Most people identify themselves online by juggling a long list of user names and passwords. Most industry experts agree that this approach is hopelessly broken.
A few technologies have been invented to address the problem of online account overload, for example, the open standard OpenID, which lets people use a single credential to log in to multiple sites. Companies are also vying to fill the gap–Facebook, for instance, offers technology that lets people log into other Web sites using their Facebook credentials.
Now the U.S. government is hoping to step in and improve the state of online identity management. In a draft recently posted online, the Department of Homeland Security outlined a possible National Strategy for Trusted Identities in Cyberspace–a document that suggests how the government could facilitate a system for managing identities. The system could be used not only by government sites such as the Internal Revenue Service, but by other websites, including commercial ones.
The draft document does not suggest creating a national ID card or government-mandated Internet identity system. Instead it proposes a way to combine existing online identity technologies to create a simpler, more privacy-conscious identity system, without the government taking control of the whole thing.
The document asserts that an integrated online identity system should be secure, compatible with other online identity systems, privacy-enhancing, and voluntary, as well as cost-effective and easy to use. The draft suggests starting with accounts that users might already have, like those from Google or Facebook. Providers would be certified as reliable and secure. Then users could choose a company or organization to sign up with, and their credentials would be in a standard format that would be widely accepted.
The draft document gives several examples of how a new system might look. For example, it suggests that a user might have an identification technology connected to her cell phone. That system could be used to log onto a government site and access tax services, for example. This would prevent the user from having to create a new password for that site, and it would save the government from having to maintain any of the authentication infrastructure.
Or, the draft suggests, a user might use credentials stored on his computer to log into an online pharmacy. In this case, the information would confirm that he was over 18 and that his prescription was legitimate, but it wouldn’t hand over any additional information.