[Log In] []

Exploring the science and magic of Identity and Access Management
Friday, November 22, 2024
 

National Strategy for Trusted Identities in Cyberspace

Identity
Author: Mark Dixon
Thursday, July 15, 2010
8:52 am

imageOn June 25, 2010, the US Federal Government released a draft document entitled, “National Strategy for Trusted Identities in Cyberspace.” This document proposes a strategy that:

… defines and promotes an Identity Ecosystem that supports trusted online environments.  The Identity Ecosystem is an online environment where individuals, organizations, services, and devices can trust each other because authoritative sources establish and authenticate their digital identities. 

The Identity Ecosystem enables: 

  1. Security, by making it more difficult for adversaries to compromise online transactions;   
  2. Efficiency based on convenience for individuals who may choose to manage fewer passwords or accounts than they do today, and for the private sector, which stands to benefit from a reduction in paper-based and account management processes; 
  3. Ease-of-use by automating identity solutions whenever possible and basing them on technology that is easy to operate with minimal training;
  4. Confidence that digital identities are adequately protected, thereby increasing the use of the Internet for various types of online transactions; 
  5. Increased privacy for individuals, who rely on their data being handled responsibly and who are routinely informed about those who are collecting their data and the purposes for which it is being used;
  6. Greater choice, as identity credentials and devices are offered by providers using interoperable platforms; and  Opportunities for innovation, as service providers develop or expand the services offered online, particularly those services that are inherently higher in risk;

The strategy proposes four primary goals and nine actions to implement and promote the Identity Ecosystem:

Goals

  1. Develop a comprehensive Identity Ecosystem Framework
  2. Build and implement an interoperable identity infrastructure aligned with the Identity Ecosystem Framework
  3. Enhance confidence and willingness to participate in the Identity Ecosystem
  4. Ensure the long-term success of the Identity Ecosystem

Actions

  1. Designate a Federal Agency to Lead the Public/Private Sector Efforts Associated
    with Achieving the Goals of the Strategy
  2. Develop a Shared, Comprehensive Public/Private Sector Implementation Plan
  3. Accelerate the Expansion of Federal Services, Pilots, and Policies that Align with
    the Identity Ecosystem
  4. Work Among the Public/Private Sectors to Implement Enhanced Privacy
    Protections
  5. Coordinate the Development and Refinement of Risk Models and Interoperability Standards
  6. Address the Liability Concerns of Service Providers and Individuals
  7. Perform Outreach and Awareness Across all Stakeholders 
  8. Continue Collaborating in International Efforts 
  9. Identify Other Means to Drive Adoption of the Identity Ecosystem across the
    Nation

The Strategy Document doesn’t discuss any specific technologies, but rather, addresses the needs and general concepts required for a national Identity Ecosystem.

If you would like to make public comments on the strategy, a good place to visit is this IdeaScale page hosted by the Department of Homeland Security. Reading comments from other parties on that page is quite interesting.

In other areas of Cyberspace, the reactions to this strategy are mixed.  For example, an active proponent is my friend Dazza Greenwood, who encourages everyone to become familiar with the strategy and actively give feedback:

At the other end of the spectrum is a blogger, Arnold Vintner, whom I do not know, who shares a much more pessimistic view. In his post, “Obama Administration Moves to Reduce Online Privacy,” Mr. Vintner opines:

The Obama administration is proposing a new identity management system for the Internet which is calls “Identity Ecosystem.” This new system will replace individually managed usernames and passwords with a taxpayer-funded federally-managed system.

The scheme is outlined in the National Strategy for Trusted Identities in Cyberspace. The planned system will tie together all of your accounts into one national online identity.  This will enable the federal government to easily track all online activity of every American.

The system will start with the federal government requiring the ID’s for use in accessing federal web sites — such as for filing your taxes online.  The federal government will then force businesses to adopt the system, starting with banks and credit card companies and slowly spreading to encompass the entire online environment. Once fully implemented, Internet users will no longer be able to comment anonymously on blogs or web forums, because all online identities will be verified with the U.S. government.

Where do you stand?  I personally like the idea of public dialog on this issue and the call for public and private entities to participate in a solution.  I look forward to giving feedback and tracking progress.

 

2 Responses to “National Strategy for Trusted Identities in Cyberspace”

    Good post, Mark. As you know, we’ve had a regime change in the UK, as a result of which the previous strategy on National ID is being drastically overhauled. In principle, the more public awareness and input there is when a revision like that takes place, the better… so I’d encourage your readers to contribute their views on NSTIC via all the various channels the Obama administration is making available.

    On specifics:Mr Vinter is partly right, but partly wrong I think. He’s wrong in the sense that NSTIC necessarily results in ‘the US Government’ being able to track all of every citizen’s online activity; implementation of NSTIC would not stop anyone from having other electronic identifiers and credentials which do not form part of the NSTIC infrastructure, for instance.

    However, he’s right in the sense that governments have a law-enforcement and intelligence agenda which leads them to want to achieve a joined-up view of individuals when necessary; they also have a service provision agenda which means individuals *may* be better served if their various interactions can be linked. The information management challenge for any government is: how to achieve both those ‘views’ of the same data, while making the first one independent of the citizen’s consent, and ensuring that the citizen’s consent is fundamentally built into the second.

    (Incidentally, I don’t think the most technically advanced commercial bodies have cracked that problem on a mass scale, let alone any government crack it on a national scale…)

    Comment by Robin Wilton on July 15, 2010 at 10:58 am

    Thanks for your comments, Robin. It will be interesting to see where this leads.

    By the way, congratulations on your new role with Gartner/Burton!

    Mark

    Comment by Mark Dixon on July 15, 2010 at 11:27 am

Copyright © 2005-2016, Mark G. Dixon. All Rights Reserved.
Powered by WordPress.