1.3: Participant Responsibilities

Define participant responsibilities in the Identity Ecosystem and establish mechanisms to provide accountability.

Other Information:

The Identity Ecosystem Framework will define the minimum rights and responsibilities of the various participants in the Identity Ecosystem and establish consequences for those that do not uphold their responsibilities As part of defining these responsibilities, the Identity Ecosystem Framework must establish the accountability and remediation process when an identity credential is fraudulently issued or used or when other breakdowns in the Identity Ecosystem occur To date, these concerns have been a barrier to the development of widespread identity and authentication solutions at all levels of assurance These concerns affect both individuals and service providers The Identity Ecosystem Framework must in general protect individuals from unbounded liability and in particular ensure that individuals are not held liable for losses that they were powerless to prevent The Identity Ecosystem Framework should also clarify service provider accountability in order to overcome the uncertainty and fear of unbounded liability that have limited the market’s growth For example, it must answer questions such as whether or not identity providers should have legal protection if they have complied with the defined standards and credentials are nonetheless issued or used incorrectly The Federal Government may need to establish or amend both policies and laws to address these concerns Multiple entities currently enforce online security and privacy standards in a distributed fashion across both government and the private sector Any new laws and policies must maintain the flexibility of this approach, while harmonizing a diverse and sometimes conflicting set of requirements that currently prevent interoperability and trust across communities.

Indicator(s):

Indicator:1

Content