Crossroads Blog | Institute National Security and Counterterrorism

Identity Management

Will A Standardized System For Verifying Web Identity Ever Catch On? CNN

On Feb. 15th, 2012, Mark Milian reported for CNN on web identity management.  Noting the weakness inherent to passwords, Milian mentioned one of our favorite identity management proposals: NSTIC (National Strategy for Trusted Indentities in Cyberspace). 

Again, the idea behind NSTIC is that people can choose an entity (perhaps a company like Google, or Paypal) that handles their identity credentials.  You would no longer log-in to websites using a password; rather, you would rely on these identity credential providers to provide you with a much safer way of proving digital identity.  The aim is to create a more secure "identity ecosystem" for online transactions.

The Obama administration introduced the NSTIC initiative in the spring of 2011, and this blog has followed it pretty closely.  However, you might have noticed a slowdown in NSTIC news.  According to the CNN article, there's a good reason why: "[NSTIC] seems to be moving at the speed of Washington, not Silicon Valley. Almost a year later, there's no consensus among Web companies and government about what exactly this should look like and when we should expect to see it."

Of course, some websites have already embraced a similar concept to NSTIC.  You've probably noticed that you can log into certain websites (without registering) using your Gmail account.  I can log into this blogging service using my Facebook account.  NSTIC is a similar idea, just on a much broader scale.  However, the article explained that Apple, Google, Amazon, and Facebook (the internet's big boys) still don't follow this model.  Why the hesitancy?  The CNN article cited Don Thibeau, the executive chairman for the OpenID foundation, who said that companies see their different platforms as a competitive advantage. 

Moreover, there's been some public pushback against NSTIC.  Some people have been spooked by the idea of a government driven "online driver's license" and the associated privacy concerns.  Some people have questioned the program's feasibility; getting every internet user to sign up for identity credentials could be "the work of herding cats." 

The CNN article cited Jeremy Grant, senior executive at the National Institute of Standards and Technology (the people now running the NSTIC pilot) as saying that in order to allay these concerns, NSTIC must keep Internet anonymity intact and be driven by private companies.  

Most importantly, NSTIC has been on funding life-support.  The proposal survived a recent round of budget-cutting, and is looking to enter into a pilot program phase.  However, NSTIC's future remains uncertain.  

According to the article, NSTIC pilot programs should begin this summer.  At that point, we'll get a better idea what the identity ecosystem might look like.

You can find the CNN source article here.

***

For more on the NSTIC pilot programs, check out this FierceGovernmentIT article by Molly Bernhart Walker . . .

Leave a Reply

Bitnami