Feeds

Naming some identity standards

Politics could be the biggest identity issue

High performance access to file storage

Confused about how the emerging identity standards and systems fit together and which to work with? You're not alone. There's a lot of talk – and quite a few demos – of interoperable identity systems, but how do you know how well they really fit together?

That's what the ITU focus group on identity management (FG IdM) was set up to thrash out: how do we turn promising developments into an identity layer for networks that everyone can work with?

User names and passwords as we use them today are enough of a security and usability problem on the Web; as converged next-generation networks become a reality, many of the services that are planned simply couldn't work that way. According to the chairman of the focus group Abbie Barbir “What we really need in the long run - or the short run - is the identity layer as the enabler of the service layer; I see the identity layer as the enabler of federation of services at the end of the day”.

With only nine months to work, the focus group can't solve the whole problem, but it can, explains Barbir, document how the different systems are solving it: “What we want to do is a framework for defining what you do with identity rather than being technical about how it's done.” It’s looking at CardSpace (formerly InfoCard), Open ID, the Higgins project, IBM's Identity Mixer, openLiberty and other identity frameworks.

While many of these frameworks are already looking at interoperability, there are also overlapping areas and rivalries to contend with. Barbir says the problems aren't all in the technology: “A lot of them are political. The technical issues - they are solvable. It's mostly a political problem. Speaking as the chair of this focus group, this is where the ITU comes in. This is a global industry. If it can be done, the ITU is the place to do it.”

Tony Rutkowski, Verisign's VP for regulatory affairs, agrees that the aim is to “formalise and fill holes”. Although there are many approaches, there's general agreement that identity management services need discovery, interoperability – and, of course, security.

“There may well be solutions everyone could agree on to provide these,” Rutkowski says, “What exists that everyone could buy into as a common global solution; or what can we do to make existing solutions work together? We're casting the net very wide, from authentication of people, authentication of providers - which is increasingly important - and identity management of objects from RFIDs [radio-frequency identity tags] up. There will be a ratio of 400 objects [with an identity] per person very shortly and it's still growing. We're also focusing on trust mechanisms; so that when you deal with another party under a particular set of circumstances and using a particular kind of asserted identity, you have the ability to measure in some quantitative sense what the level of trust is.”

And, of course, “All these systems create their own problems and insecurities,” as Rutkowski points out, and "one has to ask what vulnerabilities we're creating within the systems.”

Trust is vital. Along with identity services come identity providers and there has to be a way of knowing who's reputable, says Barbir. “Part of our aim,” he explains, “is to enable an identity provider to be an anchor of trust; whether at the user, application or network level. Currently that anchor of trust is not communicated to the upper level. This is needed, that what we call ‘trusted identifiers’ can be available - we need that glue before we can have any [safe] interaction with the identity layer.”

So, how long before we get away from ‘silos of identity’ (whether it's Active Directory or your Amazon account) to an interworking identity system. Going by Barbir's estimates, you shouldn't hold your breath – at least in part because of those political issues. “I'm expecting three-five years,” Barbir says,

“that's the timeframe - you have to get that silo mentality to go away. I think the pressure from Open ID will put enough pressure on the other silos. We are certainly heading that way; I think the Liberty Alliance [people] will eventually see that this is coming down and they have to do something about it. The key is how we are going to do federation; I see federation as a key component of how we do this identity layer. The whole concept revolves around the use of the Web services stack, a protocol that more and more identity information is being based on. After all, ‘identity’ is nothing but some data that need to be exchanged and updated… data in a database that need to be synchronised.”

The next FG IdM meeting is in Geneva, 23-25 April 2007 and the focus group Wiki is here.

High performance access to file storage

More from The Register

next story
Windows 8.1, which you probably haven't upgraded to yet, ALREADY OBSOLETE
Pre-Update versions of new Windows version will no longer support patches
Android engineer: We DIDN'T copy Apple OR follow Samsung's orders
Veep testifies for Samsung during Apple patent trial
OpenSSL Heartbleed: Bloody nose for open-source bleeding hearts
Bloke behind the cockup says not enough people are helping crucial crypto project
Microsoft lobs pre-release Windows Phone 8.1 at devs who dare
App makers can load it before anyone else, but if they do they're stuck with it
Half of Twitter's 'active users' are SILENT STALKERS
Nearly 50% have NEVER tweeted a word
Windows XP still has 27 per cent market share on its deathbed
Windows 7 making some gains on XP Death Day
Internet-of-stuff startup dumps NoSQL for ... SQL?
NoSQL taste great at first but lacks proper nutrients, says startup cloud whiz
US taxman blows Win XP deadline, must now spend millions on custom support
Gov't IT likened to 'a Model T with a lot of things on top of it'
Microsoft TIER SMEAR changes app prices whether devs ask or not
Some go up, some go down, Redmond goes silent
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
HP ArcSight ESM solution helps Finansbank
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.