|
In general, we tend to identify people by associating them
with certain ‘identifiers’. These identifiers
can vary considerably and include, for example, a name, anaddress,
a credit card, a passport or a userID.
The term ID Management is therefore misleading: we are not
managing the actual identities of individuals, but rather
the identifiers that are associated with them.
Our list of examples of identifiers includes both physical
and electronic examples. Their management in the two environments
requires different techniques and presents different challenges.
Furthermore, whenever we need to use some service on the Internet
that is personalised, we not only need to establish our identity
but, if that service also requires some form of confidentiality
or user privacy, we will use a secret password or PIN that
the system also associates with us. The reality is that each
individual has many identifiers existing in the electronic
world and the number is ever increasing.
Managing all these identifiers can be very cumbersome for
both the individual, namely the end user, and for the organization(s)
that holds them.
End users forget their identifiers and/or passwords/PINs,
while organisations spend enormous efforts into trying to
maintain authentic registers of user identifiers and managing
processes to perform reliable identification.
Furthermore, there are many privacy issues involved because
the end user may become trackable and confidential information
may be at risk of disclosure.
Last but not least, we are starting to see an integration
of different ID Management solutions in evolving technologies,
such as Grid Computing, Web Services, and Ubiquitous Computing.
Large organisations are required to manage 10,000s of employee
and 100,000s of customer identities. This is a costly and
time consuming task, involving many resources.
Efficient user provisioning is essential to the economic success
of an enterprise, involving the management of identifiers
of employees, partners, contractors, suppliers, and temporary
workers.
Microsoft .NET Passport is a single sign on solution that
is geared towards the consumer market and that has been in
large-scale operation since 1999.
Whereas .NET Passport is a server-based solution to single
signon, solutions exist that put the end user in control of
ID management, using hardware tokens that generate one-time
dynamic passports.
The identities of more than 900 million subscribers are managed
in GSM mobile communication networks alone. ID management
solutions are also fundamental in the emerging technologies
of Grid Computing and Web Services, where a distributed computing
infrastructure serves as a platform for advanced application
development. ID management is doomed without the privacy aspects
of ID management solutions. Privacy-Enhancing Technologies,
or PET, implement privacy requirements and put the users in
control of their digital identity.
Coming soon
The new Information
Security Technical Report on ID Management, edited by
Dr
Scarlet Schwiderski-Grosche, Royal Holloway, London.
|
|
| Expert
Comment from Compsec Online: |
|
|
|
