Senior Executive Advisor for Identity Management
National Institute of Standards and Technology
The National Strategy for Trusted Identities in Cyberspace describes a vision of the future—an Identity Ecosystem—where individuals, businesses, and other organizations enjoy greater trust and security as they conduct sensitive transactions online. The Identity Ecosystem is a user-centric online environment, a set of technologies, policies, and agreed upon standards that securely supports transactions ranging from anonymous to fully authenticated and from low to high value.
Key attributes of the Identity Ecosystem include privacy, convenience, efficiency, ease-of-use, security, confidence, innovation, and choice.
Below are brief examples of how the Identity Ecosystem could work. More detailed versions of these and other examples are included in the Strategy.
Faster Online Errands—Mary is tired of memorizing dozens of passwords to conduct her personal online errands. She opts instead to get a smart card issued by her Internet service provider. She inserts the card into her computer and in a matter of minutes, with just clicks of her mouse, she is able to securely conduct business with her bank, mortgage company, and doctor, while also sending an email to her friend and checking her office calendar hosted by her employer.
Age Appropriate Access—Antonio, age 13, loves to visit online chat rooms to talk to other students his age. His parents give him permission to get an identity credential, stored on a keychain fob, from his school. The credential verifies his age so that he can visit chat rooms for adolescents, but it does not reveal his birth date, name, or other information. Nor does it inform the school about his online activities.
Smart Phone Transactions—Parvati does most of her online transactions using her smart phone. She downloads a "digital certificate" from an ID provider that resides as an application on her phone. Used with a single, short PIN or password, the phone's application is used to prove her identity. She can do all her sensitive transactions, even pay her taxes, through her smart phone without remembering complex passwords whenever and wherever it is convenient for her.
Efficient and Secure Business Operations—Juan owns a small business and is setting up a new online storefront. Without making large investments, he wants customers to know that his small firm can provide the same safety and privacy for their transactions as sites for larger companies. He agrees to follow the Identity Ecosystem privacy and security requirements, earning a "trustmark" logo for his Web site. To reduce his risk of fraud, he needs to know that his customers' credit cards or other payment mechanisms are valid and where to ship his merchandise. There are a number of different ID providers that can issue credentials that validate this information. Millions of individuals can now use his Web site without having to share extra personal information or even set up accounts with Juan's company. This saves his customers time, increases their confidence, and saves Juan money.
Enhanced Public Safety—Joel is a doctor. A devastating hurricane occurs close to his home. Using his interoperable ID credential embedded in his cell phone and issued by his employer, he logs in to a Web portal maintained by a federal agency. The site tells him that his medical specialty is urgently needed at a triage center nearby. When he arrives, officials at the center use his credential to verify that he is a licensed doctor, and Joel is able to provide medical attention for victims.