DG-NSTIC mailing list
DG-NSTIC mailing list
So following today's call, Laurie and I were set some specific homework, while the rest of you had the relative luxury of giving the responses a general review:-). My homework is set out below.
A note for Dave W: Sorry you weren't on the call but we appreciate you have a standing conflict at this time slot. To help in your queries whether this was a US only initiative that has the ability to federate with other jurisdictions, or an international initiative facilitated by the US with federation one day perhaps moving beyond interoperability and towards a kind of convergence, it is the latter. Admittedly this did surprise some of us on the previous call, but Brett and Joni and others attending the workshops and on this DG are clear in their impression that that is how NSTIC sees itself, which is why you have seen that reflected in the new text. Given that, some proposals from 'moi' needed some clarification, so here goes…
Richard: My proposed text was meant for 1.2, not 1.1 as you placed it. So I have moved it from 1.1 over to 1.2 and then modified, OK? Also I found a 'Steering Committee' notation along the way, so best to do a check to ensure we are consistent in calling it a Steering Group, as NSTIC does.
1.1. Given the Guiding Principles outlined in the Strategy, what should be the structure of the Steering Group? What structures can support the technical, policy, legal, and operational aspects of the Identity Ecosystem without stifling innovation?
KI’s proposed response:
The Kantara Initiative community provides one such model that encourages innovation. The development of common standards, assessment criteria, and operational integration is a method of developing the combination of diverse policies, legal requirements into an operational structure of governance. As such our recommendation is to consider Kantara Imitative as a potential host for the SG and ancillary groups, or should that not find favor, to at least be reflective of KI’s model, for establishing the initial structure of the Steering Committee formation.
XXXXXXXXXXX NZ 002 comment/proposed text cut out from here XXXXXXXXXXXXXX
A Steering Group support structure should comprise reps from expertise areas (technical, legal, policy, privacy, security, operational) but also stakeholder representation from the ecosystem participants: public sector, private sector, end-user, and international.
The Steering Group itself should not make decisions in the above areas, unless there are conflicts or inconsistencies between the expert groups that would affect the viability of the Identity Ecosystem Framework. In addition to being ultimately responsible for the specification of the Identity Ecosystem Framework, the Steering Group should also facilitate the creation of sub-groups of experts and stakeholders, offer guidance to the sub-groups, and co-ordinate communication between the sub-groups.
1.2. Are there broad, multi-sector examples of governance structures that match the scale of the Steering Group? If so, what makes them successful or unsuccessful? What challenges do they face?
KI’s proposed response:
The Kantara Initiative Leadership Council is such a body in actual operation which is successful because it’s a ‘light hand on the tiller’. The Leadership Council is comprised of representatives from each of the Work and Discussion Groups, and the Leadership Council serves the needs of the Work and Discussion Groups with the simple guidance of ensuring that activities are within the Kantara Initiative Mission and Operating Procedures. While the activity and guidance are light-touch in nature the Leadership Council operates under the guidance of the Kantara Initiative Operating Procedures. These Operating Procedures are ‘managed’ by both the Work and Discussion Groups and the Leadership Council and may be amended through an all member vote, which is transparent and each organization, company or government agency has only one vote.
A perfectly rational modification of this model would be to recognize that Steering Group members need not necessarily also be members of an expert group, since the Steering Group’s role is primarily one of oversight and governance, and hence SG members may bring specific skills to facilitate that objective.
XXXXXXXXXXX NZ 002 comment/proposed modified text pasted in here XXXXXXXXXXXXXX
One significant challenge (though not necessarily faced at the outset) is that there are occasions when the global nature and ramifications of a decision facing the SG is such that a different set of capabilities are required to advise and in very few cases direct, the SG. These matters are typically of a geo-political/legal/commercial/governmental nature. There are existing global forums where 'issues of gravity' are discussed and a consensus generally reached. The OECD (with its Advisory Committee structures such as ITAC), and ISACA are examples of forums that could be leveraged to act as a Reference Group (a 'UN of Identity' if you will) to advise and if necessary direct to the SG in rare instances. Since most jurisdictions already contribute funding and expertise, the US Government/NSTIC Program may not necessarily need to provide additional funds, but rather 'directing' existing funds. The World Bank is similar in terms of the way wealthier nations contribute funding (which offers the potential opportunity for these nations to direct some of their funding to the ‘UN of Identity’ notion, although it is not known whether there are formal equivalents to the OECD’s Advisory Committees (e.g. ITAC).
As is generally accepted in these international fora, the Reference Group's capability and competence should be blind to anything except the best person/organization for the job, regardless of whether they are currently participating in the NSTIC initiative or not.
3.5 (last para)
As noted in the response to 1.2, leveraging a recognized international body such as the OECD or ISACA, that already receives funding from the majority of the world’s more wealthy jurisdictions, offers an alternative method for indirect funding (for the proposed Reference Group at least).
_______________________________________________ DG-NSTIC mailing list DG-N...@kantarainitiative.org http://kantarainitiative.org/mailman/listinfo/dg-nstic
> With regard to the international aspect of NSTIC, I think it would be a mistake for KI's input to the NOI to be based on a presumption that NSTIC has somehow already adopted a particular viewpoint on this issue.
Exactly. KI should say what KI believes is right. Period.
It just so happens that what KI believes is right also seems to be less than totally contradictory to what the NSTIC spokespersons seem to be thinking.