As three federal agencies move forward with a pilot program to ad...

to privacy and security and the types of liability and redress. User-centric federated systems have “great promise,” CDT said, “to make online interactions easier, more secure, and more easily controlled by the user.” But the relationships and responsibilities among the trust framework provider, identity provider, relying party and users must be determined. The decisions that the federal government makes could influence the overall direction of user-centric federated systems, CDT said. An important step in creating a trust framework is developing a set of minimum conditions that each identity provider must meet and how the trust framework will certify and decertify those providers, it said. “If trust framework providers can establish an appropriate set of rules regarding the minimum obligations of identity providers, relying parties and users, there is a large potential to increase the ease with which trust relationships can be formed online,” the group said. The potential is particularly great for single transactions, CDT said. Any set of answers to the policy questions should impose and enforce rules that increase trust, allow flexible evolution of services, be robust against fraud or manipulation and be “adequately open to new participants without eliminating minimum qualifications and rules,” the group said. It said the agencies participating in the pilot are the Center for Information Technology, National Institutes of Health and the Department of Health and Human Services.