digital identity Archives - Noreen Y. Whysel

September 2, 2022November 7, 2022

Resilient Identifiers for Underserved Populations WG Charter Approved

I’m pleased to announce that the Charter for the Resilient Identifiers for Underserved Populations work group (RIUP WG) was approved by the Kantara Initiative Leadership Council earlier this week. This work group combines the legacy work groups (WGs) from the Identity Ecosystem Steering Group, which was formed in 2011 to provide a trust registry under the White House’s National Strategy for Trusted Identity in Cyberspace and absorbed by Kantara in 2018. I was a member of the UX Committee and wrote the User Experience Guidelines and Metrics document for the ID Ecosystem Framework Registry.

For the RIUP WG, two groups, Federated Identifiers for a Resilient Ecosystem (FIRE WG) and Healthcare ID Assurance (HIAWG) were combined to address identity assurance concerns for underserved people, who are often referred to as “vulnerable populations” by healthcare sector.

1) WG NAME (and any acronym or abbreviation of the name): Resilient Identifiers for Underserved Populations Work Group (RIUP WG)

(2) PURPOSE: The purpose of the Work Group is to support vulnerable and underserved populations in America. At a high level, these populations include those with physical and cognitive disabilities, or who are homeless, impoverished, senior citizens, immigrants, incarcerated, institutionalized and otherwise underserved minority groups that need digital credentials to access online resources; particularly, online healthcare and financial resources. Without an easily reusable identifier, it is nearly impossible for these individuals to gain secure access to the resources and services that may be available to them.

We will work, in collaboration with other private sector and public agencies towards establishing identifiers and access management (IAM) solutions that respect privacy, promote efficiency, limit redundancy, reduce barriers to use/adoption, increase interoperability, improve security, enhance safety and trust, eliminate identification errors, support resiliency, and achieve greater empowerment across the entire spectrum of online transactions. The RIUP WG will identify, coordinate, innovate and harmonize with ongoing and emerging identity initiatives, standards, and technologies, and communicate our findings to all relevant stakeholders, both in the US and, selectively, with other countries, under the leadership of the Kantara Initiative.

(3) A SCOPE – Guidelines for Cultivating a User-Centric Trust and Promoting Adoption within Underserved Communities

About “Underserved Populations”

Why does the RIUP WG use “underserved” rather than “vulnerable” when discussing the needs of healthcare populations? The US Health and Human Services tends to use “vulnerable” or “vulnerable and/or underserved” when discussing needs of people who require healthcare services but do not reflect the typical healthcare technology user.

In human subject testing, the category generally includes the elderly, poor, pregnant women, children, and infants, and recently, incarcerated people have been included in this description. But for the purposes of access to healthcare services, it also includes rural populations, those with permanent and temporary disabilities, indigenous peoples and others who may object to being described as vulnerable, yet need services that may be difficult to find, therefore rendering them “underserved.”

I had a conversation with Dana Chisnell, a founding member of the US Digital Service now serving as Deputy Design Director at US DHS, who convinced me to use “underserved” as a descriptor for identifiers. While there will still be “vulnerable populations” requiring special services, “underserved” puts the onus of care on the service provider rather than the traits of an individual which may or may not reflect their needs, abilities or level of personal agency. This work follows my research interest at the Internet Safety Lab where we are changing the conversation around digital harms, where the outcome of a service or lack of service can be harmful.

What’s Next?

RIUP WG will begin by creating guidelines for cultivating a user-centric trust registry and promoting adoption within Underserved Communities. We will publish a Use Case for Trusted Identifiers for underserved populations. And with a universal design strategy we will emphasize, highlight and prioritize user scenarios/stories from vulnerable and underserved populations to improve services for all users. We will test the use case and user stories across different verticals and persons of varying backgrounds and cultures. And we will create a dictionary that is harmonized with industry terminology.

There are a lot of initiatives that we will be watching. NIST is drafting 800-63-4 Digital Identity Guidelines, so we will work on comments on how to incorporate the needs of underserved people. The HSS Office of the National Coordinator (ONC) referenced trust registries in its work on Social Determinants of Health for Medicaid and we are participating in its information forums. We also plan to update the MAAS draft to incorporate recommendations from these efforts.

Lots to do and a great time to get involved.

Great teamwork!

April 15, 2022January 13, 2023

Disruptive Technologists: Vint Cerf, the Metaverse and Me

Watch me and Internet pioneer Vint Cerf discuss the future of the Metaverse at Disruptive Technologists NYC.

May 22, 2017June 29, 2022

IDEF Registry

Client: OASIS/Identity Ecosystem Steering Group
Visit Website

My Role

I led user testing for the Identity Ecosystem Framework (IDEF) Registry as part of the National Strategy for Trusted Identity in Cyberspace (NSTIC), a White House initiative. The IDEF Registry, a digital identity standard assessment tool, launched its alpha version on June 6, 2016. Because development of the alpha version of the attestation form was ongoing, I was brought into an agile process with the goal to iterate improvements after the public launch. I worked directly with a contracted project manager, third party marketing and design companies, the Chair of the IDESG User Experience Committee and members of the IDEF Registry working group.

User Research

The goal of the user study was two-fold: first, to ensure that the assessment form was understandable to those users who wish to list their products and that it included sufficient and expected information needed to complete the form accurately, and second, to ensure that the registry listing itself was usable and understandable to users who are seeking identity solutions.

Test participants for the first goal included IDESG members and observers who provide identity services, including certification, authentication, authorization, registration and transaction intermediation, or who rely on identity services in their own internal systems and commercial products. We selected expert users because we expect that those who will be completing the attestation form have a high level of understanding of the privacy, security, interoperability and usability of their own products.

Tests included needs assessment interviews of 12 prospective users, followed by additional user tests of seven users. For the needs assessment, I interviewed 12 prospective study participants about their needs for identity standards assessment and how the current IDEF Registry assessment tool compares to similar industry and government standards. I wanted to understand if the IDEF tool addressed all of their concerns about privacy, security, interoperability and usability and to get a sense of whether the planned registry served their needs. General findings were presented in a Google slide presentation showing typical responses to eleven study questions, suggested improvements and the impact on the user expereince. These were discussed over two, 2- hour meetings of the IDEF Registry Working Group.

Usability Tests

After delivering my findings to the development team, I began to design usability tests. I employed an observational walkthrough of proposed and completed designs, an expert heuristics review, user surveys and follow-up interviews with seven registry users. I utilized card sorts, preference tests, cognitive walkthrough of wireframes and a live website, as well as observations and survey feedback of seven alpha site users as they completed the attestation form on the alpha website to develop recommendations for improvements.

I engaged four members of the User Experience Committee, all usability experts, to participate in a heuristic analysis using Neilsen-Norman Group’s 10 usability heuristics and Abby Covert’s IA Heuristics. These expert users primarily evaluated the assessment form, but also provided input on the usability of the registry listings themselves, as a proxy for typical registry listing users. Due to the early stage of development, the client did not wish to

Results

The results showed that while the IDEF was rigorous, the implementation of the assessment and registry listings needed improvement, particularly to address situations where more than one person or company department might need to be involved. There were a number of issues with the interface including layout and data visualizations that could use improvement. Since Usability was a major component of the assessment, I also developed a set of user experience guidelines and metrics for service providers to use in evaluating usability requirements of the attestation. These will be incorporated into the Usability section of the assessment guidance documents.

UPDATE (5/22/2017): As of late Spring 2017, nine companies have completed assessments. The website remains in alpha with my recommendations set for implementation when the next round of grant funding is approved. Should I be reengaged, the next studies will include user tests of participants seeking identity services.

UPDATE (6/15/2019): The Registry is currently 65% complete and has transferred to the Kantara Initiative’s Education Foundation as of December 2018. I am continuing to serve on an agile advisory team and am working on use cases for health care. I presented the registry and participated in roundtable discussions at the 2019 Health Information Summit in Washington, DC on June 4, 2019.

Note: I signed a Non-Disclosure Agreement and am unable to share any images aside from those made public at idecosystem.org and idefregistry.org. Detailed information about the project, the assessment and the User Experience Committee is available on the public IDESG Wiki. Some of the documents including a draft rewrite of the Usability Guidelines and Metrics have been made public at: https://wiki.idesg.org/wiki/index.php?title=Talk%3AUser_Experience_Guidelines_Metrics

Announcement:
The IDEF Registry: an open invite to commit to trusted digital identity solutions

Resources:
Identity Ecosystem Steering Group (IDESG)
IDEF Registry
Identity Ecosystem Framework – Baseline Functional Requirements

Announcement:
The IDEF Registry: an open invite to commit to trusted digital identity solutions

Resources:
Identity Ecosystem Steering Group (IDESG)
IDEF Registry
Identity Ecosystem Framework – Baseline Functional Requirements

June 6, 2016June 29, 2022

New IDESG Service Empowers Organizations to Better Protect Digital Identities

Registry Is Key Step in Growing Healthy and Secure Online Identity Ecosystem
Marketwired Identity Ecosystem Steering Group (IDESG)

Jun 6, 2016 8:00 AM

WASHINGTON, DC–(Marketwired – Jun 6, 2016) – The Identity Ecosystem Steering Group (IDESG) — an independent, non-profit organization dedicated to creating the future of trusted digital identities — today announced a new service that empowers organizations to improve the way they handle identities. The Identity Ecosystem Framework (IDEF) Registry brings the digital identity community closer to realizing the White House’s vision for trusted identities in cyberspace.

Every organization involved in online identity transactions plays a key role in creating and sustaining a healthy online identity ecosystem. The IDEF Registry allows companies to independently assess their own identity management methods against common industry practices. Using the IDESG’s Identity Ecosystem Framework as a model, organizations can now master and build on commonly accepted criteria for interoperability, privacy, security and usability. Meeting milestones in these subject areas is essential to ensuring that digital identities are protected and trustworthy online.

“This is an essential step in creating a safer environment for online transactions,” said Salvatore D’Agostino, President of the IDESG and CEO of IDmachines, LLC. “By equipping organizations involved in online transactions with a tool to measure where they stand relative to accepted policies and best practices, we’re promoting a safer internet on two levels. We’re making industry-accepted best practices more accessible to organizations who want to meet them, and providing a structured benchmark to organizations and individuals that want to use safer protocols for their digital transactions and information management.”

The Registry is an actionable step in the Identity Revolution, and the first opportunity of its kind for online identity service providers and owners and operators of applications that register, issue, authenticate, authorize and use identity credentials to prove that they operate secure platforms for their customers. Those that voluntarily register with the Registry publicly demonstrate their dedication to best practices in identity management. In addition to increasing participating organizations’ value and trust in the marketplace, the Registry gives them access to their industry’s most cutting-edge methods for identity management.

Initial listers include some of the preeminent companies in the identity space, such as MorphoTrust and PRIVO.

“As a founding member of the IDESG, PRIVO understands the level of commitment, subject matter expertise and vision required to bring the Registry to life,” said PRIVO Co-founder and CEO Denise Tayloe. “We are very proud to be one of the first services to hold ourselves accountable to the IDEF requirements that support a privacy-preserving, interoperable, secure, easy-to-use credential for families we serve, in order to protect and enable young users to engage and transact online.”

The IDESG has a pipeline of applicants and anticipates significant demand to join these early adopters to complete the process. Listing in the IDEF Registry is currently free for those who self attest.

“An Internet built around the identity principles of the Identity Ecosystem Framework, is in the best interest of us all as individuals,” said Mark DiFraia, Senior Director of Market Development at MorphoTrust. “MorphoTrust is proud to be one of the first organizations to join the IDEF Registry because we made the investment to build our online identity solution from the ground up to deliver on the National Strategy for Trusted Identities in Cyberspace (NSTIC) Principles. It is our sincere hope that the combination of NSTIC principles, the IDEF and now the IDEF Registry apply the right amount of pressure to shape the behavior of online players for the benefit of us all.”

For more information on The Identity Ecosystem Framework Registry, visit IDEFRegistry.org.

About the Identity Ecosystem Steering Group (IDESG)

IDESG is a voluntary, public-private partnership dedicated to developing an Identity Ecosystem Framework (IDEF) and services to better online digital identity. The IDESG looks to advance the Identity Ecosystem called for in the National Strategy for Trusted Identities in Cyberspace (NSTIC). The NSTIC, signed by President Obama in 2011, envisions the identity ecosystem as an online environment where individuals and organizations will be able to trust each other because they follow agreed-upon standards and policies to obtain and authenticate their digital identities. Come see how IDESG is making this happen by joining us in the effort and taking advantage of our services at IDESG.org.

Contact:

Media Contact
Donna Armstrong
ConnellyWorks, Inc.
571-323-2585 x6140
donna@connellyworks.com