Technology Review
A draft strategy would help users manage their identities online.
Most people identify themselves online by juggling a long list of user names and passwords. Most industry experts agree that this approach is hopelessly broken.
A few technologies have been invented to address the problem of online account overload, for example, the open standard OpenID, which lets people use a single credential to log in to multiple sites. Companies are also vying to fill the gap--Facebook, for instance, offers technology that lets people log into other Web sites using their Facebook credentials.
Now the U.S. government is hoping to step in and improve the state of online identity management. In a draft recently posted online, the Department of Homeland Security outlined a possible National Strategy for Trusted Identities in Cyberspace--a document that suggests how the government could facilitate a system for managing identities. The system could be used not only by government sites such as the Internal Revenue Service, but by other websites, including commercial ones.
The draft document does not suggest creating a national ID card or government-mandated Internet identity system. Instead it proposes a way to combine existing online identity technologies to create a simpler, more privacy-conscious identity system, without the government taking control of the whole thing.
The document asserts that an integrated online identity system should be secure, compatible with other online identity systems, privacy-enhancing, and voluntary, as well as cost-effective and easy to use. The draft suggests starting with accounts that users might already have, like those from Google or Facebook. Providers would be certified as reliable and secure. Then users could choose a company or organization to sign up with, and their credentials would be in a standard format that would be widely accepted.
The draft document gives several examples of how a new system might look. For example, it suggests that a user might have an identification technology connected to her cell phone. That system could be used to log onto a government site and access tax services, for example. This would prevent the user from having to create a new password for that site, and it would save the government from having to maintain any of the authentication infrastructure.
Or, the draft suggests, a user might use credentials stored on his computer to log into an online pharmacy. In this case, the information would confirm that he was over 18 and that his prescription was legitimate, but it wouldn't hand over any additional information.
An experimental tool removes the need to hand your credentials over to lots of different websites.
A malicious site can find out what social-networking groups you belong to--and then figure out your identity.
Facebook and Mozilla have contrasting visions for the future of your online identity.
To get it started as its very vague i propose that the authenticate once protocol is done when you login to your computer (os changes required) Which then gives you a code that you can use for that day with a (new technology) copy and paste to your accessed sites. The key is stored on your machine/keyboard... in an unreadble form.
Your computer would be a safe environment, prepared by the flash card checking your os for changes before it boots.
Okay lots of changes are required to our systems...try looking at the nitrd forums for all the things people have given along with Microsofts Chief Technical Officer admissions that they want someone else to do all the work and having a dig at the governments to stay out of programming/system development and stcik to r&d.
Youll see some quite radical proposals from some smart people...and me having a dig at the MS CTO...rofl.
It is high time the Government took up
this matter with every seriousness,more
especially,as human life on planetary Earth,
is fast coming up to be heavily punctuated by
virtualization.
Authority must be genuine and uphold
firmness in its process execution.
Authenticity at every stage of the process
must be uncompromising.
Real database of personal information of
cyber world subscription must be
accurately and securely maintained.
Internet service providers must be
requested to seek customers to henceforth
use real names as identities,as opposed to, fictitious identities, for security
reasons.
Genuine personal information changes caused by
unforseen circumstances must be reported and updated accordingly..
I am and willing to make enormous contributions
that will afford implementation of the new move.
Martin Atayo
(Technologist)
Washington, DC
How about identity for government?
Rather than worry about personal IDs, something useful to solve is identifying government agencies themselves. Ever try to find the contact information for your US or state representatives? The web site for your water district?
The US GPO published US congressional information, but it takes more than 1 year (for a 2 year term) to update information on their web site. How about creating an open index of all elected officials with contact information and the locations of the jurisdictions? Make the index in a computer readable format. It should have been be part of the Help America Vote Act, but they mainly focus on individuals not governments. (Individuals and candidates are required to file electronically, but governments are not.) It can be nearly impossible to find information on who is in an upcoming election, unless you go physically to a governmental agency and ask to see some paperwork.
But I guess this is not "security" so is not of interest.
Re: How about identity for government?
@Carlhage, you have a very fine point there.
I would add that there is no reason we can't have BOTH, the simplified secure electronic ID (which seems to moving toward an OpenID-OAuth implementation) AND the informational directory you describe.
In fact, the latter should be significantly easier to create and maintain. And cheaper too! It is rather remarkable that that sort of information about our elected officials and their associated programs and agencies, merely a basic directory of contact information, is not more readily available in a central location. One can find silos at municipal and state levels, here and there, sometimes, but it isn't easy going.
If this ever gets going, they'll eventually force all business to use it, and goodbye competition.
Not to mention you can give up on any kind of online privacy, and say hello to omniscient Big Brother controlling all aspects of online life.
Manufacturing in the United States is in trouble. That's bad news not just for the country's economy but for the future of innovation.
On Twitter
Become a Fan on Facebook
Subscribe to the Feed
mattgroom
290 Comments
Interesting
It is a great idea for each country to have a separate authenticate once-only system. I do so hate remembering millions of passwords for every site i visit.
I believe they already had a similar system for emails and this just takes it further i presume.
On an additonal note if the database was up-to-date with that persons location you could indeed remove almost all spam and cybercrime. A little tweaking of the models so remote connections maintain an originator information and bang we are rocking.
All these things and more have been proposed in NITRD forums.
Reply