CDT Highlights Policy Issues Related to New Identity Management Systems
User-centric federated identity systems have the potential to improve the security and privacy of authentication and services for users, but if improperly designed, these systems can negatively impact users and become a burden instead.
Washington -- CDT released a whitepaper today highlighting policy issues related to responsible user-centric identification systems. The paper comes as the U.S. Government begins launching a series of pilot programs that will use third party user credentials to authenticate users to federal Web sites and discusses possible challenges to be considered as these activities are expanded in order to provide a better user experience.
The term "user-centric identity" refers to systems where users, rather than service providers, control their identity credentials. A similar concept in the offline world would be using various forms of identification for whichever transaction you choose. These new online systems must be designed with privacy and security as the foremost concerns due to the sensitive nature of the information held by the identity provider. The U.S. government recently announced three pilot programs using this identity management method to help improve access to government information while leveraging existing credentials for users.
“User-centric federated identity has great promise to make online interactions easier,” says Heather West, Policy Analyst at CDT and author of the whitepaper. “But questions should be addressed as trust frameworks are created in order to help establish solid relationships online.”
The whitepaper discusses how the key components of a user-generated identity system (such as trust frameworks, users and identity providers) can work in concert to create a successful program. The paper also details the benefits and liabilities in federated identity management.
“User-centric federated identity systems have the potential to improve the security and privacy of authentication and services for users, but if improperly designed, these systems can negatively impact users and become a burden instead,” said West. “CDT looks forward to advising the involved parties on policy matters for this issue in order to ensure that the promise of user centric federated identity is maximized as we move towards broader implementation of these federal government pilot programs.”
A copy of the whitepaper is available here.