[Log In] []

Exploring the science and magic of Identity and Access Management
Tuesday, October 29, 2024

National Strategy For Trusted Identities In Cyberspace – My Take

Identity, Information Security, Privacy
Author: Mark Dixon
Friday, April 29, 2011
5:54 pm
 
When I hear a message that begins, “We’re from the government, and we’re here to help,” I am naturally suspicious.  My political philosophy, based on personal freedom, individual responsibility and natural consequences, is all too often infringed upon by over-reaching, even if well-intentioned, government mandates.  So, when I first learned of the “National Strategy For Trusted Identities In Cyberspace,” I quite naturally envisioned the typical government movement towards stronger control, greater regulation and reduced freedom.
 
However, rather than leave interpretation to others, I actually read the 45-page National Strategy For Trusted Identities In Cyberspace document that was officially released on April 15th.  Based on what I read, this initiative seems more like guidance for a national Interstate Highway system than a mandate for socialized health care.
 
On page 29 of the document, speaking of the goals for this initiative, we read:
These goals will require the active collaboration of all levels of government and the private sector  The private sector will be the primary developer, implementer, owner, and operator of the Identity Ecosystem, which will succeed only if it serves as a platform for innovation in the market. The Federal Government will enable the private sector and will lead by example through the early adoption and provision of Identity Ecosystem services. It will partner with the private sector to develop the Identity Ecosystem, and it will ensure that baseline levels of security, privacy, and interoperability are built into the Identity Ecosystem Framework.
If indeed the Federal Government can act as a catalyst, in cooperation with the private sector, to accelerate progress toward a secure, convenient, easy to to use, interoperable and innovative framework for trusted identities, without exercising control and exploitation over participants, I can strongly support the initiative.
 
However, it is the nature of most people in areas of concentrated power to abuse the power with which they have been entrusted.  This natural tendancy, both in the public and private sector, may lead to unintended bad consequences as a result of this inititiave.  As the Trusted Identities initiative moves forward, we must be vigilant to make sure public or private power is not abused.

That said, I include here some key points from the document.  A user-centric “Identity Ecosystem” is proposed – an online environment where individuals and organizations will be able to trust each other because they follow agreed upon standards to obtain and authenticate their digital identities—and the digital identities of devices. 

The Identity Ecosystem, as envisioned here, will increase the following:
  • Privacy protections for individuals, who will be able trust that their personal data is handled fairly and transparently;
  • Convenience for individuals, who may choose to manage fewer passwords or accounts than they do today;
  • Efficiency for organizations, which will benefit from a reduction in paper-based and account management processes;
  • Ease-of-use, by automating identity solutions whenever possible and basing them on technology that is simple to operate;
  • Security, by making it more difficult for criminals to compromise online transactions;
  • Confidence that digital identities are adequately protected, thereby promoting the use of online services;
  • Innovation, by lowering the risk associated with sensitive services and by enabling service providers to develop or expand their online presence;
  • Choice, as service providers offer individuals different—yet interoperable—identity credentials and media
The Trusted Identity Strategy specifies four Guiding Principles to which the Identity Ecosystem must adhere:
  • Identity solutions will be privacy-enhancing and voluntary 
  • Identity solutions will be secure and resilient
  • Identity solutions will be interoperable
  • Identity solutions will be cost-effective and easy to use
The document spends over 40 pages explaining and exploring these goals and guiding principles.  Many more pages in many more documents will be produced before these objectives are achieved.
 
I look forward to following the progress of this initiative.  If this helps focus attention and resources on resolution of some difficult identity issues we face, it will be a good thing. Let’s work together to make that happen.
 
Comments Off on National Strategy For Trusted Identities In Cyberspace – My Take . Permalink . Trackback URL
 
Copyright © 2005-2016, Mark G. Dixon. All Rights Reserved.
Powered by WordPress.