Online
Survey
Software
|
Qualtrics
Survey
Solutions
Page
OMB Control No. 0690-0030
Expiration Date: 06/30/2017
Understanding the barriers of acquiring relying parties to NSTIC
BACKGROUND
The National Strategy for Trusted Identities in Cyberspace (NSTIC) is a White House initiative signed by President Obama in 2011. The NSTIC envisions an Identity Ecosystem, where individuals and organizations utilize secure, efficient, easy-to-use, and interoperable identity credentials to access online services in a manner that promotes confidence, privacy, choice, and innovation. The Identity Ecosystem Steering Group (IDESG) is a private-sector led organization, funded by the NSTIC, that’s facilitating the development of the Identity Ecosystem.
PURPOSE OF THIS SURVEY
The Identity Ecosystem will be most successful if it has an abundance of Relying Parties (RPs) – organizations accepting 3rd party federated credentials from Service Providers for access to their services. Unfortunately, there is currently a dearth of organizations willing to act as RPs; this survey delves into this issue, seeking to further understand the barriers that prevent organizations from transitioning to this role.
WHY WE VALUE YOUR RESPONSE
As an existing or potential RP, your input is critical in helping the NSTIC National Program Office (NPO) identify and mitigate the barriers that currently prevent many organizations from accepting 3rd party credentials. The results of this survey will inform the work of the NPO in implementing the NSTIC, and will be particularly useful for the IDESG in establishing an Identity Ecosystem.
CONFIDENTIALITY STATEMENT
All responses - including any personal information - will be kept strictly confidential. No identifying information will be saved with survey data. All survey participant information - including contact persons and organization names - will be kept anonymous and will not
be shared with NPO or any external party.
If you have any additional questions, please contact us. Purdue Student Consulting
purduestudentconsulting@gmail.com
National Strategy for Trusted Identities in Cyberspace (NSTIC) Video:
NSTIC and the Identity Ecosystem:
Low awareness of 3rd party federated credentials among
prevents 3rd party federated credentials from being adopted by my organization.
My organization
The public
Strongly
Disagree Disagree
Neither Agree nor
Disagree Agree
Strongly
Agree
I don't know
Lack of understanding of 3rd party federated credentials among
prevents 3rd party federated credentials from being adopted by my organization.
My organization
The public
Strongly
Disagree Disagree
Neither Agree nor
Disagree Agree
Strongly
Agree
I don't know
Low awareness of the Identity Ecosystem among prevents 3rd
party federated credentials from being adopted by my organization.
My organization
The public
Strongly
Disagree Disagree
Neither Agree nor
Disagree Agree
Strongly
Agree
I don't know
Lack of understanding of the Identity Ecosystem among
prevents 3rd party federated credentials from being adopted by my organization.
My organization
The public
Strongly
Disagree Disagree
Neither Agree nor
Disagree Agree
Strongly
Agree
I don't know
I think is sufficiently aware of the security risks of passwords.
My organization
Strongly
Disagree Disagree
Neither Agree nor
Disagree Agree
Strongly
Agree
I don't know
The public
Strongly
Disagree Disagree
Neither Agree nor
Disagree Agree
Strongly
Agree
I don't know
I think is/are more comfortable using passwords for authentication
than biometrics, PINs, other methods.
My organization
My customers
Strongly
Disagree Disagree
Neither Agree nor
Disagree Agree
Strongly
Agree
I don't know
I think is/are more comfortable using my proprietary credentialing
services rather than 3rd party federated credentials.
My organization
My customers
Strongly
Disagree Disagree
Neither Agree nor
Disagree Agree
Strongly
Agree
I don't know
I think that overall my industry's existing protection measures against
security breaches are sufficient.
Strongly Disagree
Disagree
Neither Agree nor Disagree
Agree
Strongly Agree
I don't know
Not applicable
I think 3rd party federated credentials will make online transactions
between my organization and customers more secure.
Strongly Disagree
Disagree
Neither Agree nor Disagree
Agree
Strongly Agree
I don't know
Not applicable
I think my customers would prefer to use 3rd party federated credentials which
enhance privacy, if given the opportunity and educational information.
Strongly Disagree
Disagree
Neither Agree nor Disagree
Agree
Strongly Agree
I don't know
Not applicable
I think my customers would prefer to use 3rd party federated credentials which can be used conveniently in multiple places, if given the opportunity and
educational information.
Strongly Disagree
Disagree
Neither Agree nor Disagree
Agree
Strongly Agree
I don't know
Not applicable
Less control over collecting consumer data resulting from using 3rd party credential providers prevents my organization from adopting 3rd party
federated credentials.
Strongly Disagree
Disagree
Neither Agree nor Disagree
Agree
Strongly Agree
I don't know
Not applicable
Less control over user experience resulting from using 3rd party credential providers prevents my organization from adopting 3rd party federated
credentials.
Strongly Disagree
Disagree
Neither Agree nor Disagree
Agree
Strongly Agree I don't know Not applicable
Current security authentication standards (username / password) are perceived sufficient enough by that it questions the necessity of
3rd party federated credentials.
My organization
My customers
Strongly
Disagree Disagree
Neither Agree nor
Disagree Agree
Strongly
Agree
I don't know
Not applicable
Concerns over loss of customers due to requiring 3rd party federated credentials prevents my organization from adopting 3rd party federated
credentials.
Strongly Disagree
Disagree
Neither Agree nor Disagree
Agree
Strongly Agree
I don't know
Not applicable
Concerns over increased ease for customers to move to competitors
prevents my organization from adopting 3rd party federated credentials.
Strongly Disagree
Disagree
Neither Agree nor Disagree
Agree
Strongly Agree
I don't know
Not applicable
It is important to that the rules and policies of the Identity
Ecosystem are being developed by the private sector.
My organization
The public
Strongly
Disagree Disagree
Neither Agree nor
Disagree Agree
Strongly
Agree
I don't know
Lack of clear financial benefits prevents my organization from adopting 3rd
party federated credentials.
Strongly Disagree
Disagree
Neither Agree nor Disagree
Agree
Strongly Agree
I don't know
Not applicable
My organization has over unclear liabilities in the case of
security breaches if adopting 3rd party federated credentials.
No concerns Minor concerns Strong concerns
Very strong concerns
"I don't know" "Not applicable"
My organization has that 3rd party federated credentials may not
support compliance to regulations applicable to my industry.
No concerns Minor concerns Strong concerns
Very strong concerns
"I don't know" "Not applicable"
My organization has that 3rd party federated credentials would
require more compliance reviews.
No concerns Minor concerns Strong concerns
Very strong concerns
"I don't know" "Not applicable"
My organization has that acceptance of 3rd party federated
credentials will erode my organization's brand image.
No concerns Minor concerns Strong concerns
Very strong concerns
"I don't know" "Not applicable"
Are you a current member of the IDESG?
Yes
No
What is the activity / sector of your organization? (Multiple entries possible)
Financial
Services
Textile Environment Tourism/Travel
Transportation Health High-tech Insurance
Biotechnology Consulting Construction Internet
Manufacturing Electronics Government Other, please describe
Please list any other barriers which prevent your organization from adopting
3rd party federated credentials and explain their significance in your opinion.
Please let us know of any questions or comments you might have.
You have reached the end of the survey. Thank you for your participation!
NOTWITHSTANDING STATEMENT
This collection of information contains Paperwork Reduction Act (PRA) requirements approved by the Office of Management and Budget (OMB). Notwithstanding any other provision of the law, no person is required to respond to, nor shall any person be subject to a penalty for failure to comply with, a collection of information subject to the requirements of the PRA unless that collection of information displays a currently valid OMB control number. Public reporting burden for this collection is estimated to be 30 minutes per response, including the time for reviewing instructions, searching existing
data sources, gathering and maintaining the data needed and completing and reviewing
the collection of information.
>>
Powered by Qualtrics
https://purdue.qualtrics.com/SE/?SID=SV_8Gn43k8gFMJ2XXf&Preview=Survey&BrandI...
4/8/2015
File Type | application/vnd.openxmlformats-officedocument.wordprocessingml.document |
File Modified | 0000-00-00 |
File Created | 0000-00-00 |