The Bankwatch

Tracking the consumer evolution of financial services

More on the NSTIC but still not enough on the policy for ID verification

More information today on the US NSTIC strategy.  (National Strategy for Trusted Identities in Cyberspace). 

http://www.nist.gov/nstic/

I was sceptical about the initial promise although who cannot appreciate the concept.  There is more

in this doc just released.  The document is all about the benefits of being able to be known anywhere online and reduce passwords down to one password.  Those benefits are easy.  The core question remains as to how identity is proven by the Identity Provider (IDP).  The document says the right things here, but the devil remains in the details of how this will be achieved.  How would I, Colin Henderson, be personally identified and associated with my online ID such that a bank would trust it?

An identity provider (IDP) is responsible for establishing, maintaining, and securing the digital identity associated with that subject These processes include revoking, suspending, and restoring the subject’s digital identity if necessary

The identity provider may also verify the identity of and sign up (enroll) a subject Alternatively, verification and enrollment may be performed by a separate enrolling agent

IDPs issue credentials, the information objects used during a transaction to provide evidence of the subject’s identity The credential may also provide a link to the subject’s authority, roles, rights, privileges, and other attributes

Technorati Tags: ,

Written by Colin Henderson

April 19, 2011 at 00:10

Posted in Uncategorized

2 Responses

Subscribe to comments with RSS.

  1. Thanks for info.. Your Information was very helpful for me.

    Online

    May 27, 2011 at 01:40


Comments are closed.

%d bloggers like this: