Skip to main content

Privacy Policy

This is an archived version of the Privacy Policy. For the latest version click here

Privacy Policy

This site is maintained by the Kantara Initiative Inc, but no longer updated, following the transition of IDESG's assets to Kantara in July 2018, with the support of the National Strategy for Trusted Identities in Cyberspace (NSTIC) National Institute of Standards and Technology (NIST). The views expressed do not necessarily reflect the official policies of the NIST or NSTIC; nor does mention of trade names, commercial practices, or organizations imply endorsement by the U.S. Government.

The National Strategy for Trusted Identities in Cyberspace (“NSTIC” or “Strategy”), signed by President Obama in April 2011, acknowledges and addresses a major weakness in cyberspace – a lack of confidence and assurance that people, organizations, and businesses are who they say they are online. The NSTIC calls for the establishment of a private sector-led Identity Ecosystem Steering Group (IDESG) to administer the development and adoption of the Identity Ecosystem Framework. The IDESG receives its authority to operate from the active participation of its membership in accordance with the Rules of Association (ROA). TFS was selected as the Secretariat to serve as the administrative arm of the IDESG.

The IDESG (“IDESG”, “we”, “us”, “our”) values privacy, and we want you (“user”, “you”) to have the information you need to make your own decisions about your privacy.

This Privacy Policy (“Policy”) describes how we collect, use, share, and protect information about you, as well as the choices you may make about how we use this information.

Our Policy applies to:

  1. All individuals who provide information, such as individuals, individual member, member representatives, alternate member representatives or member associates as defined in the ROA.
  2. All methods of contact such as the Internet, including through our website, (“site”), direct mail, e-mail, fax, telephone, mobile, and other emerging technologies and methods.

This site contains links to other sites. Unless specifically stated otherwise, the collection and use of your personal information at other sites linked to from are not governed by this Policy.

We are in compliance with the requirements of COPPA (Children’s Online Privacy Protection Act). We do not knowingly collect any information from anyone under 13 years of age. Our site and services are all directed to people who are at least 13 years old.

Please read the following to learn more about our Policy before providing us with any information. By accessing the site or providing any information, you agree to our use of that information consistent with the Policy. If you have questions about this Policy, please e-mail us at

Information We Collect, and How We Use It

We will only use and share your information as described in this Policy. We use the information we collect to carry out administrative functions and to manage our sites and services. We may share the information we collect about you and the information you provide to us to perform the services you request, register you with our site, enroll you in communications from us, analyze the use of our products and services, make your next visit to the site more personalized, and contact you regarding administrative issues. We will only use and share your information as described in this Policy.

We rely on third-party service providers to perform a variety of services on our behalf. In so doing, we may need to share your information with them. Please note that we only provide our service providers with the information they need to perform their services and we require that they protect this information and not use it for any other purpose. Specific information shared with service providers is detailed in the subsections below. Some of these third party providers may operate outside the United States and may be subject to laws or regulations of other countries or communities such as the EU.

As detailed in the subsections below, certain information and user-provided content is made publicly available in accordance with the “Openness and Transparency Operating Principle” of the IDESG. Since this publicly available information may be accessed by search engine crawlers, other web robots, or retrieved by individuals and posted on other sites outside of our control such as, it may remain publicly available even if later removed from IDESG sites and services.

We will never sell, trade, or otherwise transfer to outside parties your personal information, except in the following cases:

  • Third party service providers as described above.
  • When release is required to comply with the law, enforce our site policies, or protect ours or others rights, property, or safety.
  • Any information will be released to the NSTIC National Program Office (NPO) at NIST upon request.

Membership Information

In order to become a member of the IDESG, as defined in the ROA, you are required to provide certain information about yourself and any other individuals associated with your organization who will be participating in the IDESG, including: name, e-mail address, mailing address, and phone number. This information is initially entered using the Adobe FormsCentral service ( and subsequently maintained via email or phone communication with the Secretariat. Initial membership information is stored by the FormsCentral third party service provider, but is only accessible by the Secretariat.

IDESG members are listed publicly on the IDESG website (, including organization name, names of individuals associated with the organization, stakeholder category, participation level, and possibly email address. Other membership information, such as phone numbers and physical mailing addresses, is not listed publicly and is only used for IDESG administrative purposes.

IDESG Website

This section pertains to the website, including the wiki, and any other paths within

Website User Accounts

Most content is viewable without creating a user account or logging in. In this case no information is collected about you.

Certain services or features, such as contributing user-provided content, or activities which require membership such as voting, require creating a website user account and logging in. Users login to using federated identity management. User credentials (passwords) or hashes are not stored within databases. Rather, users are redirected to the website of their chosen identity provider (“IdP”), where credentials are entered. Currently supported identity providers are: Google, Yahoo, and Janrain. Only a pseudonymous identifier and user attributes such as first name, last name, and email address are sent to These attributes are used to pre-populate corresponding fields when creating an IDESG website account, and may be changed during account creation or at any later time. Privacy policy and terms of use covering your relationship with your chosen IdP, storage of user credentials, disclosure of personal information by IdP, are between you and your chosen IdP and outside the scope of this Policy.

The table below lists information which may be collected as part of the IDESG website user account, and how that information is used or disclosed.

Field How set How used or disclosed
User ID Chosen by user during account setup. May be changed by user. May be publicly displayed with user contributions to the site, such as comments or page edits.
First, Last Namev Set by userv Not publicly displayed unless allowed by the user on a case-by-case basis, such as when joining a webinar.
User Picturev (Optionally) uploaded by userv May be publicly displayed with user contributions to the site, such as comments or page edits.v
Email Address Chosen by user during account setup. May be changed by user. Web services may send emails to this address. Not displayed publicly.
Timezone Set by user Used to convert displayed times displayed to the user. Not displayed publicly.
User Preferences These are settings which adapt the behavior of the website based on user choices. Set by user Not displayed publicly.

User-Provided Content

Numerous means of contributing content to the website are available, including but not limited to: participating in online discussion forums, creating or modifying web pages associated with IDESG committees, commenting on existing website content, uploading documents, creating calendar events, creating or modifying wiki pages. It should be understood that all such content is deemed to be published by the sender and made public without condition, in most cases labeled with your User ID and possibly with your User Picture. Any disclaimers that may be attached to said content that describe it as private or non-redistributable are self-contradictory and thus null and void. The IDESG is not responsible for removing or otherwise concealing your communication after you cause it to become public.

User-provided content may be screened by the spam prevention and text filtering service. Only the text which you submit to the IDESG website for public posting is sent to Mollom, not any information about you.

Member Activity

IDESG members login to the IDESG website to cast votes on elections or other IDESG business. Records of these votes are retained in databases, but are only accessible by the Secretariat. Only summary results of votes are made public, not the details of how any individual voted on any matter.

Automatically Collected Information

As with any website, the IDESG website maintains logs of access to pages and resources, as well as administrative logs when certain user actions occur. Examples of information collected include the path to the requested page or resource, your IP address, the date/time of the request, and the user-agent header string sent by your browser. This information is collected primarily to facilitate investigation in the event of suspected problems with the site or services. This information is accessible only to website administrators.


A “cookie” is a small piece of information which a web site can send to your computer along with a web page. The IDESG website uses cookies in the following manner:

  • Login process. If you choose to login to our site, temporary (session) cookies are used during the federated login process, to facilitate single sign-on between the primary website and the wiki, and to maintain login sessions. These cookies do not contain personal information and are deleted from your computer upon closing your browser.
  • Site usability. We also use session cookies to improve how you navigate through and interact with the site.

This Policy does not cover the use of cookies by other sites, including sites linked to from the IDESG website, or sites of third party service providers such as identify providers (IdPs). Please reference the privacy policies of these external sites for information about their use of cookies.

Mailing Lists

We operate a number of mailing lists ( to facilitate communication among IDESG members and participants. These mailing lists are implemented using Mailman software (, and are operated by a third party service provider (

You can view archives of these mailing lists without subscribing or providing any information.

You can subscribe to these lists, meaning that messages posted to the list in the future will be emailed to you. In order to subscribe, you must provide an email address, and may optionally provide additional information. You must also either choose a password or allow a password to be generated for you. The password allows you to choose certain options controlling the behavior of your subscription to the mailing list. Your mailing list credentials (email address and password) are maintained and stored on A2 Hosting servers, distinct from the IDESG website. Once you subscribe to a mailing list, by default your email address will be listed on a subscriber list visible to all other subscribers. It is possible to subscribe but prevent your email address from being listed by altering the aforementioned options.

We reserve the right to remove your subscription at our sole discretion. In addition, if you are an IDESG member, or participating in the IDESG on behalf of a member organization, we reserve the right to automatically subscribe you to certain mailing list(s) in the interest of supporting IDESG administration and mission.

If you choose to post a message to a mailing list, the full message, including your email address, is sent to all subscribers and is also available publicly in mailing list archives.


The work of the IDESG often involves meetings, either of the plenary or of committees. These meetings are usually conducted using online technologies, but at times also have an in-person component.

The IDESG makes use of a number of third party services to facilitate meetings. Specifically:

Category Service Provider(s)
Online Meetings GoToWebinar ( (link is external))
Webex ( (link is external))
tbg Conferencing ( (link is external))
Remote Plenary Meeting Participation omNovia ( (link is external))
Online Chat SoapHub ( (link is external))

The omNovia service is used when it is necessary to authenticate remote participation for the purpose of quorum calculation. In this case, single sign-on is implemented from the IDESG website to omNovia, allowing your presence in the online meeting room to be associated with your IDESG website account, and hence your IDESG membership. During the single sign-on process, your email address, first name, and last name are sent to the omNovia service.

The other services mentioned above are not sent any information about you from IDESG. These services only obtain the information you provide when you register or enter the meeting, generally email address, first and last name.

Please be aware that the IDESG Rules of Association specifically states that “All documents, drafts, and minutes of meetings shall be posted on a publicly available Internet site”. Your participation in the meeting, including attendance, comments you make verbally or in any chat log during the meeting, may all be deemed relevant to or a part of meeting minutes, and made publicly available in accordance with the ROA.

Communications from Us

In order to support IDESG administration and mission, we send periodic email communications to IDESG members and/or IDESG website users. If you do not wish to receive such emails, you have the option to deactivate your account by e-mailing However, such action may result in the cancellation of your membership status in IDESG.

In some cases we use the third party service provider Constant Contact ( (link is external)) to send email, which requires that we provide Constant Contact with a list of destination email addresses. These email address lists are used by Constant Contact only for the purpose of delivering the email to you. The lists are only accessible by the Secretariat. The Constant Contact privacy policy contains additional information about Constant Contact emails, including how to opt-out or disable web beacons.

Correcting and Updating Your Information

We take steps to make sure your personal information is accurately maintained. You may view the information you provided to us to make corrections or modify it at any time. If you wish to view or change the information you have provided to us, or request that we no longer use your information to provide you services, you may contact us at or One Research Court, Rockville, MD 20850. We do not charge for this service and will respond to reasonable requests within 3 business days.

Customer Service and Recourse

If you have concerns about this Policy, its implementation, or other related inquiries or concerns, please contact us at Any improper collection or misuse of information in violation of this Policy or should reported by e-mail to The IDESG takes seriously any reported violations, and will investigate and correct any such violations.

Confidentiality and Security of Your Personal Information

The IDESG will take reasonable measures to secure the personal information users provide to us. We have implemented reasonable information security policies, rules and technical measures to protect the personal information we have under our control from unauthorized access, improper use or disclosure, unauthorized modification, and unlawful destruction or accidental loss.

All our employees, contractors and data processors who have access to, and are associated with the processing of your personal information, are obligated to keep the information confidential and not use it for any other purpose than to carry out the services they are performing for us.

Terms and Conditions

Please also visit our Terms of Use section establishing the use, disclaimers, and limitations of liability governing the use of our website.

Changes in This Policy

We reserve the right to modify this Policy at any time. If we decide to change this Policy, we will post those changes on this page, and update the Policy modification date below. If we make material changes to this Policy, we will notify you by means of a notice on our home page.

This Policy (Version 0.5) was last modified on May 23, 2013

Contact Us

If you have questions specifically about this Policy, or to legal issues pertaining to the practices of the Site or your use of the Site, please contact us.

E-mail Address:

Mailing Address: 2400 Camino Ramon, Suite 375, San Ramon, CA 94583

This is an archived version of the Privacy Policy. For the latest version click here