nymwars and All your real names are belong to US

I’ve been following the nymwars with interest from both a personal and professional perspective. Check out the following to gain an appreciation of the ongoing conversation:

• http://www.scoop.it/t/plusgate
• http://my.nameis.me/
• Google+ Can Be A Social Network Or The Name Police - Not Both
• Google+ and The Trouble With Tribbles
• http://www.identitywoman.net/

In recent days, I have been amused to note that there has been an attempt in some quarters to link the Google+ policy around real names to US Government initiatives such as the National Strategy for Trusted Identities in Cyberspace (NSTIC) program and/or the Federal Identity, Credential and Access Management (FICAM) program (which among other aspects is the US Government’s internal implementation of the NSTIC vision).

Thought I would take a quick moment to point out support for anonymity and pseudonyms in both those programs.

NSTIC

“[…] will protect individuals’ capacity to engage anonymously in cyberspace. Universal adoption of the FIPPs in the envisioned Identity Ecosystem will enable a variety of transactions, including anonymous, anonymous with validated attributes, pseudonymous, and uniquely identified–while providing robust privacy protections that promote usability and trust”

FICAM

To understand the techno-speak, know that a credential that you have (i.e. a userid/password, one-time-password key-fob, smart card, etc) can be assigned an “assurance” level on a scale of 1 to 4. This is based on (1) the degree of confidence in the vetting process used to establish the identity of the individual to whom the credential was issued, and (2) the degree of confidence that the individual who uses the credential is the individual to whom the credential was issued. This number is known as the Level of Assurance (LOA) of the credential.

For Level of Assurance (LOA) 1 credentials (userid/passwords, OpenID etc.), there is no requirement to use a real name.

For Level of Assurance (LOA) 2 credentials there is explicit support for pseudonyms: “The name associated with the Subscriber may be pseudonymous but the RA or Identity Provider shall know the actual identity of the Subscriber.”

BTW, I really am not expecting to change opinions using facts, but thought I would throw the pointers out there for folks who do want to fact-check on their own.