I believe strongly in the need for NSTIC to support pseudonymous identity; that's the reason I have been pushing to separate the issuance and management of credentials from the binding of attributes. Name should be "just another" attribute, just like whether I'm age 13-19, a resident of California, and a Cisco employee. Identity proofing should be associated with the binding of the name attribute to a credential, not the issuance itself. I have been working with NIST to make them aware of that need in their current revision of SP 800-63, because while it's only normative for the US Government, it's a model that a lot of others use.

That having been said, in the NSTIC model, Relying Parties can request any attributes they want, and the User can decide whether or not to release those attributes. If the User doesn't release the requested attributes, the Relying Party is free to deny service to that user.

In this case, Google+ has made a commercial decision to require users to use their real names in order to access their service. They must realize that this is going to cause some people not to use Google+, but it's the rules they have set for their community. If their calculation on that is wrong and they don't get "enough" users on those terms, they could change their minds.

However, I am really disappointed to hear that users are losing their entire Google "life" (GMail, etc.) as a result of this, especially without prior notice. This is much more of a pressure tactic. At the most, Google should clear the "offending" name from the user's Google profile (which would probably render Google+ inoperative) and give the user the ability to repopulate that field with a real name, or to leave it blank and continue to use other Google services without the name field specified.

-Jim (hoping not to be suspended for using "Jim" rather than "James")

On 8/1/11 10:14 AM, Kaliya wrote:

NSTIC "says" it is about maintaining privacy and freedom of speach we have today on the internet while enabling "when you want to" the ability to use a verified account...but I don't have a good feeling about this.

Over the last week in preparation for the "official" door opening of Google+ they have been sweeping it clear of personas and avatars.

Yesterday I myself was included in the sweep post here: http://www.identitywoman.net/googlereal-name-identity-woman

I had been working on a post I will publish this week about NSTIC being part of the push for so called "real names" in Google+ (and apparently you can't get a google e-mail address without one either).

I am curious what others think is there a link? and are you having your accounts suspended?

I am all for "Accountability" that is different then the sort of mantra around "trusted identities" that the only ones worth trusting for anything must be "real".

- Kaliya

Kaliya Hamlin, Identity Woman (blog) (twitter)

Internet Identity Workshop - Co-Founder, Co-Producer, Co-Facilitator

Kaliya@identitywoman.net

Cel +1 (510) 472-9069

Skype: IdentityWoman

GTalk: Identitywoman@gmail.com

AIM/ichat kaliya@mac.com

Yahoo! earthwaters