.
If you are reading this and getting involved for the first time – read through this list and pick one of the committees that sound interesting to you. They are friendly folks and should be able to help you get up to speed – ask questions and ask for help. This whole process is meant to be open and inclusive.
[Read more…] about How to Participate in NSTIC, IDESG – A step by step guide.
The National Strategy for Trusted Identities in Cyberspace calls for the development of a private sector lead effort to articulate an identity ecosystem.
To be successful it needs participation from a range of groups.
An organization was formed to support this – the Identity Ecosystem Steering Group in alignment with the Obama administration’s open government efforts.
The “joining” process is not EASY but I guess that is part of its charm. It is totally “open and free” but challenging to actually do.
PART 1 – Getting an Account on the Website!
Step 1: Go to the website: http://www.idecosystem.org
[Read more…] about How to Join NSTIC, IDESG – A step by step guide.
One of the reasons that digital identity can be such a challenging topic to address is that we all swim in the sea of identity every day. We don’t think about what is really going in the transactions….and many different aspects of a transaction can all seem do be one thing. The early Identity Gang conversations focused a lot on figuring out what some core words meant and developed first shared understanding and then shared language to talk about these concepts in the community.
I’m writing this post now for a few reasons.
There is finally a conversation about taxonomy with the IDESG – (Yes! after over a year of being in existence it is finally happening (I recommended in my NSTIC NOI Response that it be one of the first things focused on)
Secondly I have been giving a 1/2 day and 1 day seminar about identity and personal data for several years now (You can hire me!). Recently I gave this seminar in New Zealand to top enterprise and government leaders working on identity projects 3 times in one week. We covered:
- The Persona and Context in Life
- The Spectrum of Identity
- What is Trust?
- A Field Guide to Internet Trust
- What is Personal Data
- Market Models for Personal Data
- Government Initiatives Globally in eID & Personal Data
This spring I attended the Executive Education program Leadership and Public Policy in the 21st century at the Harvard Kennedy school of government with fellow Young Global Leaders (part of the World Economic Forum). A line of future inquiry that came to me by the end of that two weeks –
How do we design, create, get functioning and evolve governance systems?
The governance of governance systems = Meta-Goverancne.
At the Kennedy program all they could talk about was “individual leadership” (with good advice from good teams of course) at the top of Organizations. They all waved their hands and said “Good luck young leaders, We know its more complicated now…and the problems are bigger then just organizational size but we don’t really know how what to tell you about how to interorgainzational collaborative problem solving and innovations…so “good luck”.
It was surreal because this inter-organizational, complex space is where I spend my work life helping design and facilitate unconferneces – it is in that complex inter organizational place.
I have this clear vision about how to bring my two main career bodies of knowledge together (digital identity + digital systems & design and facilitation of unconferneces using a range of participatory methods) along with a range of other fields/disciplines that I have tracked in the last 10 years.
My response, two years ago to the NSTIC (National Strategy for Trusted Identities in Cyberspace) Program Office issued Notice of Inquiry about how to govern an Identity Ecosystem included a couple of models that could be used to help a community of companies & organizations in an ecosystem co-create a shared picture. A shared co-created picture is an important community asset to develop early on because it becomes the basis for a real conversation about critical issues that need to be addressed to have a successful governance emerge.
The Privacy Committee within NSTIC has a Proactive Privacy Sub-Committee and before I went on my trip around the world (literally) a month ago. I was on one of the calls and described Value Network Mapping and was invited to share more about the model/method and how it might be used.
Value Network Maps are a tool that can help us because both the creation of the map and its subsequent use by the companies, organizations, people and governments that are participating strengthens the network. This is important because we are dealing with a complex problem with a complex range of players. In the map below we are in the top left quadrant – we NEED strong networks to solve the problems we are tasked with solving. If we don’t have them we will end up with Chaos OR we will have a hierarchical solution imposed to drive things towards the complicated and simple but …given the inherent nature of the problem we will NOT fully solve the problem and fall off the “cliff” on the edge between simplicity and into chaos.
(In this diagram based on the cynefin framework developed by David Snowden architect of children’s birthday parties using complexity theory and the success of Apolo 13 )
So – what is a Value Network Map?
It models technical & business networks by figuring the roles in any given system and then understanding the value that flow between different roles. Value flows include payment for the delivery of goods or services (these are tangible deliverables) but also intangible deliverables such as increased level of confidence because information was shared between parties (but was not contractually obligated and no payment was made).
Drawing from Verna’s book/site that lays out how to do it. There are four steps to a value network map.
1. Define the scope and boundaries, context, and purpose.
2. Determine the roles and participants, and who needs to be involved in the mapping.
3. Identify the transactions and deliverables, defining both tangibles and intangibles.
4. Validate it is complete by sequencing the transactions.
I’ve worked on several value network mapping projects.
I worked with the Journalism that Matters to document he old and new journalism ecosystem.I have lead several community Value Network Mapping efforts.
This projects highlights how the method can be used to talk about a present/past state about how things happen “now”. How do people today or 20 years ago share verified attributes with business and government entities one does business with? If we understand the roles that exist in a paper based version/world How do those roles change in a future enable with technology and how do the value flows change and what new roles are created/needed?
A value networm map can be used to map the flow of rights and duties between different roles in an ecosystem can also be considered along with the flow of monetary and other value.
Two years ago I went with Verna Allee (the innovator of the method) to the Cloud Identity Summit to work on a map for my organization the Personal Data Ecosystem Consortium focused on the “present state” map to explain what currently happens when someone visits a website and clicks on an add to go buy something and then is asked to provide identity attributes.
We took this FCC submitted map that has the individual at the center and data flows to the businesses, government and organizations they do business with and is sold on to Data Brokers and then Data Users buy it to inform how they deal with the individual all without their awareness or consent.
We added in a wrinkle to this flow and asked what happens when an individual has to prove something (an attribute) about themselves to make a purchase.
Our hope was to do this and then work on a future state map with a Personal Cloud provider playing a key role to enable new value flow’s that empower the Individual with their data and enabling similar transactions.
This is best viewed in PDF so if you click on the link to the document it will download.
Creating this map was an interactive process involving involved two dozen industry professionals that we met with in small groups. It involved using large chart paper paper and post-it notes and lines on the map. We came into the process with some of the roles articulated, some new roles were added as we began mapping with the community.
An example to give you a sense of what it looks like when you do it in real life is this map that shows how trust frameworks & the government’s reduction of risk in the credit card system.
This was a small piece of the original map for the Personal Data Ecosystem (it did not end up getting included in the PDF version). The roles are the orange flowers and the green arrows are tangible value flows and the blue arrows are intangible value flows.
So how could the Proactive Privacy Sub-Committee use this method?
At an IIW11 one of the practitioners of value network mapping came to share the method and we broke up into smal groups to map different little parts of an identity ecosystem. We had a template like this picking four different roles and then beginning to map.
The exercise is written about here on Verna’s website.
Scott David was a community member there and really saw how it was a tool to understand what was happening in systems AND to have a conversation about the flow of rights and responsibilities flow.
The method is best done face to face in small groups. It helps if the groups are diverse representing a range of different perspectives. A starting point is a use-case a story that can be mapped – what are the roles in that story and then walking through the different transactions.
So how do we “do” it. Well a starting point is for those interested in helping lead it to identify themselves in the context of the pro-active privacy committee. We should work together to figure out how we lead the community using this process to figure out the privacy implications and see where the money flows for different proposed solutions.
We can try to do a session at the upcoming July or October plenary.
We could also organize to do some meetings at:
- conferences in the next few months were we can identify 5-10 interested IDESG members to participate in mapping an ecosystem chunk for an hour or two.
- in cities around the country where we identify 5-10 folks who want to spend an hour or two mapping an ecosystem chunk.
It would be great if we decide to do this that the Secretariat lead by Kay in her role as Executive Director of the IDESG can support us in organizing this (That is why we are paying htem 2.5 million buck s to help us do the work of organizing in a meaningful way.
I am friends with Verna Allee and can ask her for advice on this however I think the kind of help/advice we need to really use this method and do it WELL would behove us to actually use NSTIC IDESG moneys to hire Verna to engage with us in a serious way. When I wrote my NSTIC NOI I did so thinking that their would finally be monies available to pay people to do community conference building work like this. Perhaps it is not to late to do so.
I did a collection called the Bill o’ Rights o Rama.
Here is a new proposed one a Gamers Bill of Rights based on another gamers bill of rights (this one looks beautiful)
Gamers are customers who pay publishers, developers, and retailers in exchange for software.
They have the right to expect that the software they purchase will be functional and remain accessible to them in perpetuity.
They have the right to be treated like customers and not potential criminals.
They have the right to all methods of addressing grievances accessible by other consumer.
They have the right to the game they paid for, with no strings attached beyond the game and nothing missing from the game.
Gamers’ Bill of Rights
I. Gamers shall receive a full and complete game for their purchase, with no major omissions in its features or scope.
II. Gamers shall retain the ability to use any software they purchase in perpetuity unless the license specifically and explicitly determines a finite length of time for use.
III. Any efforts to prevent unauthorized distribution of software shall be noninvasive, nonpersistent, and limited to that specific software.
IV. No company may search the contents of a user’s local storage without specific, limited, explicit, and game-justified purpose.
V. No company shall limit the number of instances a customer may install and use software on any compatible hardware they own.
VI. Online and multiplayer features shall be optional except in genre-specific situtations where the game’s fundamental structure requires multiplayer functionality due to the necessary presence of an active opponent of similar abilities and limitations to the player.
VII. All software not requiring a subscription fee shall remain available to gamers who purchase it in perpetuity. If software has an online component and requires a server connection, a company shall provide server software to gamers at no additional cost if it ceases to support those servers.
VIII. All gamers have the right to a full refund if the software they purchased is unsatisfactory due to hardware requirements, connectivity requirements, feature set, or general quality.
IX. No paid downloadable content shall be required to experience a game’s story to completion of the narrative presented by the game itself.
X. No paid downloadable content shall affect multiplayer balance unless equivalent options are available to gamers who purchased only the game.
I’ve been on two super trips recently. One went from before American Thanksgiving to early December. This last one was much of February beginning with NSTIC and ending with RSA. I wrote this in pen and paper last week and typed it up today.
One way I manage to get around is to piece together what could only be considered “super trips” – 18 days.
I actually started off at home on Feb 2nd helping Van Riper run the Community Leadership Summit West. Its an unconfernece for mostly technical community leaders but also managers but was inclusive of other community based community leaders. I will have a blog post about it up on my Unconference.net site.
February 4th I headed to NSTIC’s 3rd plenary in Phoenix. I presented the results of the Holistic Picture Visualization Sub-Committee printing out the images we found online. Bob Blakley and Brett McDowell did a good job shaping the agenda and inviting plenary participants to connect with the big vision of NSTIC of 10 years out.
- All implementation actions are complete, and all required policies, processes, tools, and technologies are in place and continuing to evolve to support the Identity Ecosystem.
- A majority of relying parties are choosing to be part of the Identity Ecosystem.
- A majority of U.S. Internet users regularly engage in transactions verified through the Identity Ecosystem.
- A majority of online transactions are happening within the Identity Ecosystem.
- A sustainable market exists for Identity Ecosystem identity and attribute service providers.
While at the same time reminding on the way to getting a man on the Moon we got a Monkey into the Ionosphere – so what is our monkey in an Ionosphere – at the plenary groups were invited to articulate this:
- Relying parties from multiple sectors are demonstrating identity and strong authentication credential interoperability
- Is easier to use than the broken user account and password methods
- Licensed professionals now have a common way to express credentials and ongoing certification. No longer do licensed professionals need to scan, fax or otherwise send paper copies proving their qualifications every time another client seeks to retain their services.
- allows citizens to securely establish a multi-purpose single identity that will significantly reduce, and eventually eliminate, the need to create and maintain multiple passwords and PINs.
- Secure web accounts for use in circles of on line providers by 10 banks, 15 insurance companies and 25 hospitals.
One of the challenges with the whole NSTIC thing is that it has a bunch of different parts. I wrote up this description as part of our What could Kill NSTIC paper.
NSTIC National Program Office. The NSITIC NPO operates within the Department of Commerce’s National Institute of Standards. It is lead by Jeremy Grant. The office has several full time staff and they are responsible for the transition of NSTIC from a US government initiative to an independent, public- private organization. They’re smart, talented, and they care.
Identity Ecosystem Steering Group (IDESG). The NPO invited many people, NGOs, government bodies, and companies to participate in building an identity ecosystem in the Identity Ecosystem Steering Group. All the people and organizations who sign up to be a part of this are together called “The Plenary.” The NSTIC NPO wrote IDESG’s charter and its first bylaws.
IDESG Management Council. The IDESG management council is elected by the members of the plenary who self-selected into stakeholder categories. Each stakeholder category elects a delegate to the Management Council. The entire plenary also elects two at-large positions and two leadership positions. The management council can create sub-committees to get its work done. I’m chaired one that collected holistic ecosystem pictures, for example.
Committees within the IDESG Plenary. These committees do the actual work of making the identity ecosystem’s vision a reality. New committees can be proposed by any member. Committee membership is open to all plenary members. The work and activity of the committees is shared openly. A few of the active committees are working on standards, privacy, trust frameworks, accreditation, and nymrights.
The Secretariat. The NSTIC NPO awarded a $2.5 million dollar contract to provide support services to the Identity Ecosystem Steering Group. Trusted Federal Systems won the contract to act as the IESG’s “Secretariat.” They coordinate meetings, manage listservs, and the like.
NSTIC Pilot Projects. In early 2011, the National Program Office put forward $10 million in funding for five pilot projects that worked to solve some of NSTIC’s challenges. Grants were awarded in September 2012 and run for one year. The pilot projects were set up before the IDESG existed and the IDESG had no input into the selection of the the winning pilots. 187 different initial pilot projects applied for grants, 27 were selected to submit full proposals, and five were selected. Applications for a second round of pilots are coming in Q1 2013.
Here is how I put forward the idea to a friend…
Me: Hey, so you know about Passover?
A: Yes, there is a meal… and its a jewish holiday
Me: Yes, its a religious service over a meal to retell the story of the jews escaping from Slavery in egypt 1000’s of years ago.
It is a celebration of Freedom.
We are uptdating it for the contemporary struggle to free our data.
We want to raise consciousness about current data practices through a modern version of the Seder Meal
Join us on our mailing list (and soon on the wiki)
I am also going to be seeking input from leaders of multiple faiths about what their tradition has to say about identity and data rights in the digital age. Feel free to contact me if you know a faith leader we might approach for such a statement.
There will be a physical seder in Oakland – but we are hoping the service we develop can happen all over.
My colleague at the Personal Data Ecosystem Consortium, Phil Wolff, hosted sessions at the last two IIW‘s that invited community consideration of the risks to NSTIC. He has put together a paper that outlines the results of these two sessions that were titled “Death to NSTIC” the white paper is “What Could Kill NSTIC: A Friendly Threat Assessment”. He has a video about it and you can download it from our website.
It also has a Bonus Section I wrote that:
- Explains some of the background of NSTIC
- Articulates the 6 main parts of NSTIC and what they do
- Explains the relevance of NSTIC to the companies in the Personal Data Ecosystem Consortium.
I’m planning on running for Mayor * again (a position on the NSTIC Steering Group Management Council) – this time for a different “municipality” (delegate representative).
Currently I am the Consumer Advocate delegate – I’m going to shift my membership and join the IDESG with my hat as Executive Director of PDEC and run for the Small Business and Entrepreneur delegated on the Management Council.
If you want to be a part of the IDESG and VOTE in this round of elections you MUST register by February 14th. [Read more…] about I'm running for Mayor* again!
ReadWriteWeb’s social Blog has an articule up referencing a conversation the author had with Mark Cuban about Facebook’s business model and integrity challenges.
Apparently Facebook is now going to charge brands a huge amount to reach the base of fans they have accumulated on facebook.
I’ve heard anecdotally about a huge brand that was complaining recently because it has spent four years building a following of millions of people, promoting its Facebook presence (and, by implication, Facebook itself) on expensive television ads – and now Facebook has flipped a switch and, overnight, their reach dropped by 40%.
So now they’re done. They’ve been burned, and, like Cuban, they’re looking elsewhere.
A few weeks back I as in a tweeted to a woman complaining how Facebook was shaping which of her friend’s updates she saw and even asking her to pay money to have her updates go to more of her friends. I said that when we had a federated social web she wouldn’t have this problem we would choose which of our friends we would follow and get updates from.
I attended my 3rd out of three federated social web summits
last week eek it feels like last week it was 2 weeks ago just after IIW 15. Evan Prodromo pulled together an amazing group of folks working on key aspects of the challenge.
Phil Wolff and I presented about the emerging Personal Cloud offerings coming out of our community of companies (the Personal Data Ecosystem Startup Circle)
Tantek shared POSSE – Publish On your Own Site Syndicate Everywhere.
Even gave an update on where OStatus the stack of protocols that gives you twitter and facebook like functionality across services.
We learned about many other projects. too (you can see them on the wiki here).
I’m glad that folks like Mark Cuban are waking up to the fact there is an issue with Facebook and they should be looking elsewere. Facebook is to social what AOL and Compuserve were to e-mail. It will be disrupted by the Open Standards based infrastructure must of it based on Open Source code. People will have their own personal node on the network – a personal cloud where they will connect to others and to organizations they want to share with, connect with and do business with.
It would be great to see some big investments in core open infrastructure that can then be leveraged to make money afterwards. This is what Doc Searls is always saying you make money because of it not with it. We need the web to continue extending to being the type that Nobody Owns, Everyone can Use it and Anyone improve it. Open Standards are the key to this. I argue they are more important then open source code alone (look at diaspora open source but rolled its own way of doing things…and didn’t interoperate with other projects/efforts doing similar things)
If you were to ask me what would get us to the future fastest though it is open source implementations of those open standards are invaluable and what “investors” like Mark Cuban and others who are now seeing the danger of one company “owning” the social profiles and identities of a billion people should consider funding now with no strings attached.
I was asked by an investor group that I gave a day long briefing to about the the emerging Personal Data Ecosystem. I said I would give Evan Prodromo 12 million dollars no strings attached (as in you are not seeking a return on the money with more money) the deliverable for that money would be a working federated social web in 1 year. On that web one can build a huge variety of businesses and services in new ways not possible on today’s web (or at least not possible without creepy stalking and trackers and paying middle men like facebook to talk to your “fans”). That web itself…shouldn’t be “owned” it needs to be created though.
I gave this talk for EduServe in Birmingham, UK, on November 6th, 2012.
Second Challenge: How are we meaningfully and regularly checking in with those outside the community of self selected stakeholders – to regular citizens who have to use the currently broken systems we have today and hopefully will be enthused and inspired to adopt the outcomes of this whole effort?
The openness of NSTIC overall was inspired by the Open Government memo (http://www.whitehouse.gov/the_press_office/TransparencyandOpenGovernment) signed first day in office. It inspired a lot of my colleagues in the dialogue and deliberation community. (Yes, I have another life/carreer doing facilitation see http://www.unconference.net)
They went to work figuring out how to be sure that coherent resources and tools were available to those who were now mandated to “do” open government and have more public participation would have really good resources available. Tom Atlee the person I co-wrote the Governance section of my NOI was one of the leaders of this working with the NCDD (the National Coalition for Dialogue and Deliberation) to define 7 core principles of public engagement.
Blog post that outlines them: (http://ncdd.org/rc/item/3643)
[Read more…] about IDESG: Governance beyond "us" Challenge 2 for NSTIC
I am posting to this blog the two posts I made to the NSTIC IDESG governance list on Tuesday. Here is the first one on Governing “us” (that is the word “us” not U.S.)
I only got on the [governance] list over the weekend despite raising my hand to be a part at some point in the Chicago meetings.
I am working to track all that is being discussed and I also want to breath and step back a bit. I want to share two bigger challenges and perspectives.
First Challenge how are we we connecting/structuring and governing the interested stakeholders who ARE showing up to engage. How are we as Bob just asked creating ways, systems, processes and tools forward to create alignment and agreement?
Second Challenge How are we meaningfully and regularly checking in with those outside the community of self selected stakeholders – to regular citizens who have to use the currently broken systems we have today and hopefully will be enthused and inspired to adopt the outcomes of this whole effort?
They are two quite different but related challenges. This e-mail will deal with challenge 1. The next one with Challenge 2.
[Read more…] about IDESG Governing "us": Challenge 1 for NSTIC
In my governance NOI response I proposed several different methods be used to solicit input from a wide variety of stakeholders and bring forward from those processes clear paths for making a real strategy that take input from a wide range of stakeholders.
When the first governance drafts came out of the NPO, they articulated that the steering committee would operate via consensus BUT then it also articulated a whole set of voting rules for NOT abiding by consensus.
When I asked about their choice of using the term consensus to define a particular methodology – they came back and said well we didn’t actually mean to suggest the use of a particular proces.
But consensus IS a process method I said…and they said we didn’t mean to proscribe a method. So we were sort of in a loop.
Now that we are in this stage that is considering governance and systems for the community of self identified stakeholders (and people beyond this group who will be the users of the outputs). What I don’t know is if people really know what real consensus process is or if we have anyone who is experienced in leading actual consensus processes? It keeps feeling to me like we are using Roberts Rules of Order and then getting everyone to agree – thus having “consensus”. That isn’t consensus process.
Tree Bressen who was the leader of the Group Pattern Language project (I participated along with many others in its development) has an amazing collection of resources about conensus process including a flow chart of consensus process and Top 10 mistakes to avoid them.
Are we using consensus process?
One of the big issues of our democracy today (in the liberal west broadly) is that we have this tendency to believe that “voting” is the thing that makes it democratic. Voting is a particular method and one that by its nature sets up an adversarial dynamic. There are other methods and ways of achieving democracy and we can go well beyond the results of our current systems by using them. Tom has done a lot of research into them over the years at the Co-Intelligence Institute and has published two books The Tao of Democracy and Empowering Public Wisdom.
I am glad methods outside what has been the normative frame of “Roberts Rules of Order” as Democracy are being considered…however we need to be clear on what processe we are using.