Last week some members of the UK Identity Assurance team were invited to the White House to share, learn and collaborate with some of the key individuals and organisations in the US wrestling with the challenges of identity in cyberspace.
Chris Ferguson (Cabinet Office Deputy Director and UK Government lead on Identity Assurance) was invited to speak at the Colloquium on the National Strategy for Trusted Identities in Cyberspace (NSTIC) alongside luminaries from the identity world, officials and politicians such as Howard Schmidt, Special Assistant to the President and Cyber Security Coordinator, Senator Barbara Mikulski, Gene Sperling, Assistant to the President for Economic Policy and Jeremy Grant, Chris’s counterpart in the US who leads implementation of the NSTIC.
The need for strategic collaboration
The event set out the importance of the strategy to an audience representing US corporations. It focused on the economic necessity of creating an ecosystem of trust both for individual users of the internet, who are overwhelmed by usernames and passwords, and for businesses where the increasing cost of fraud is offsetting the efficiency benefits from digital channels.
The event achieved its goal: 25 or more private sector organisations were won over and committed to getting involved with NSTIC. The US strategy is voluntary and focused on the private sector – but the Senator made it clear that volunteers are needed if the voluntary approach in the US is to be successful.
Chris set out what we are doing in the UK, summarised by the phrase ‘easier done than said’. We’ve been talking about the theoretical benefits of ‘federated trust’ in the UK for a very long time. Our intention is to demonstrate the benefits over the next months through practical application in public service transactions such as the DWP’s Universal Credits.
Open Identity Exchange
To coincide with the White House Colloquium a two day workshop was arranged in Washington by the Open Identity Exchange (OIX). OIX was formed in response to the NSTIC as a means for competing private sector organisations to work together, as discussed by the OIX Chairman, Don Thibeau, on his recent visit to the UK, to develop consistent and inter-operable services and solutions. It brings together a huge amount of expertise from all over the world.
On the workshop agenda was a presentation of the structure and activities of the OIX Attribute Exchange Working Group. The presentation showed us how collaboration works in practice: intellectual property is left outside OIX. Commercial organisations have innovations that they hope will give them an advantage over their competitors, but OIX is about creating the ‘level playing field’ environment in which organisations can sell their innovative services.
There was great interest in what the UK Identity Assurance Programme is doing and an offer from OIX to help us achieve our goals – which we readily accepted. The internet doesn’t stop at national borders and nor will the identity ecosystem. Identity services and the technical and legal environments in which they work will need to align internationally over time even if there are differences from one country or business context to another. A step closer, perhaps, to an International Strategy for Trusted Identities in Cyberspace?