Trust but verify: Ensuring digital identities

Imagine visiting any government website for the first time and immediately accessing services without having to register. Think of it as an online express lane akin to the airport security gates that allow prescreened travelers to whiz through without taking off their shoes and belts. And imagine the money that agencies providing these accounts could save by eliminating duplicative ID verification systems. Federal officials are pushing to turn this fantasy into online reality.

The Obama Administration has handed the private sector a blueprint for building a network similar to the credit card payment system for secure online transactions. But this network would exchange online identities, the currency of the 21st century. The National Strategy for Trusted Identities in Cyberspace has the support of businesses and even wary public interest groups. But protecting online transactions worldwide is expected to take years of negotiations among Internet companies, governments and individuals "Portions of an identity ecosystem exist today, but it's not quite unified in a way that NSTIC envisions it," says Jeremy Grant, who heads the effort as a senior executive adviser at the National Institute of Standards and Technology. The framework for "federated identity management" should solve several Internet problems by allowing any site to rely on third parties for issuing and verifying a person's digital credentials. Currently, Internet users must create a new account for every service they want to access online, requiring that they deposit personal information all over the place. Sites must shoulder the costs of setting up and maintaining their own independent ID validation systems, and visitors must remember multiple passwords to interact with each agency or business.