The IDESG, its components, and its members shall at all times operate in accordance with four Guiding Principles set forth in the NSTIC. They are:
1. Identity solutions will be privacy-enhancing and voluntary.
The Identity Ecosystem will be grounded in a holistic, integrated implementation of the Fair Information Practice Principles to promote the creation and adoption of policies and standards that are privacy-enhancing, including the preservation of the capacity to engage in anonymous and pseudonymous activities online. Ideally, identity solutions within the Identity Ecosystem should preserve the positive privacy benefits associated with offline identity-related transactions while mitigating some of the negative privacy aspects. Finally, participation in the Identity Ecosystem will be voluntary: the government will neither mandate that individuals obtain an Identity Ecosystem credential nor that companies require Identity Ecosystem credentials from consumers as the only means to interact with them. Individuals shall be free to use an Identity Ecosystem credential of their choice, provided the credential meets the minimum risk requirements of the relying party, or to use any non-Identity Ecosystem mechanism provided by the relying party. Individuals’ participation in the Identity Ecosystem will be a day-to-day—or even a transaction-to-transaction—choice.
2. Identity solutions will be secure and resilient.
Identity solutions within the Identity Ecosystem will provide secure and reliable methods of electronic authentication by being grounded in technology and security standards that are open and collaboratively developed with auditable security processes. Credentials within the Identity Ecosystem are: issued based on sound criteria for verifying the identity of individuals and devices, when appropriate; resistant to theft, tampering, counterfeiting, and exploitation; and issued only by providers who fulfill the necessary requirements. Identity solutions must detect when trust has been broken, be capable of timely restoration after any disruption, be able to quickly revoke and recover compromised digital identities, and be capable of adapting to the dynamic nature of technology.
3. Identity solutions will be interoperable.
Interoperability encourages and enables service providers to accept a wide variety of credentials and enables users to take advantage of different credentials to assert their identity online. Two types of interoperability are recognized in the Identity Ecosystem: technical interoperability is the ability for different technologies to communicate and exchange data based upon well-defined and testable interface standards; policy-level interoperability is the ability for organizations to adopt common business policies and processes.
4. Identity solutions will be cost-effective and easy to use.
The Identity Ecosystem will promote identity solutions that enable individuals to use a smaller number of identity credentials across a wide array of service providers. These identity solutions must be cost-effective for users, identity and attribute providers, and relying parties. Furthermore, identity solutions should be simple to understand, intuitive, easy-to-use, and enabled by technology that requires minimal user training.