[Log In] []

Exploring the science and magic of Identity and Access Management
Thursday, October 29, 2020

National Strategy for Trusted Identities in Cyberspace

Identity
Author: Mark Dixon
Thursday, July 15, 2010
8:52 am

imageOn June 25, 2010, the US Federal Government released a draft document entitled, “National Strategy for Trusted Identities in Cyberspace.” This document proposes a strategy that:

… defines and promotes an Identity Ecosystem that supports trusted online environments.  The Identity Ecosystem is an online environment where individuals, organizations, services, and devices can trust each other because authoritative sources establish and authenticate their digital identities. 

The Identity Ecosystem enables: 

  1. Security, by making it more difficult for adversaries to compromise online transactions;   
  2. Efficiency based on convenience for individuals who may choose to manage fewer passwords or accounts than they do today, and for the private sector, which stands to benefit from a reduction in paper-based and account management processes; 
  3. Ease-of-use by automating identity solutions whenever possible and basing them on technology that is easy to operate with minimal training;
  4. Confidence that digital identities are adequately protected, thereby increasing the use of the Internet for various types of online transactions; 
  5. Increased privacy for individuals, who rely on their data being handled responsibly and who are routinely informed about those who are collecting their data and the purposes for which it is being used;
  6. Greater choice, as identity credentials and devices are offered by providers using interoperable platforms; and  Opportunities for innovation, as service providers develop or expand the services offered online, particularly those services that are inherently higher in risk;

The strategy proposes four primary goals and nine actions to implement and promote the Identity Ecosystem:

Goals

  1. Develop a comprehensive Identity Ecosystem Framework
  2. Build and implement an interoperable identity infrastructure aligned with the Identity Ecosystem Framework
  3. Enhance confidence and willingness to participate in the Identity Ecosystem
  4. Ensure the long-term success of the Identity Ecosystem

Actions

  1. Designate a Federal Agency to Lead the Public/Private Sector Efforts Associated
    with Achieving the Goals of the Strategy
  2. Develop a Shared, Comprehensive Public/Private Sector Implementation Plan
  3. Accelerate the Expansion of Federal Services, Pilots, and Policies that Align with
    the Identity Ecosystem
  4. Work Among the Public/Private Sectors to Implement Enhanced Privacy
    Protections
  5. Coordinate the Development and Refinement of Risk Models and Interoperability Standards
  6. Address the Liability Concerns of Service Providers and Individuals
  7. Perform Outreach and Awareness Across all Stakeholders 
  8. Continue Collaborating in International Efforts 
  9. Identify Other Means to Drive Adoption of the Identity Ecosystem across the
    Nation

The Strategy Document doesn’t discuss any specific technologies, but rather, addresses the needs and general concepts required for a national Identity Ecosystem.

If you would like to make public comments on the strategy, a good place to visit is this IdeaScale page hosted by the Department of Homeland Security. Reading comments from other parties on that page is quite interesting.

In other areas of Cyberspace, the reactions to this strategy are mixed.  For example, an active proponent is my friend Dazza Greenwood, who encourages everyone to become familiar with the strategy and actively give feedback:

At the other end of the spectrum is a blogger, Arnold Vintner, whom I do not know, who shares a much more pessimistic view. In his post, “Obama Administration Moves to Reduce Online Privacy,” Mr. Vintner opines:

The Obama administration is proposing a new identity management system for the Internet which is calls “Identity Ecosystem.” This new system will replace individually managed usernames and passwords with a taxpayer-funded federally-managed system.

The scheme is outlined in the National Strategy for Trusted Identities in Cyberspace. The planned system will tie together all of your accounts into one national online identity.  This will enable the federal government to easily track all online activity of every American.

The system will start with the federal government requiring the ID’s for use in accessing federal web sites — such as for filing your taxes online.  The federal government will then force businesses to adopt the system, starting with banks and credit card companies and slowly spreading to encompass the entire online environment. Once fully implemented, Internet users will no longer be able to comment anonymously on blogs or web forums, because all online identities will be verified with the U.S. government.

Where do you stand?  I personally like the idea of public dialog on this issue and the call for public and private entities to participate in a solution.  I look forward to giving feedback and tracking progress.

 
Copyright © 2005-2016, Mark G. Dixon. All Rights Reserved.
Powered by WordPress.