In a posting on the White House blog yesterday, Howard Schmidt, the President’s Cybersecurity Coodinator, announced a new proposal to establish a new online environment, the Identity Ecosystem, that would provide a robust method of identifying individuals and organizations on the Internet.
Today, I am pleased to announce the latest step in moving our Nation forward in securing our cyberspace with the release of the draft National Strategy for Trusted Identities in Cyberspace (NSTIC). This first draft of NSTIC was developed in collaboration with key government agencies, business leaders and privacy advocates. What has emerged is a blueprint to reduce cybersecurity vulnerabilities and improve online privacy protections through the use of trusted digital identities.
The idea of creating a uniform identity credential, rather than the current hodge-podge of user IDs and passwords for various Web facilities, is not a new one, of course. Systems such as Microsoft’s more or less abortive Passport system, and projects like OpenID, have many of the same objectives. (They do not, of course, have the government’s imprimatur.) Any endeavor like this has to sort out a very complicated tangle of trust and privacy issues, in addition to getting the security right.
To that end, as Mr. Schmidt says in his announcement, a draft version of the National Strategy for Trusted Identities in Cyberspace has been published; the actual draft document [PDF, 39 pp] can be downloaded here.
(The document is being hosted at the Web site of IdeaScale, an “idea and innovation management” firm. The site has a provision for entering comments, which requires you to register. Unfortunately, I have not yet been able to get the registration process to work. I’ll update this if I learn more.)
As with many security projects, the devil is likely to be in the details. I have a copy of the draft report; the Executive Summary is long on ideals and short on details. I’ll post a follow-up note when I’ve had a chance to read it all.
Update Monday, 28 June, 15:35 EDT
The registration function at the IdeaScale project site seems to have been fixed; I was able to register successfully today.