ID Ecosystem Steering Group
With security breaches impacting both public- and private-sector organizations, individuals are demanding more trustworthy identity solutions. Individuals will benefit from the Identity Ecosystem Framework (IDEF), because it raises the bar for privacy-enhancing, secure online identity credentials that provide a more convenient user experience.
Individuals are justifiably overwhelmed with the number of usernames and passwords they must remember in order to use online services. In fact, many consumers use the same password for multiple websites – which makes them significantly more insecure. A bad actor need only break into one database to get the key that unlocks access to the individual’s medical, financial, social media or other compromising information. Other security methods rely on the consumer using personal information, such their first school or mother’s maiden name to authenticate themselves, to be checked against third-party databases. Unfortunately, much of this ‘secret’ information isn’t so secret, as it can be gleaned from social media sites – creating even more security risks. The IDEF enables consumers to get access to online services faster, with fewer passwords to manage and less personal information collected and transmitted.
Consider all of the information that individuals must disclose when making online purchases. IDEF digital credentials reduce the amount of personal information that individuals must disclose when conducting online transactions. By limiting the amount of information individuals disclose – which then must be safeguarded – organizations limit the harm that can be done to any consumer in the event of a data breach, as well as the risk to their own organization.
One of the most effective ways to promote information security is through multi-factor authentication practices. In order to prevent unauthorized transactions, the IDEF lays out the policies and best practices by which businesses, non-profit organizations and government agencies can verify that their consumers are who they claim to be, helping to protect individuals’ identities online as well as reducing their own risk profile.
FOR TRUST FRAMEWORK
Many individuals are suspect of conducting online transactions because they believe their data won’t be secure or private. That’s where Trust Frameworks come in. Trust Frameworks aligning and attesting to the IDEF can establish how their distinct service components will interact in the Identity Ecosystem. Our goal is that there will be multiple Trust Frameworks operating within the Identity Ecosystem as it evolves.
One of our objectives is to guide the development of Trust Frameworks in alignment with the NSTIC Guiding Principles. Trust Frameworks used by the Kantara IDEF Working Group’s member organizations (a.k.a. relying parties) must meet the IDEF’s baseline requirements and policies, using a wide array of approved standards. We can help Trust Framework Providers to understand how to incorporate the Guiding Principles into their Trust Frameworks.