Friday, September 21, 2012

National Strategy for Trusted Identities in Cyberspace (NSTIC) Pilots

The National Strategy for Trusted Identities in Cyberspace (NSTIC) is a White House initiative to work collaboratively with the private sector, advocacy groups and public-sector agencies overseen by U.S. Department of Commerce’s National Institute of Standards and Technology (NIST). Five companies working to develop trusted electronic identity technologies to combat identity theft, protect online transactions and secure information sharing were given more than 9 million dollars in grants by NIST for NSTIC pilots. The pilot programs, said NTSIC, span multiple sectors, including health care, online media, retail, banking, higher education, and state and local government and will test and demonstrate new solutions, models or frameworks that don't exist in the marketplace today.

NSTIC envisions an “identity ecosystem” in which technologies, policies and standards support greater trust and security when individuals, businesses and other organizations conduct sensitive transactions online. The private-sector-led Identity Ecosystem Steering Group provides an open process for organizations to participate in development of the ecosystem. The group’s goal is to craft a framework for identity solutions that can replace passwords, allow individuals to prove online that they are who they claim to be, and enhance privacy. These pilot projects are going to bring the theoretical work into the real world developing solutions that will help in many industries, but especially healthcare. There is a lack of confidence and assurance that people and organizations are who they say they are online, and the de-facto requirement in the current online environment is for individuals to maintain dozens of different usernames and passwords.

Resilient Network Systems (Resilient) has been awarded one of the NSTIC grants as the prime contractor building a new system that guarantees trusted identities in the areas of healthcare and education. Our health information exchange organization Gorge Health Connect (GHC) is one of the subawardees on the healthcare project working with the San Diego Beacon eHealth Community. The pilot, called Patient-Centric Coordination of Care, will enable convenient multi-factor, on-demand identity proofing and authentication of patients, physicians, and staff on a national scale. This will facilitate coordination of care among a select group of primary care physicians and cardiologists. Resilient is also partnering with the American Medical Association, Aetna, the American College of Cardiology, ActiveHealth Management, Medicity, LexisNexis, NaviNet, the Kantara Initiative, Krysora, and the National eHealth Collaborative.

The project is designed to successfully deploy a working pilot system that will provide tangible benefits to patients, physicians and online service providers within twelve months. This pilot will demonstrate:

  • A collaborative identity ecosystem that interoperates across disparate identity providers and relying parties
  • Ability to create real-time Trust Graphs linking identities and relationships of doctors, staff and patients
  • Use of multiple, discrete identity providers (both public and private) to “syndicate” identities
  • Codifying and enforcement of appropriate governance policies (e.g. identity, access, use, privacy, etc.)
  • Cloud-based services that rely on the network for identity and policy, thus retaining minimal transaction data
  • Expanded system capabilities to share protected data, documents and application services across boundaries
Using four new types of Internet infrastructure – the Access Server, Trust Broker, Identity Broker and Zero-Knowledge Services – the pilots will coordinate secure interactions among existing systems to allow organizations and people, that don’t necessarily know each other or have trust relationships, to collaborate and share sensitive information and resources without having to disclose personal identifying information (PII) to other parties.


The pilots will utilize a Trust Network which will create a decentralized, pervasive identity system, with supporting directory, discovery, matching and verification of identities for people, organizations, and information. It is an open network with a technology and vendor neutral architecture, allowing disparate standards and systems, including federated systems, to be linked together and leveraged without requiring users to understand the underlying infrastructure. The Trust Network will enable new type of “identity syndicate”, which is a collective of virtually combined, independent identity and attribute databases that can be used for matching, verifying and searching identities. It works even if the participating systems do not agree on how to identify people, and even if they are unwilling to disclose the identity attributes they have to each other.

I am very happy to work with Resilient Networks, the San Diego Beacon Community, and our other partners on this project. I will post updates as we make progress, and look forward to learning a lot from what works, and what doesn't.

1 comment: