Understanding the Barriers of Acquiring Relying Parties to NSTIC

Generic Clearance for the Collection of Qualitative Feedback on Agency Service Delivery

0690-0030-NSTIC-Instrument 5-1-15

Understanding the Barriers of Acquiring Relying Parties to NSTIC

OMB: 0690-0030

⚠️ Notice: This form may be outdated. More recent filings and information on OMB 0690-0030 can be found here:

Document [docx]

Download: docx | pdf

Shape1 Shape2

Online Survey Software | Qualtrics Survey Solutions

Page 2 of 12

OMB Control No. 0690-0030

Expiration Date: 06/30/2017

Understanding the barriers of acquiring relying parties to NSTIC

BACKGROUND

The National Strategy for Trusted Identities in Cyberspace (NSTIC) is a White House initiative signed by President Obama in 2011. The NSTIC envisions an Identity Ecosystem, where individuals and organizations utilize secure, efficient, easy-to-use, and interoperable identity credentials to access online services in a manner that promotes confidence, privacy, choice, and innovation. The Identity Ecosystem Steering Group (IDESG) is a private-sector led organization, funded by the NSTIC, that’s facilitating the development of the Identity Ecosystem.

PURPOSE OF THIS SURVEY

The Identity Ecosystem will be most successful if it has an abundance of Relying Parties (RPs) – organizations accepting 3rd party federated credentials from Service Providers for access to their services. Unfortunately, there is currently a dearth of organizations willing to act as RPs; this survey delves into this issue, seeking to further understand the barriers that prevent organizations from transitioning to this role.

WHY WE VALUE YOUR RESPONSE

As an existing or potential RP, your input is critical in helping the NSTIC National Program Office (NPO) identify and mitigate the barriers that currently prevent many organizations from accepting 3rd party credentials. The results of this survey will inform the work of the NPO in implementing the NSTIC, and will be particularly useful for the IDESG in establishing an Identity Ecosystem.

CONFIDENTIALITY STATEMENT

All responses - including any personal information - will be kept strictly confidential. No identifying information will be saved with survey data. All survey participant information - including contact persons and organization names - will be kept anonymous and will not

be shared with NPO or any external party.

If you have any additional questions, please contact us. Purdue Student Consulting

[email protected]

Shape5 _{National
Strategy for}_{Trusted
Identities in Cyberspace (NSTIC) Video:}

NSTIC and the Identity Ecosystem:

Shape6 Low awareness of 3rd party federated credentials among

prevents 3rd party federated credentials from being adopted by my organization.

My organization

_The_public

Strongly

Disagree Disagree

Neither Agree nor

Disagree Agree

Strongly

Agree

I don't know

Shape7 Lack of understanding of 3rd party federated credentials among

prevents 3rd party federated credentials from being adopted by my organization.

My organization

_The_public

Strongly

Disagree Disagree

Neither Agree nor

Disagree Agree

Strongly

Agree

I don't know

Shape10 Low awareness of the Identity Ecosystem among prevents 3rd

_{party
federated credentials from being adopted by my organization.}

My organization

_The_public

Strongly

Disagree Disagree

Neither Agree nor

Disagree Agree

Strongly

Agree

I don't know

Shape11 Lack of understanding of the Identity Ecosystem among

prevents 3rd party federated credentials from being adopted by my organization.

My organization

_The_public

Strongly

Disagree Disagree

Neither Agree nor

Disagree Agree

Strongly

Agree

I don't know

Shape12 _I_think_is_sufficiently_aware_of_the_security_risks_of_passwords_.

My organization

Strongly

Disagree Disagree

Neither Agree nor

Disagree Agree

Strongly

Agree

I don't know

_The_public

Strongly

Disagree Disagree

Neither Agree nor

Disagree Agree

Strongly

Agree

I don't know

Shape13 I think is/are more comfortable using passwords for authentication

_than
biometr_i_cs,_PINs,_{other
methods.}

My organization

_My_c_u_stomers

Strongly

Disagree Disagree

Neither Agree nor

Disagree Agree

Strongly

Agree

I don't know

Shape14 I think is/are more comfortable using my proprietary credentialing

_{services
rather than 3rd party federated credentia}_l_s_.

My organization

_My_c_u_stomers

Strongly

Disagree Disagree

Neither Agree nor

Disagree Agree

Strongly

Agree

I don't know

Shape15 I think that overall my industry's existing protection measures against

_{security
breaches are}_sufficient_.

Strongly Disagree

Disagree

Neither Agree nor Disagree

Agree

Strongly Agree

I don't know

_Not
ap_p_lic_a_ble

Shape16 I think 3rd party federated credentials will make online transactions

_{between
my organizat}_i_{on
and customers}_more_secure_.

Strongly Disagree

Disagree

Neither Agree nor Disagree

Agree

Strongly Agree

I don't know

_Not
ap_p_lic_a_ble

Shape17 I think my customers would prefer to use 3rd party federated credentials which

_enhance_privac_y_,_i_f_{given
the opportunity}_{and
educational information.}

Strongly Disagree

Disagree

Neither Agree nor Disagree

Agree

Strongly Agree

I don't know

_Not
ap_p_lic_a_ble

Shape18 I think my customers would prefer to use 3rd party federated credentials which can be used conveniently in multiple places, if given the opportunity and

_educational_information.

Strongly Disagree

Disagree

Neither Agree nor Disagree

Agree

Strongly Agree

I don't know

_Not
ap_p_lic_a_ble

Shape19 Less control over collecting consumer data resulting from using 3rd party credential providers prevents my organization from adopting 3rd party

_{federated
credentials.}

Strongly Disagree

Disagree

Neither Agree nor Disagree

Agree

Strongly Agree

I don't know

_Not
ap_p_lic_a_ble

Shape20 Less control over user experience resulting from using 3rd party credential providers prevents my organization from adopting 3rd party federated

_credentials.

Strongly Disagree

Disagree

Neither Agree nor Disagree

Agree

Strongly Agree I don't know Not applicable

Shape21 Current security authentication standards (username / password) are perceived sufficient enough by that it questions the necessity of

_{3rd
party federated credentials.}

My organization

_My_c_u_stomers

Strongly

Disagree Disagree

Neither Agree nor

Disagree Agree

Strongly

Agree

I don't know

Not applicable

Shape22 Concerns over loss of customers due to requiring 3rd party federated credentials prevents my organization from adopting 3rd party federated

_credentials.

Strongly Disagree

Disagree

Neither Agree nor Disagree

Agree

Strongly Agree

I don't know

_Not
ap_p_lic_a_ble

Shape23 Concerns over increased ease for customers to move to competitors

_{prevents
my organization from adopting 3rd party federated credentials.}

Strongly Disagree

Disagree

Neither Agree nor Disagree

Agree

Strongly Agree

I don't know

_Not
ap_p_lic_a_ble

Shape24 It is important to that the rules and policies of the Identity

_E_c_os_y_s_t_em_{are
being developed by the private}_sector.

My organization

_The
public

Strongly

Disagree Disagree

Neither Agree nor

Disagree Agree

Strongly

Agree

I don't know

Shape25 Lack of clear financial benefits prevents my organization from adopting 3rd

_{party
federated credentials.}

Strongly Disagree

Disagree

Neither Agree nor Disagree

Agree

Strongly Agree

I don't know

_Not
ap_p_lic_a_ble

Shape26 My organization has over unclear liabilities in the case of

_security_breaches_if
adopting_3rd
par_t_{y
federated credentials.}

No concerns Minor concerns Strong concerns

Very strong concerns

"I don't know" "Not applicable"

Shape27 My organization has that 3rd party federated credentials may not

_support_compliance_to_regulations_{applicable
to}_my
industry.

No concerns Minor concerns Strong concerns

Very strong concerns

"I don't know" "Not applicable"

Shape28 My organization has that 3rd party federated credentials would

_require
more_compliance_review_s_.

No concerns Minor concerns Strong concerns

Very strong concerns

"I don't know" "Not applicable"

Shape29 My organization has that acceptance of 3rd party federated

_{credentials
will erode}_my_{organization's}_brand_image.

No concerns Minor concerns Strong concerns

Very strong concerns

"I don't know" "Not applicable"

Shape32 _{Are
you a current member of}_the_IDESG_?

Yes

_No

Shape33 _What_is
the_activity_/_sector_of_{your
organization? (Multiple entries possible)}

Financial

_Se_r_vices

Textile Environment Tourism/Travel

Transportation Health High-tech Insurance

Biotechnology Consulting Construction Internet

Shape34 Shape35 Manufacturing Electronics Government Other, please describe

Shape36 Please list any other barriers which prevent your organization from adopting

Shape37 Shape38 3rd party federated credentials and explain their significance in your opinion.

Shape39 Please let us know of any questions or comments you might have.

Shape40 Shape41 Shape42 Shape43 You have reached the end of the survey. Thank you for your participation!

NOTWITHSTANDING STATEMENT

This collection of information contains Paperwork Reduction Act (PRA) requirements approved by the Office of Management and Budget (OMB). Notwithstanding any other provision of the law, no person is required to respond to, nor shall any person be subject to a penalty for failure to comply with, a collection of information subject to the requirements of the PRA unless that collection of information displays a currently valid OMB control number. Public reporting burden for this collection is estimated to be 30 minutes per response, including the time for reviewing instructions, searching existing

data sources, gathering and maintaining the data needed and completing and reviewing

_{the
collection of}_information.

_>_>

Shape3 Shape4

https://purdue.qualtrics.com/SE/?SID=SV_8Gn43k8gFMJ2XXf&Preview=Survey&BrandI...

4/8/2015

File Type	application/vnd.openxmlformats-officedocument.wordprocessingml.document
File Modified	0000-00-00
File Created	0000-00-00