National Strategy for Trusted Identities in Cyberspace (NSTIC) | is it for real?
This is a game changer if the US Commerce Department can pull it off. (ht James Van Dyke at Javelin)
For example, once the system is in place, Google would be able to join a trusted framework that has adopted the rules and guidelines established by the Commerce Department. From that point, someone who logged into a Google e-mail account would be able to conduct other business including banking or shopping with other members of the group without having to provide additional information or verification.
This means that users of participating systems (Verizon Communications Inc., Google Inc., PayPal Inc., Symantec Corp. and AT&T Inc.) would log in once, and have access to all the systems.This provides ease of use and within a trusted environment with one password to remember. If we expand that to online banking and other ecommerce providers, then we may have something.
The system is called National Strategy for Trusted Identities in Cyberspace (NSTIC).
Now that we know this much, I thought I would research a bit. The original information came from the White House blog last June. That post had a link that is now dead. The cached version of what the link pointed to last December is here. http://webcache.googleusercontent.com/search?q=cache:http://www.nstic.ideascale.com/
ideascale.com? No disrespect but with mention of Homeland Security, and a national economic game changer – from an unknown (to me) web 2.0 company? A link from the White House web site to a link that does not work? This has politics and ‘bill of goods’ written all over it. I get the concepts of OpenID and OpenAuth. The descriptions of the benefits sound like implementation of those protocols amongst others. I get the concept of a centralised and trusted sponsor of those protocols.
The point of a centralised system of identification has two basic needs:
- users must trust the centralised system provider
- the centralised system must trust the identity of the users before they let them in
Point 1. is much easier to accomplish that point 2. A centralised system of identity verification is literally the keys to the kingdom so these points are essential. They are not impossible to implement but are hard.
I am always suspicious of government involvement in something they probably do not understand (at the senior level) and if political motivation is involved. If government is involved then political motivation is always there. If they can pull this of then I am impressed. We shall see.