Article Image
IPFS News Link • Surveillance

Identity Ecosystem? The Outline For Obama's "Trusted Identity" Plan

So there you have it: a broad, cross-platform proposal that clearly gets wireless ISPs heavily involved in creating and validating identities. The draft National Strategy outlines various key players and things in the Ecosystem. The Individual—to be issued digital identities to complete transactions. The Non-Person Entity (NPE)—such as organizations and services who would require authentication. The Identity Provider—who is responsible for the processes involved in enrolling subjects (individuals and NPEs) in the system. The Attribute Provider—who oversees the processes involved in creating, validating, and keeping up the attributes associated with identities, such as age. The Relying Party—who makes transaction decisions based on the receipt of a subject's credentials. The Trustmark—some kind of image, logo, badge, or seal that authenticates participation in the Identity Ecosystem. "To maintain trustmark integrity," the report explains, "the trustmark itself must be resistant to tampering and forgery; participants should be able to both visually and electronically validate its authenticity." And finally, the Governance Authority, which oversees and maintains the Ecosystem Framework. Getting there The government sees itself bringing this ecosystem into existence via a series of stages—quite a few of them, in fact. First, Washington will designate a Federal agency to do the work, which seems to be the Department of Commerce right now. Second, the agency will coordinate initial private sector support for the plan. Third, the government will create pilot Ecosystem programs involving Federal service providers. Fourth, the test departments will integrate their own statutorily required Fair Information Practice Principles (yes, FIPPs) into the project. These FIPPs require agencies to be clear and transparent about how they use public data. The government wants to expand the concept to the private sector as well. Fifth, participants will build privacy and interoperability standards into the process (maybe this phase should come earlier?).