Cisco Logo


Security

On June 25, the US Government released the National Strategy for Trusted Identities in Cyberspace (NSTIC, pronounced “N-stick”) for public review and comment. NSTIC is a recognition of the need for a secure identity infrastructure to address the current fraud on the Internet, and the need to support additional applications that are not well supported by current identity systems.

While in many countries it is natural to think of the Government as the manager for one’s online identity, this makes many Americans, and indeed the US Government, very uncomfortable. NSTIC addresses this concern through an Identity Ecosystem, an accredited community of Identity Providers supporting authentication and Attribute Providers providing trustable information about users. The concept is to provide users with freedom of choice on what identity provider(s) to trust with their authentication credentials, and what attribute providers should be trusted to provide reliable information about the user.

The NSTIC comments website currently has about 300 feedback and idea items about the draft, with votes and comments on many of these ideas. It appears from many of the comments and from some press coverage that there are some misconceptions about NSTIC and what it is trying to do. Here are a few of them:

Of course, there are a number of unanswered questions and issues that remain in this draft document. Here are a few that should be addressed:

 

 

It is important that NSTIC remain focused on issues that can have a direct effect on trusted identity. Three technologies mentioned in the strategy, DNSSEC, BGPSEC, and IPSEC, fall outside that category. The Strategy should not specify particular technologies, regardless of their merits. In the short term, enabling trusted identity should not be dependent on the Internet upgrading en masse. In the long term, coupling trusted identity to specific technologies could inhibit adoption of new and better technologies and processes.

Overall, it’s very good news to see that the Government recognizes the problems we are having with managing identities online. NSTIC is a great start, and having a public discourse on its merits is important for a subject that affects people as personally as identity management. Read the draft strategy thoughtfully and provide feedback and ideas; public input is solicited through July 19.

Comments Are Closed

  1. Return to Countries/Regions
  2. Return to Home
  1. All Security
  2. Return to Home