Skip to end of metadata
Go to start of metadata

Final Draft (2017-01-17)

Code of Conduct for Digital Identity Professionals


  • I will accept responsibility for making decisions consistent with the safety, health, and welfare of the public, and to promptly disclose factors that might endanger the privacy or security of their digital identity.
  • I will avoid real or perceived conflicts of interest whenever possible, and I will disclose them to affected parties when they do exist.
  • I will strive to minimize the risk of harm to individuals or organizations in the course of my work.

Personal Integrity

  • I will uphold high standards of honesty and behavior, strive for full intellectual and moral engagements, and consider myself bound to support mature and responsible actions within my profession.
  • I will not engage in acts of unfair discrimination based on qualities such as age, citizenship, disability, gender, national origin, race, religion, sexual orientation, veteran status or any other such factor.

Skills, Education and Awareness

  • Regardless of my role within the identity ecosystem, either as an identity architect, developer, third-party assessor, executive, or project manager, I will work to improve the awareness and understanding of the standards and best practices in the identity and access management space.
  • I will maintain and expand my skills and knowledge through a commitment to lifelong learning and continued professional education. 
  • I will maintain and improve my technical competence and to undertake technological tasks for others only if qualified by training or experience, or after full disclosure of pertinent limitations;  
  • I will seek, accept, and offer honest criticism of technical work, acknowledge and correct errors, and properly credit the contributions of others.


Please see the Resources Page for more information on background.

Code of Conduct Group Notes

Meeting Notes 2017-01-17


  1. Discuss and reconcile any comments on the draft Code of Conduct for Digital Identity Professionals


  • Scott Shorter
  • Heather Flanagan
  • Megan Cannon


  1. We note that no additional comments have been submitted to the list, nor has anyone joined to discuss the draft.  
  2. We consider the subgroup's task complete, Scott will notify Colin, Ian and Andrew that the draft is complete, and remove the "draft" from the title.
  3. The group will meet once more in two weeks to resolve any further comments or work created by finalizing.

Meeting Notes 2017-01-03

Next steps: send out an email to the list asking for review and comments by 1/13, with an aim to finalize by 1/17.

Meeting Notes 2016-12-13


  1. Review the draft in light of the comments on the discussion list.
  2. Questions about the code of conduct raised on the list:
    1. Will the envisioned organization be providing training on what it means to achieve the objectives in the code? (A: seems to be an emerging consensus towards yes)
    2. Are there any responsibilities to maintain compliance metrics such as David C's experience with the Athena Swan award process? (A: haven't heard anyone say yes to this)
    3. Have we considered the CISSP / ISC2 Code of Ethics?  (A: at least one reviewer has)
  3. Suggestions to the code of conduct from the list
    1. Be more vague about the completeness of enumerated lists.
    2. Be more explicit about "do no harm"
      1. Q: What does harm mean?


  • Scott Shorter
  • Megan Cannon
  • Heather Flanagan
  • Colin Wallis


Discussion of how to update it. Move to wiki, move to github and if there's proposed changes, issues.

With regard to the question of harm - cite common definitions, allow for industry specific interpretations.


Meeting Notes 2016-11-29


Scott Shorter

Shannon Taylor

Heather Flanagan

Colin Wallis


Heather  provided a link to code of conduct for civil society.

Emphasize that the code of conduct applies to individuals, not applicable to organizations. To that end, there are other organizations that can inform us on similar individual focused codes.

Ex: in addition to the obvious (Don't lie cheat steal), responsible for making awareness of privacy issues part of what you do.


RSA is 2017-02-14

Heather will develop a draft by 2016-12-06, the draft will be developed here (you will need to request access to view the google doc).

The group will discuss the draft on meetings from 2016-12-06 until 2017-01-03, and offer the the rest of the DG to review until 2017-01-31.

Colin will reach out to Giles to inquire about code of conduct.

Next meeting will be same time next week - 2016-12-06 2pm ET.

Meeting Notes 2016-12-06 2pm ET

GoToMeeting URL:


Review the draft Code of Conduct for Digital Identity Professionals

Check with Colin about IAPP follow up


Scott Shorter

Shannon Taylor


Shannon suggests that the code of conduct should speak to vendor relationships.  Vendors could have a code of conduct if they have a relationship with the identity professional organization.

Scott mentions possibly modifying final pledge to capture that we are educating others as well as ourselves.

Scott will send an email to Colin about the status of his inquiry to Giles about IAPP CoC.

Scott makes a notes to add veteran status and citizenship to the list of nondiscriminatory attributes.



  • No labels