In this age of phishing, hacking, identity fraud, and other forms of cybercrime, answering two simple questions—“Who are you?” and “How can you prove it?”—is becoming a critical requirement for online business activities.
This issue of online identity was elevated to a key priority by the White House in April 2011 when it released its National Strategy for Trusted Identities in Cyberspace (“National Strategy”). Through this document, the administration began the process of tackling the difficult problem of facilitating a trustworthy and interoperable online identity management capability. Various forms of federated identity management, where a third-party identity provider plays a key role, are emerging as a preferred approach. Critical to making it work is the requirement for an appropriate, and typically voluntary, legal framework that will define the rights and responsibilities of the parties, allocate risk, and provide a basis for enforcement.