(Check with Bret Fausett about Mahi De Silva's presentation, also going on now.) With David Temoshok and Phil Windley, aka Phil Windley. Premise: governments are in the business of identity management. Phil's discussing the functions of a driver's license: identifies you, authenticates you, authorizes you to drive and may impose conditions on that. Digital signatures, the UETA, digital certificates. Government has abdicated its responsibility in the issuance of digital signatures. Rights issues, privacy issues. You interact with government in a couple of ways: in a recurring manner (renewals, taxes), or you have a life event, like you're moving to a new state. Would be nice if there were a system with one site, one form, one payment to take care of all the new government requirements. Need portable identity information for this to work. Utah, for example, keeps names in over 200 separate databases. Tension between privacy and quick, effective interactions with government. Other problems: governments don't realize they're in the identity business, have abdicated the responsibility for identity issues. Big problem is technology can't solve the real identity problems; you need policymakers to solve these problems, but in reality legislators have no specialized training, get lots of information from lobbyists. Citizens need to pay attention to educating legislators about these issues. If citizens aren't involved, the "black helicopter crowd" will make these decisions. David's now speaking to what the federal government is doing about authentication. Expanded electronic gov't is on the President's management agenda. Initiatives in process, Mark Foreman, Quicksilver. All involve government business processes requiring identification. Irony: the digital signature law was wet-signed..."Changing culture is a big deal, and that's really what we're up against." Building for interoperability, "the authentication gateway." Functionality that sits behind a general gov't portal. Need ability to determine the trustworthiness of credential providers and the credentials they issue. One way to do this is public key encryption/infrastructure (PKI). Gov't needs to be setting standards for accredidation. Would like this to be meaningful not just to the federal government, but to other governments and industry, higher education. Federal gov't has built separate PKI domains; federal bridge certification authority enables easy transactions and interoperability across those domains. David's phone, 202.208.7655, email david.temoshok@gsa.gov, referenced sites: http://cio.gov/eauthentication; http://cio.gov/fpkisc; http://egov.gov.