In a new document, the White House has outlined its plan for strengthening authentication and identity verification on the Web.
The White House has published a draft of a strategy designed to
make the concept of trusted identities and authentication
more of a reality in the digital world.
In a 39-page document
entitled the "National Strategy for Trusted Identities in Cyberspace"
(NSTIC), the White House promotes what it calls the Identity
Ecosystem, an interoperable environment where individuals,
organizations and devices can "trust each other because authoritative
sources establish and authenticate their digital identities."
The ecosystem will consist of three main layers - a governance layer
that establishes the rules of the environment; a management layer that
applies and enforces the rules of the ecosystem; and the execution
layer that conducts transactions in accordance with the rules.
"The Federal government
in collaboration with individuals, businesses, non-profits, advocacy
groups, associations, and other governments, must lead the way to
improve how identities are trusted and used in cyberspace
the document reads. "Ongoing collaboration between private and public
sectors has already resulted in significant gains towards establishing
Identity Ecosystem components. However, much more remains to be done."
According to national Cyber Security Coordinator Howard Schmidt, the
document was created in response to President Obama's Cyberspace Policy
Review issued last May. Individuals should no longer have to remember
an "ever-expanding and potentially insecure list of usernames and
passwords to log in into various online services," he blogged.
"Through the strategy
seek to enable a future where individuals can voluntarily choose to
obtain a secure, interoperable and privacy-enhancing credential (e.g.,
a smart identity card, a digital certificate on their cell phone, etc.)
from a variety of service providers - both public and private - to
authenticate themselves online for different types of transactions
(e.g., online banking, accessing electronic health records, sending
email, etc.)," Schmidt wrote.
The U.S. Department of Homeland Security will be collecting comments
from the public on the document until July 19. The NSTIC is expected to
be finalized in the fall, Schmidt blogged.