Should feds be in the online ID biz?

Should feds be in the online ID biz?

'It's very much an open question who will provide general-purpose identification' for electronic use.
'NASA CIO DAVID NELSON

Government-issued identification, from driver's licenses to Social Security cards, has become the de facto standard for establishing identity in the paper world.

But there are no similar electronic standards, and the idea of a national ID for checking online identity is controversial.

'The government is not in the ID card business,' NASA deputy CIO David Nelson said. 'Every credential that the government issues is for a government purpose. I think it's very much an open question who will provide general-purpose identification.'

All the same, Nelson said, 'I doubt very much whether the government will ever be willing to turn over that responsibility completely to a nongovernmental entity.'

Nelson was among those debating the government's role in managing online identity at a recent Washington conference sponsored by the Information Technology Association of America and the Center for Strategic and International Studies (CSIS).

Authenticating a user, a computer or an online service is a complex process that requires issuing and managing IDs and creating mechanisms and standards. Large-scale electronic commerce and e-government would require processing IDs from a variety of entities, which multiplies the complexity.

'It seems inevitable that governments are going to come down this path, and they aren't going to know what to do when they get there,' said Craig Mundie, chief technology officer for Microsoft Corp.

Identity bridge

Microsoft has entered the online identity arena with its .Net Passport single sign-in service, and Mundie is co-chairman of a CSIS project developing a model policy for managing online identity.

Meanwhile, the federal government has established the Federal Bridge Certificate Authority, a trust broker through which agencies can accept digital certificates issued by other organizations. NASA, along with several other federal agencies, the state of Illinois and Canada, is seeking federal bridge certification.

Nelson said the legal and policy issues in cross-certification are tougher than the technical challenges. NASA has spent months documenting its certificate policies in preparation for entering the bridge, he said.

'We think that is time well-spent,' he said, because it lays groundwork for broad online identity management.

About the Author

William Jackson is freelance writer and the author of the CyberEye blog.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above