HOT TOPICS >> Cloud computing | Cybersecurity | Gov 2.0 | Fiscal 2012 | Mobile | Transparency | GAO reports
AGENCY NEWS >> Defense | NASA | Homeland Security | NIST | OMB | Veterans Affairs | NARA | GSA
Latest News
Media Partner
Free Newsletter
FierceGovernmentIT tracks the latest technological developments in the U.S. government. Join more than 17,000 federal/state decision makers and IT executives who get FierceGovernmentIT via email. Sign up today!
About | View Sample | Privacy
Whitepapers
- Innovative Solutions for Database and DBA Management
- Storage Consolidation: Best of Both Worlds
- The Top 4 Reasons Your Telecom Expense Management Provider Shouldn't Manage Your Wireless
- End-of-life solution management for mobile devices reduces MNCs' security, compliance and sustainability risks
- The Data Center in Your Future
- Virtual Game Changer
White House releases draft authenticated Internet identity plan
The White House revealed June 25 a draft strategy for creating a voluntarily authenticated online identity for Internet users and organizations.
The "National Strategy for Trusted Identities in Cyberspace" proposes a system under which identity-certified individuals wishing to conduct online transactions with identity-certified organizations, submit an interoperable, standards-based credential before proceeding with the transaction. Members of the public would utilize it while conducting online banking or even just sending an email, states White House cyber czar Howard Schmidt in a blog post announcing the strategy.
The credential could come in the form of a smart card, a cell phone, a downloaded software certificate, USB device or security chip embedded into computers.
Through the credential, online organizations (called a "relying party" in the plan) could verify two categories of information: An individual's identity, from a public- or private- sector identity provider, and information about that individual (called "attributes" in the plan) from an organization that can verify individual characteristics, such as age. The plan gives a loose idea in a diagram.
Relying parties would verify the end user's identity and attributes directly with the identity and attribute providers once they've read the end user's credential. "The user can also provide all validations directly to the relying party through the mediation of privacy enhancing technology," the draft strategy adds.
The draft plan says the system will enhance online privacy since relying parties could request to verify only relevant attributes. Transactions could still be anonymous to the extent that relying parties accept a strong credential that nevertheless does not uniquely identify individuals to them, the draft plan states.
The system would contain policies and standards would minimize the linkage of individuals' credential use among and between service providers, the plan states. Unclear from the plan is what kind of logs identity and authentication providers would retain of verification requests made through individuals' online activity. The plan states that providers should limit their retention of data "to the period necessary for the provision of services...except as otherwise required by law."
Also unclear from the plan is how the identity and authentication providers would verify that individuals are indeed who they say they are and that their attributes are correct.
An authenticated online identity is necessary to reduce online fraud and identity theft and also increase the ease of online transactions, the plan states.
"The role of government is to address the safety and economic needs of its people," the plan states. The federal government will become an early adopter of the identity technology and possibly encourage its spread through tax credits or breaks, grant programs, loans to first adopters and "cybersecurity insurance."
The draft plans call for selection of a lead agency responsible for driving the plan forward; Schmidt, in his blog post, says that the Homeland Security Department has already been "a key partner in the development of the strategy" and the draft plan is hosed on a DHS website.
The White House is accepting public comment on the draft strategy through July 19. The plan is slated for final form this fall.
For more:
- see the execution layer diagram
- read the draft "National Strategy for Trusted Identities in Cyberspace" (.pdf) and Schmidt's blog post
- comment on its contents or rate other people's comments
Related Articles:
White House preparing national Internet identity authentication plan
OMB gives DHS new powers under revised FISMA guidance
Obama declassifies parts of cybersecurity plan
SHARE WITH:
Home
| Subscribe | Advertise | Mobile Edition | RSS |
Privacy
| Site Map
| EditorsTHE FIERCEMARKETS NETWORKFierceEnergy | FierceSmartGrid | FierceFinance | FierceFinanceIT | FierceComplianceIT | FierceHealthcare | FierceHealthFinance | FierceHealthIT | Hospital Impact | FierceMobileHealthcare | FierceHealthPayer | FiercePracticeManagement | FierceEMR | FierceCIO | FierceCIO:TechWatch | FierceContentManagement | FierceMobileIT | FierceGovernmentIT | FierceGovernment | FierceHomelandSecurity | FierceBiotech | FierceBiotech Research | FiercePharma | FierceVaccines | FierceBiotechIT | FiercePharma Manufacturing | FierceMedicalDevices | FierceDrugDelivery | FierceIPTV | FierceOnlineVideo | FierceTelecom | FierceEnterpriseCommunications | FierceBroadbandWireless | FierceDeveloper | FierceMobileContent | FierceWireless | FierceWireless:Europe | FierceCable© 2011 FierceMarkets. All rights reserved. |
 |
