Managing 'User-Centric' Authentication
User-centric, federated identity systems have the potential to improve the security and privacy of authentication and services, but if improperly designed, the systems can negatively impact users and become a burden, according to a new report from the Center for Democracy and Technology. The paper by CDT policy analyst Heather West comes as the U.S. government begins a series of pilot programs through the Center for Information Technology, the National Institutes of Health, and the Department of Health and Human Services that will use third-party user credentials to authenticate users of federal Web sites.
The term "user-centric identity" refers to systems where users, rather than service providers, control their identity credentials, CDT said in a Monday press release. A similar concept in the offline world would be using various forms of identification for whichever transaction one chooses. The white paper discusses key components of a user-generated identity system (such as trust frameworks, users and identity providers) as well as the benefits and liabilities of federated identity management. A copy of the CDT document can be found here (PDF).
Join the Discussion
The National Journal Group has the right (but not the obligation) to monitor the comments and to remove any materials it deems inappropriate.
Comments powered by Disqus