Feeds

Naming some identity standards

Politics could be the biggest identity issue

5 things you didn’t know about cloud backup

Confused about how the emerging identity standards and systems fit together and which to work with? You're not alone. There's a lot of talk – and quite a few demos – of interoperable identity systems, but how do you know how well they really fit together?

That's what the ITU focus group on identity management (FG IdM) was set up to thrash out: how do we turn promising developments into an identity layer for networks that everyone can work with?

User names and passwords as we use them today are enough of a security and usability problem on the Web; as converged next-generation networks become a reality, many of the services that are planned simply couldn't work that way. According to the chairman of the focus group Abbie Barbir “What we really need in the long run - or the short run - is the identity layer as the enabler of the service layer; I see the identity layer as the enabler of federation of services at the end of the day”.

With only nine months to work, the focus group can't solve the whole problem, but it can, explains Barbir, document how the different systems are solving it: “What we want to do is a framework for defining what you do with identity rather than being technical about how it's done.” It’s looking at CardSpace (formerly InfoCard), Open ID, the Higgins project, IBM's Identity Mixer, openLiberty and other identity frameworks.

While many of these frameworks are already looking at interoperability, there are also overlapping areas and rivalries to contend with. Barbir says the problems aren't all in the technology: “A lot of them are political. The technical issues - they are solvable. It's mostly a political problem. Speaking as the chair of this focus group, this is where the ITU comes in. This is a global industry. If it can be done, the ITU is the place to do it.”

Tony Rutkowski, Verisign's VP for regulatory affairs, agrees that the aim is to “formalise and fill holes”. Although there are many approaches, there's general agreement that identity management services need discovery, interoperability – and, of course, security.

“There may well be solutions everyone could agree on to provide these,” Rutkowski says, “What exists that everyone could buy into as a common global solution; or what can we do to make existing solutions work together? We're casting the net very wide, from authentication of people, authentication of providers - which is increasingly important - and identity management of objects from RFIDs [radio-frequency identity tags] up. There will be a ratio of 400 objects [with an identity] per person very shortly and it's still growing. We're also focusing on trust mechanisms; so that when you deal with another party under a particular set of circumstances and using a particular kind of asserted identity, you have the ability to measure in some quantitative sense what the level of trust is.”

And, of course, “All these systems create their own problems and insecurities,” as Rutkowski points out, and "one has to ask what vulnerabilities we're creating within the systems.”

Trust is vital. Along with identity services come identity providers and there has to be a way of knowing who's reputable, says Barbir. “Part of our aim,” he explains, “is to enable an identity provider to be an anchor of trust; whether at the user, application or network level. Currently that anchor of trust is not communicated to the upper level. This is needed, that what we call ‘trusted identifiers’ can be available - we need that glue before we can have any [safe] interaction with the identity layer.”

So, how long before we get away from ‘silos of identity’ (whether it's Active Directory or your Amazon account) to an interworking identity system. Going by Barbir's estimates, you shouldn't hold your breath – at least in part because of those political issues. “I'm expecting three-five years,” Barbir says,

“that's the timeframe - you have to get that silo mentality to go away. I think the pressure from Open ID will put enough pressure on the other silos. We are certainly heading that way; I think the Liberty Alliance [people] will eventually see that this is coming down and they have to do something about it. The key is how we are going to do federation; I see federation as a key component of how we do this identity layer. The whole concept revolves around the use of the Web services stack, a protocol that more and more identity information is being based on. After all, ‘identity’ is nothing but some data that need to be exchanged and updated… data in a database that need to be synchronised.”

The next FG IdM meeting is in Geneva, 23-25 April 2007 and the focus group Wiki is here.

Secure remote control for conventional and virtual desktops

More from The Register

next story
Why has the web gone to hell? Market chaos and HUMAN NATURE
Tim Berners-Lee isn't happy, but we should be
Linux turns 23 and Linus Torvalds celebrates as only he can
No, not with swearing, but by controlling the release cycle
Apple promises to lift Curse of the Drained iPhone 5 Battery
Have you tried turning it off and...? Never mind, here's a replacement
Sin COS to tan Windows? Chinese operating system to debut in autumn – report
Development alliance working on desktop, mobe software
Eat up Martha! Microsoft slings handwriting recog into OneNote on Android
Freehand input on non-Windows kit for the first time
This is how I set about making a fortune with my own startup
Would you leave your well-paid job to chase your dream?
(Not so) Instagram now: Time-shifting Hyperlapse iPhone tool unleashed
Photos app now able to shoot fast-moving videos
prev story

Whitepapers

A new approach to endpoint data protection
What is the best way to ensure comprehensive visibility, management, and control of information on both company-owned and employee-owned devices?
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Maximize storage efficiency across the enterprise
The HP StoreOnce backup solution offers highly flexible, centrally managed, and highly efficient data protection for any enterprise.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.