BCS, The Chartered Institute for IT has established a Working Group on Identity Assurance on the Internet (IAWG), which aims to foster discussions about the big questions around security, privacy and anonymity on the internet.
Dr Louise Bennett, Chair of BCS Security explains: “There is still a lot of work to do to understand the proportionality between different drivers for security, privacy and anonymity on the internet, including how they pull against each other or overlap.
“Digital Identity is becoming a critical subject for the success and globalisation of the Internet. The key is to define a governance framework that is pragmatic.”
The BCS IAWG has run Workshops at the UN annual Internet Governance Forum (IGF) for the past two years.
Louise continues: “IGF plays a very important part in providing a multi-stakeholder forum for discussions, but we felt that there also needed to be further actions and discussions between the IGF meetings and have therefore set up a Dynamic Coalition for Identity Assurance.”
Speaking at the eID Enabling Business Transactions - a thought leadership seminar 2012, Louise gave delegates an update from BCS’ attendance at the 2012 IGF. She said: “There is a need to improve the management of governance on the internet and identity usage so that in general, privacy is upheld, but where necessary someone can be held accountable for their actions. With more devices becoming networked and people becoming more comfortable using digital channels, the need for reliable means of securing and protecting the identity credentials of individuals is increasing.”
The 2nd annual one day seminar provided an opportunity for delegates to learn about the commercial opportunities eID can enable through secure commercial transactions.
Louise continued: “It is vital to have the right level of identity assurance for the context of a transaction over the internet. Basing identity on a liability model and using a contractual framework would significantly improve the trust in both national and global online commerce. There also needs to be a debate on when authoritative government approved identity credentials (such as those based on passports) provide the appropriate identity model and when an authorisation model based on the attributes associated with multiple low assurance sources (such as those used to gauge an individual’s reputation in on-line auctions) are appropriate.”
In conclusion, Louise summarised: “We should not be looking for a grand scheme, but rather small steps and globally compatible interoperability standards, so that schemes can interoperate effectively. We also need to help people understand the levels of identity assurance they need for different transactions to remain safe on line and minimise the risks of identity theft.”