The National Strategy for Trusted Identities in Cyberspace report has been released and the group is calling for definition and promotion of an “Identity Ecosystem.”
“The Identity Ecosystem is an online environment where individuals, organizations, services, and devices can trust each other because authoritative sources establish and authenticate their digital identities,” the report states.
This report comes out of President Obama’s cyberspace review which showed that there are a variety of security concerns online. This report aims to put in place measures that will help better secure the Internet and online identities.
The identity ecosystem would create a system where a user can provide a high assurance of their identity while conducting a bank transaction or checking a health record while at the same time provide anonymity when visiting a news site or reading a blog.
The report also calls for an interoperable solution that would be voluntary. And while no specific technology is called for in the report there are references to smart cards, USB key fobs, mobile phones, software certificates and trusted computing modules. Biometrics aren’t mentioned in the report.
There were also references to some existing government identification projects, including HSPD-12 and Federal Identity, Credential, and Access Management (FICAM). Both are used as examples of how any new identity ecosystem should align with existing federal projects.
The report also includes small case studies that give details on how one of these new credentials could be used. They include:
“An individual voluntarily requests a smart identity card from her home state. The individual chooses to use the card to authenticate herself for a variety of online services, including:
- Credit card purchases,
- Online banking,
- Accessing electronic health care records,
- Securely accessing her personal laptop computer,
- Anonymously posting blog entries, and
- Logging onto Internet email services using a pseudonym.”
“An individual learns of a new and more secure way to access online services using a strong credential provided by a trustworthy service provider. He learns that his cell phone carrier, bank, and local governments will all be offering credentials that will work with his personal computer. Upon further research, he also discovers that his email provider, social networking site, health care provider, and local utility companies accept the strong credential. He reflects upon his choices and selects the credential provider that provides him with the most personal convenience.”
The government is adopting a Web 2.0 strategy to receive comments on the report as well. People can leave comments that can be viewed at the NSTIC Web site.
SecureIDNews will be posting more coverage of this report in the coming weeks.