White House Outlines Online Identity Strategy

Brian Prince eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved,

The US government has set out plans to strengthen authentication and identity verification on the web

In an effort to the make the web a safe place, the White House has published a draft of a strategy designed to make the concept of trusted identities and authentication more of a reality in the digital world.

In a 39-page document (PDF) entitled the “National Strategy for Trusted Identities in Cyberspace” (NSTIC), the White House promotes what it calls the Identity Ecosystem, an interoperable environment where individuals, organisations and devices can “trust each other because authoritative sources establish and authenticate their digital identities.”

Three Layers

The ecosystem will consist of three main layers – a governance layer that establishes the rules of the environment; a management layer that applies and enforces the rules of the ecosystem; and the execution layer that conducts transactions in accordance with the rules.

“The Federal government, in collaboration with individuals, businesses, non-profits, advocacy groups, associations, and other governments, must lead the way to improve how identities are trusted and used in cyberspace,” the document reads. “Ongoing collaboration between private and public sectors has already resulted in significant gains towards establishing Identity Ecosystem components. However, much more remains to be done.”

According to national Cyber Security Coordinator Howard Schmidt, the document was created in response to President Obama’s Cyberspace Policy Review issued last May. Individuals should no longer have to remember an “ever-expanding and potentially insecure list of usernames and passwords to log in into various online services,” he blogged.

User Choice

Through the strategy we seek to enable a future where individuals can voluntarily choose to obtain a secure, interoperable and privacy-enhancing credential (e.g., a smart identity card, a digital certificate on their cell phone, etc.) from a variety of service providers – both public and private – to authenticate themselves online for different types of transactions (e.g., online banking, accessing electronic health records, sending email, etc.),” Schmidt wrote.

The US Department of Homeland Security will be collecting comments from the public on the document until 19 July. The NSTIC is expected to be finalised in the fall, Schmidt blogged.