Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo


Unsupported browser: Your browser does not meet modern web standards. See how it scores »

{ action.text }

Kaliya Hamlin, an independent industry expert who is the producer of the Internet Identity Workshop, an industry forum for developing and discussing identity management technologies, says the draft document does a good job of identifying several key problems with online identity today. For example, it discusses at some length the usability problems of current systems, such as the need for “secret questions” such as mother’s maiden name that ultimately compromise security. Hamlin adds that many of the scenarios described in the document can be addressed with existing standards, as the plan suggests. For example, a standard called information cards could handle the case of the online pharmacy. Information cards are a standard for digital identity data managed on software installed on a PC. They are designed to confirm particular attributes of a user without revealing further specifics.

Hamlin plans to organize an identity strategy workshop in September in Washington, DC, where industry experts will be able to discuss the government’s proposals.

Paul Nicholas, director of global security strategy and diplomacy for Microsoft’s trustworthy computing group, said in a statement that the draft “represents significant progress to help improve the ability to identify and authenticate the organizations, individuals, and underlying infrastructure involved in an online transaction.”

However, some experts worry that it will be hard to communicate and achieve the vision outlined in the draft. “I just see complications in terms of mainstream adoption and pushing this out to everyday use,” says Fred Stutzman, cofounder of a social Web identity management system called ClaimID. Though he believes there are good technologies out there for solving identity management problems, he also foresees trouble making them easy enough to use.

Hamlin says that in its current form, the draft is accessible to industry insiders, but its message is not reaching the general public. The draft as it stands is vague, she says, and needs to communicate a clearer sense of how government involvement could help.

Hamlin is encouraged by suggestions in the draft that the government could enact laws that would set standards for identity management systems and liability rules for companies offering authentication services. As it stands, identification methods are often stretched beyond the purpose for which they were intended, leaving companies reluctant to develop systems and interconnect with other identity systems. The Department of Homeland Security is taking comments on the draft through July 19. The U.S. government plans to finalize the draft in the fall.

6 comments. Share your thoughts »

Credit: Technology Review

Tagged: Web, passwords, OAuth, online identity, U.S. government

Reprints and Permissions | Send feedback to the editor

From the Archives


Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me