Identity Ecosystem? Inside Uncle Sam's "trusted identity" plan

On Jan 7, the Department of Commerce and a host of privacy and security experts met at Stanford University to discuss the mapping out of an "Identity Ecosystem" for cyberspace.

No national ID card is being proposed. But judging from the draft blueprint of this concept that the Department of Homeland Security released last year, we are talking about a centralization of various forms of verification. The National Strategy for Trusted Identities in Cyberspace a broad, cross-platform proposal that clearly gets wireless Internet service providers heavily involved in creating and validating identities.

The draft National Strategy outlines various key players and things in the Ecosystem.

• The Individual—to be issued digital identities to complete transactions.
• The Non-Person Entity (NPE)—such as organizations and services who would require authentication.
• The Identity Provider—who is responsible for the processes involved in enrolling subjects (individuals and NPEs) in the system.
• The Attribute Provider—who oversees the processes involved in creating, validating, and keeping up the attributes associated with identities, such as age.
• The Relying Party—who makes transaction decisions based on the receipt of a subject's credentials.
• The Trustmark—some kind of image, logo, badge, or seal that authenticates participation in the Identity Ecosystem. "To maintain trustmark integrity," the report explains, "the trustmark itself must be resistant to tampering and forgery; participants should be able to both visually and electronically validate its authenticity."
• And finally, the Governance Authority, which oversees and maintains the Ecosystem Framework.