Government online, also referred to as e-government, refers to the electronic delivery of government services to citizens, particularly over the Internet. In the past five years, many governments have established an online presence by providing information and non-personalized electronic services via Web portals. The current government online priorities are personalized electronic service delivery and electronic data sharing between government departments. These objectives require:

• A scalable solution for online user authentication that (1) gives users a single sign-on experience, (2) is secure against attacks such as man-in-the-middle phishing, and (3) can prevent users from transferring their identity credentials.
• A scalable solution for the secure cross-domain sharing of identity-related information that gives data subjects partial control over the release of information about them (e.g., consent, ability to object, ability to correct wrong information, and so on).

Today’s enterprise identity management solutions (whether centralized or federated) do not meet these requirements:

• Legislative privacy provisions, policy instruments, and citizen concerns guide governments away from the adoption of unique identifiers for citizens. Federated identity management is not the answer, because it relies on central parties (called identity providers) that can link all of a user’s identifiers, in effect creating the equivalent of a national identifier.
• With today’s enterprise solutions, whether centralized or federated, users cannot present identity attributes that cannot be traced back to their identity; any identity-related information that is shared across domains can readily be associated with the identity of its data subject. Data protection legislation considers such information to be “personal information” and greatly restricts the right to share it across domains.
• The identity providers in federated identity solutions house the capability to electronically trace, profile, impersonate, and falsely deny access to any user, and in real time at that. These capabilities can be misused not only by insiders but also by hackers and viruses; this is highly problematic for users as well as for government departments.
• Standard enterprise identity management solutions, whether centralized or federated, do not prevent users from lending or selling (copies of) their electronic authentication credentials. In the context of government online, this enables users to obtain new credentials that they are not entitled to. Relying on tamper-resistant smart cards or Trusted Computing chips would create additional privacy-invasive powers.
• Centralized and federated identity management solutions require central parties to be present in each and every online session between a government department and a user; this does not scale well for the population sizes that governments must accommodate.

The U-Prove™ technology enables government to meet seemingly conflicting security, scalability, and privacy requirements.