With internet becoming an indispensable component of everyday life, the US today asked for adopting measures for safe and secure online transactions and make web more user centric.
The White House has released draft National Strategy for Trusted Initiatives in Cyberspace that calls for the creation of an online environment, or an Identity Ecosystem.
Under this Identity Ecosystem, individuals and organisations can complete online transactions with confidence, trusting the identities of each other and the identities of the infrastructure that the transaction runs on, said Howard A Schmidt, Cybersecurity Coordinator and Special Assistant to the President.
For example, no longer should individuals have to remember an ever-expanding and potentially insecure list of usernames and passwords to login into various online services, he wrote on the White House blog after the new draft was unveiled.
"Through the strategy we seek to enable a future where individuals can voluntarily choose to obtain a secure, interoperable, and privacy-enhancing credential (e.g., a smart identity card, a digital certificate on their cell phone, etc) from a variety of service providers - both public and private - to authenticate themselves online for different types of transactions (e.g. online banking, accessing electronic health records, sending email, etc.)," he said.
"Another key concept in the strategy is that the Identity Ecosystem is user-centric - that means you, as a user, will be able to have more control of the private information you use to authenticate yourself on-line, and generally will not have to reveal more than is necessary to do so," Schmidt said.
Developed in collaboration with key government agencies, business leaders and privacy advocates, the NSTIC is the latest step in moving US forward in securing its cyberspace, he said.
Designing the Identity Ecosystem, the White House said includes working with industry to develop and identify the standards and policies that govern the identity ecosystem.
It also includes addressing legal issues in the Identity Ecosystem such as defining liability caps for identity providers..
Building the Identity Ecosystem infrastructure includes working with industry and state and local government to deploy strong, interoperable identity solutions.
It also includes reinvigorating government efforts to encourage the deployment of device and object relative authentication protocols such as Domain Name Security (DNSSEC), Internet Protocol Security (IPSEC), and Border Gateway Protocol Security (BGPSEC).
Strengthening privacy protections for end users and increase awareness of risks, includes formally adopting (perhaps through new laws) enhanced privacy protections for individuals in the Identity Ecosystem.
For example, the US is considering requiring identity providers to abide by the Fair Information Practice Principles.
This goal also includes working with the interagency working group that has been established to create a national awareness campaign for cybersecurity and ensure that trusted identities messaging is included in that campaign.
Managing the Identity Ecosystem includes establishing the proper structures within government, including a program office to oversee implementation of the strategy and an industry advisory council, to ensure the long term success of the identity ecosystem.
It also includes enhanced government participation in various international fora, including policy bodies and standards organisations.
