- Silicon Valley's 19 Coolest Places to Work
- Is Windows 8 Development Worth the Trouble?
- 8 Books Every IT Leader Should Read This Year
- 10 Hot Hadoop Startups to Watch
Network World - Can the Obama administration fix your identity management problems?
Too many passwords and usernames for websites, and what level of assurance is there in the identity of the individual anyway? How can anyone prove their age online? Back in April, when it was announced, the White House took on these tough questions with its "National Strategy for Trusted Identities in Cyberspace" initiative, now known as NSTIC.
Background: NSTIC and the feds HUA problem
The White House pledged to work with industry to establish an "identity ecosystem" of approved processes and technologies to foster some kind of new way to issue digital credentials to end users, whether consumers, business and the federal government.
The idea is to pave the way for a higher level of trust in online communication. As President Obama put it in his opening preface to the NSTIC document, "The potential for fraud and the weakness of privacy protections often leave individuals, businesses and government reluctant to conduct major transactions online. For example, providing patients with access to their medical records from their home computers requires that hospitals be able to confidently identify that patient online." The goal of the NSTIC strategy, he said, is to find something a lot better than "insecure passwords" in order to make "online transactions more trustworthy."
But is NSTIC going to be the next big thing in identity credentialing, or just another idea that comes to naught in a federal bureaucracy caught in the grip of a debt-reduction spiral and the headwinds of a coming political election season?
There's now a National Program Office for NSTIC headed by senior executive adviser Jeremy Grant at the National Institute of Standards and Technology. Workshops have been held, attended by a crowd of vendors, including giants like Verizon and AT&T, and Google participating though the OpenID Foundation's sister organization that was set up, Open Identity Exchange. Other groups with identity-management savvy, including Kantara Initiative, (whose 80 members include CA, Oracle, AOL, the Information Card Foundation, the Boeing Company and the National Notary Association) are making their voice heard. There's expectation that a steering committee will soon be formed by the NSTIC office, and that pilot projects will be funded.
"We want to make it easier for everyone to do business online," says Mark Shapiro, senior strategist in the area of identity and access management at Verizon, about what he sees as the NSTIC's goals, which include setting some kind of standards — it's still uncertain what will happen — for establishing trust in an issued credential. Shapiro says Verizon, which has long-time experience in issuing public-key identity certificates to the government, wants to be part of any "identity ecosystem" that finally takes shape.
"Actual authentication of that person could take multiple forms," Shapiro says. "Say, I hit the Best Buy site and you want to log in, you do it with a Verizon ID," and an array of other checks could come up, perhaps generating a one-time password to a mobile phone that could be entered.