Governments are strengthening their identity (ID) management strategies to deliver new and improved online services to their citizens. Such online services typically include applications for different types of permissions, requests for different types of official documents and management of different types of entitlements. The ID management scheme must therefore be able to correctly authenticate citizens and link online presence to real world identities. Many countries, in particular in the developing world, are currently introducing national ID management schemes for the first time. While most of these countries have paper based records, many of these are regionally based and few of these have been consolidated, so these records may contain incorrect, incomplete, inconsistent or redundant information. In this paper, we explore the design space for national ID management and online authentication schemes, in this context. In particular, we propose a simple model for issuing national ID numbers that satisfy these goals and use this model to examine two different ID management schemes implemented in Libya, which allows us to compare different approaches to national identity management. The two schemes were implemented within a fairly short time, so we may assume that the cultural, social, educational and technological factors remain unchanged. This allows a direct comparison of objectives and means. Based on this examination, we evaluate the current Libyan ID number system with respect to the identified objectives. Our evaluation of the two Libyan NID schemes show that if National Identity Management does not fully meet the requirements identified in our simple model, then it may be vulnerable to various forms of online risks such as impersonation and identity theft attacks. Considering online crime, during the design of an Identity Management system, is especially important in developing countries, where such crimes have not previously existed in the society.
展开▼
