U.S. Outlines Security Strategy for Online Identity

In a new document, the White House has outlined its plan for strengthening authentication and identity verification on the Web.

The White House has published a draft of a strategy designed to make the concept of trusted identities and authentication more of a reality in the digital world.

In a 39-page document (PDF) entitled the "National Strategy for Trusted Identities in Cyberspace" (NSTIC), the White House promotes what it calls the Identity Ecosystem, an interoperable environment where individuals, organizations and devices can "trust each other because authoritative sources establish and authenticate their digital identities."

The ecosystem will consist of three main layers - a governance layer that establishes the rules of the environment; a management layer that applies and enforces the rules of the ecosystem; and the execution layer that conducts transactions in accordance with the rules.

"The Federal government, in collaboration with individuals, businesses, non-profits, advocacy groups, associations, and other governments, must lead the way to improve how identities are trusted and used in cyberspace," the document reads. "Ongoing collaboration between private and public sectors has already resulted in significant gains towards establishing Identity Ecosystem components. However, much more remains to be done."

According to national Cyber Security Coordinator Howard Schmidt, the document was created in response to President Obama's Cyberspace Policy Review issued last May. Individuals should no longer have to remember an "ever-expanding and potentially insecure list of usernames and passwords to log in into various online services," he blogged.

"Through the strategy we seek to enable a future where individuals can voluntarily choose to obtain a secure, interoperable and privacy-enhancing credential (e.g., a smart identity card, a digital certificate on their cell phone, etc.) from a variety of service providers - both public and private - to authenticate themselves online for different types of transactions (e.g., online banking, accessing electronic health records, sending email, etc.)," Schmidt wrote.

The U.S. Department of Homeland Security will be collecting comments from the public on the document until July 19. The NSTIC is expected to be finalized in the fall, Schmidt blogged.