On April 15, the White House formally released its National Strategy for Trusted Identities in Cyberspace. As we noted earlier, the “trusted identity” concept is intended to allow the public and private sectors to collaborate in order to raise the level of trust associated with the exposure of the identities of individuals, organizations, networks, services and devices in online transactions:
The goal of NSTIC is to create an “Identity Ecosystem” in which there will be interoperable, secure, and reliable credentials available to consumers who want them. Consumers who want to participate will be able to obtain a single credential–such as a unique piece of software on a smart phone, a smart card, or a token that generates a one-time digital password. Instead of having to remember dozens of passwords, the consumer can use their single credential to log into any website, with more security than passwords alone provide. Since consumers will be able to choose among a diverse market of different providers of credentials, there will be no single, centralized database of information. Consumers can use their credential to prove their identity when they’re carrying out sensitive transactions, like banking, and can stay anonymous when they are not.
The White House document is mostly a vision statement, punctuated by text boxes throughout that urge the reader to “Envision it!” but with no real guidance on how to accomplish it. The document suggests how these frameworks might be built, does not promise to build them. Precisely how this vision statement gets turned into action and results will depend on the reception it receives from the public and private sectors, both within the U.S. and abroad. The NSTIC anticipates that the U.S. will meet its interim benchmarks in 3-5 years, and the long term benchmarks in 10 years. As such, it is unlikely that we will see anything concrete on the front in the near future.