From Aspirations to Advancing NSTIC


Debra DienerWhen I was first invited to join the Open Identity Exchange (OIX) Advisory Board, it was a welcome surprise to see several names on the board who I’ve come to know and respect from our Federal Identity, Credential and Access Management Roadmap and Implementation Guidance (FICAM) discussions. FICAM is multi-faceted and required collaboration and consultation with private sector organizations on several foundational aspects. During these and other interactions, we addressed complex issues and asked critically important questions such as:

How do we ensure appropriate privacy requirements are incorporated into the selection process for the first government approved Trust Framework Providers?

As you would imagine, these discussions were often vigorous and rigorous, but always professional and respectful. It was through these talks that I recognized how much we shared and respected the mutual goal of making the FICAM and related processes effective and privacy-enhancing.

One of the considerations that drove my decision to come on board was that fact that I knew I would be working with a quality team of individuals for whom I had the highest professional regard. I also found the OIX’s mission, and that of the Advisory Board, to be one with which I was very comfortable. In addition to bringing over 30 years of government experience to the Advisory Board’s efforts, I liked the fact that the board is an independent body providing policy guidance to the OIX Board of Directors. That independence is underscored by the fact that Advisory Board members are unpaid and non-voting, all of which emphasizes its independent nature.

During my last 3 1/2 years of my government service, I worked on a number of government-wide privacy and identity management issues. I enjoyed successful collaborations with private sector representatives, and know through first-hand experience that private-public sector collaborations can be highly successful — but that success often rests on whether there are people who fully appreciate the expertise provided by people from other perspectives.

The Advisory Board’s independent standing was also a very persuasive factor in my decision to join. It’s also what I believe will drive our efforts even more effectively. Along with that, the unique governmental expertise I bring to the table can add value to OIX’s efforts to serve as a central “think tank” for the wider identity management community.

Why an Objective View is So Important

As you may already know, the OIX Advisory Board will soon be preparing recommendations on the NIST NSTIC governance to send to the OIX Board of Directors. The issues are highly complex and have already generated a great deal of discussion, of which, it’s fair to say, some have been rather heated. Given the strongly held views already being aired, it will be critically important that the recommendations eventually sent forward by the OIX Board of Directors are seen as objective and not reflecting any particular agenda from either a single person or group of people. If they are seen as just advancing a particular viewpoint or agenda, they will not be well received and, therefore, not helpful to the process.

The Advisory Board will be providing the OIX Board of Directors with a short memo of practical and implementable recommendations. The value we will add is producing a concise document that summarizes some of the overarching concerns we’ve heard about the Secretariat’s role and responsibilities with recommendations about how those responsibilities can be carried out. This will be a “blueprint” document with priority action items and suggested implementation ideas for the organization selected as the Secretariat.

The Board of Directors may reject it or ask that it be revised, in which case we will do so. The final product they adopt can then be shared with the NSTIC Project Management Office (PMO). The Board of Directors memo will be used in discussions with the NSTIC PMO as the latter thinks about, and reviews, the various Secretariat submissions. The NSTIC PMO can feel comfortable having those discussions about the OIX memo since the very process of its development — highly collaborative and consensus driven — means that it is not promoting a single agenda. The NSTIC PMO can then use the memo as a benchmark as it considers the various governance proposals.

I look forward to being part of this very important process that, I believe, the OIX Advisory Board can play in taking the OIX’s objective aspirations to help advance the NSTIC’s efforts.

Debra N. Diener, CIPP/G, J.D., Privacy, Identity Management and Information Protection