Oversight of the IDSA will be provided by an executive board, which consists of representatives from member companies. The following companies will staff the initial Executive Board: CyberArk, Okta, Optiv (founding member), Ping Identity (founding member), SailPoint, SecureAuth, ThreatMetrix and VMware. The term of the executive board will be through calendar year 2020. At the end of 2 years, the IDSA community will be able to nominate and vote on new executive board members. The executive board is responsible for the overall charter, content development process and oversight of thought leadership and marketing activities to promote the work of the alliance.CUSTOMER ADVISORY BOARD
The customer advisory board has been established to provide the user community perspective and guidance on the vision, mission and work of the IDSA. The term will be through calendar year 2019. At the end of 2 years, member companies will be asked to nominate candidates and a new board will be approved by the executive board. The customer advisory board provides input into the vision of how identity fits into the broader cyber security marketplace and delivers guidance on the IDSA Framework that address the evolving security requirements of organizations.CHARTER
Membership in the IDSA is targeted to organizations who want to (i) contribute to the vision of an identity-centric approach to security, including use cases, reference architectures, and/or technology, and (ii) become a contributor to the common goal of advocating an identity-centric approach and the benefits across the industry. The work of the IDSA will be for the benefit of the cyber security community. The resources produced by the IDSA will be publicly available. Organizations will be able to access the work of the IDSA, as well as contribute through submissions and commenting of use cases as they are developed.
Terms and Requirements:
Membership: Membership is open to all organizations (vendor, solutions providers) in the cyber security industry and end customers who want to provide real world feedback to the work of the alliance. Member companies agree to cooperate in good faith to work together to identify and define use cases, develop vendor to vendor integrations (through technology alliance programs where appropriate) and to promote and market the alliance.
Organization members (vendors, solution providers) will be asked to meet the following commitments:
- $10,000 annual membership fee is required for 2019. The fee covers the costs of marketing, including, but not limited to IDSA website development and hosting, sponsorships at identity and security industry events, and community meet ups throughout the year at various conferences and other operational costs to support the go to market and activities of the organization.
- Designated contacts for technical working group (product management and technical) and marketing working group (marketing lead, social and field events). Participation in monthly conference calls and quarterly face to face meetings.
- Active participation in development of IDSA use cases and other IDSA generated deliverables.
- Technology Providers: At least one integration use case per year that is 1) validated and approved by the IDSA Technical Committee, 2) Generally available and supported by all vendors involved, 3) maps to IDSA published use cases or security controls and 4) In addition to review with IDSA Technical Committee, vendors are required to provide access to technical documentation and a video demonstration to be posted/referenced on the IDSA website and/or IDSA YouTube channel. Note: If the submitted use case maps to proposed use cases or security controls, the IDSA Technical Committee will review those for approval as well.
- Solutions Providers: at least one solution use case submission per year that has been implemented within a customer that is 1) Be comprised of IDSA approved integrations that demonstrate or further the IDSA messaging/objectives, 2) Utilizes at least 2 IDSA published security controls, and 3) validated and approved by the IDSA Technical Committee. Note: If the submitted use case maps to proposed use cases or security controls, the IDSA Technical Committee will review those for approval as well.
Member participation will be evaluated on a yearly basis. If member does not comply with the above requirements, the IDSA executive board may decide to discontinue membership.
Technical Support: Each member will designate a technical contact that will be responsible for contribution to the development of use cases, reference architectures, technical documentation (whitepapers, use case documents, architecture diagrams) and technology demonstrations. The technical contact will be asked to participate in regular conference calls and quarterly face to face meetings.
Marketing: Each member will designate a marketing contact that will be responsible for member contribution to all awareness activities for the IDSA, including but not limited to:
- Quote for IDSA press release announcing new members.
- Reference participation in the IDSA on corporate website and link to www.idsalliance.org.
- Corporate logos for the IDSA website.
- Presence and/or speaking slot at member user conference (if applicable).
- Blog, to be posted on member website, announcing membership in the IDSA and benefits to the organization and its customers.
- Promotion of the IDSA and activities to customer base through social channels, company newsletters, emails, customer presentations and other corporate communication vehicles.
- Guest blog on IDSA website in alignment with key messages/deliverables being developed.
- Include IDSA promotional materials in booth at designated events.
The marketing contact will be asked to participate in regular conference calls and quarterly face-to-face meetings.
Go to Market: The IDSA is not responsible for the go to market or monetization of solutions coming out of the work of the IDSA. Any go to market or monetization terms will be agreed to between the individual member companies.
Confidentiality: Member companies will not share documentation, software or disclose confidential (future capabilities, products, etc) information obtained during IDSA meetings. While it is not required, member companies are encouraged to establish NDAs with other member companies, if necessary.
Intellectual Property: IDSA Intellectual Property Guidelines: All methodologies, procedures, management tools, workshops, manuals, software, object code, data files, concepts, ideas, inventions, know-how and other intellectual property a member company has independently developed, created, or acquired, whether before or after its date of membership with the IDSA, including any derivatives, improvements, enhancements or extensions of such intellectual property developed by such member company (“Member Company Intellectual Property”) are, and shall remain, the sole and exclusive property of such member company or its licensors. All methodologies, procedures, management tools, workshops, manuals, software, object code, data files, know-how and other intellectual property developed by members of IDSA that the member contributes to IDSA projects in connection with such membership, whether collectively by all members or collectively with certain members (“IDSA Intellectual Property”) are, and shall remain, the sole and exclusive property of IDSA. IDSA Intellectual Property specifically exclude inventions, patents, patent applications and associate rights. Notwithstanding the foregoing but subject to the below paragraph, each member shall have an irrevocable, royalty-free and perpetual license to unrestricted use of such IDSA Intellectual Property, whether created independently or in conjunction with Member Company Intellectual Property.
Subject to the license rights set forth above, nothing herein shall be construed to transfer ownership of any Member Company Intellectual Property or IDSA Intellectual Property. In addition, each member company grants IDSA and the other member companies a right to use and distribute any marketing collateral, product or integration data sheets, use cases, or similar materials (collectively, “Marketing Materials”) specifically provided to IDSA for the organization’s use, and IDSA grants the member companies a right to use and distribute any Marketing Materials specifically provided by IDSA to the organization for its use; provided that all of the foregoing use and distribution by IDSA or a member company complies with the following: (i) such use and distribution is in accordance with the disclosing party’s written instructions, (ii) such material is unmodified (absent the disclosing party’s prior written consent), (iii) the party using or distributing such material provides attribution to the disclosing party when publicizing, and (iv) the disclosing party may, upon reasonable prior notice, update, modify or declare obsolete any Marketing Materials previous provided by the disclosing party, and require users to cease use of replaced or obsolete versions in accordance with the schedule provided by the disclosing partner.