Jens Haeusser likens a virtual ID card to your physical driver’s licence with features to protect privacy - photo by John Chong
UBC Reports | Vol. 54 | No. 1 | Jan. 3, 2008
NBT: Going Beyond Passwords, to Virtual Identities
By Jens Haeusser
Director, Strategy, UBC Information Technology
Using the Internet today can be a frustrating experience. It seems like every other website you visit requires you to create another account, picking yet another username and password, and disclosing a wide range of personal information. What if there was a better way? What if you could use a wide range of online services more securely, with much greater control over your privacy? A team of technologists from around the world, including IT staff here at UBC, is hard at work to make this vision a reality.
UBC IT is part of a wide range of organizations and individuals exploring new user-centric technologies, including OpenID (http://openid.net) and Information Cards (http://en.wikipedia.org/wiki/Information_Card). As a member of the BC Identity Management Forum, chaired by the Office of the Chief Information Officer (CIO) of BC (http://www.cio.gov.bc.ca/idm), UBC has helped create a new identity management architecture for the province that puts the needs of the citizens of B.C. first, and does its utmost to help protect their privacy and personal information. This new architecture will enable the creation of virtual ID cards that can be used to access a wide range of online services. Like the signature on your driver’s license, virtual IDs can contain a digital signature used to verify who is using that ID in a more secure way than a simple username and password.
Like your physical driver’s license, you will be in full control of your virtual ID cards. Just like you choose when to show your driver’s license to prove your physical identity today, you will be able choose where and when to show your virtual ID. And just as the government doesn’t know when you show your driver’s license during a physical transaction, they won’t know where or why you choose to show your virtual ID card either. This end-user control, combined with the secure digital signature on the virtual ID, will greatly enhance the security and privacy of online transactions. Indeed, the Ontario privacy commissioner has recently come out in favour of using information cards, since they have several key security and privacy advantages over today’s password based systems.
One of the important aspects of these virtual ID cards is what they are not. This is not an attempt by the provincial government to collect a whole bunch of information into one giant central database. Today, your wallet holds a wide range of cards, from your driver’s license to your credit card to your video store membership. Tomorrow, your digital wallet will be able to hold a wide range of virtual IDs, from a card from the province of B.C. that you can use to prove your name or your age, to one from UBC that proves that you are a registered student.
In the end, what does all of this complicated identity management technology mean for the average online user? Coming soon to a computer near you, user-centric technologies such as virtual ID Cards will move us beyond passwords, to a more secure online world where end-users are in direct control of where, when, and why they choose to release their personal information.