Feeds

Naming some identity standards

Politics could be the biggest identity issue

Secure remote control for conventional and virtual desktops

Confused about how the emerging identity standards and systems fit together and which to work with? You're not alone. There's a lot of talk – and quite a few demos – of interoperable identity systems, but how do you know how well they really fit together?

That's what the ITU focus group on identity management (FG IdM) was set up to thrash out: how do we turn promising developments into an identity layer for networks that everyone can work with?

User names and passwords as we use them today are enough of a security and usability problem on the Web; as converged next-generation networks become a reality, many of the services that are planned simply couldn't work that way. According to the chairman of the focus group Abbie Barbir “What we really need in the long run - or the short run - is the identity layer as the enabler of the service layer; I see the identity layer as the enabler of federation of services at the end of the day”.

With only nine months to work, the focus group can't solve the whole problem, but it can, explains Barbir, document how the different systems are solving it: “What we want to do is a framework for defining what you do with identity rather than being technical about how it's done.” It’s looking at CardSpace (formerly InfoCard), Open ID, the Higgins project, IBM's Identity Mixer, openLiberty and other identity frameworks.

While many of these frameworks are already looking at interoperability, there are also overlapping areas and rivalries to contend with. Barbir says the problems aren't all in the technology: “A lot of them are political. The technical issues - they are solvable. It's mostly a political problem. Speaking as the chair of this focus group, this is where the ITU comes in. This is a global industry. If it can be done, the ITU is the place to do it.”

Tony Rutkowski, Verisign's VP for regulatory affairs, agrees that the aim is to “formalise and fill holes”. Although there are many approaches, there's general agreement that identity management services need discovery, interoperability – and, of course, security.

“There may well be solutions everyone could agree on to provide these,” Rutkowski says, “What exists that everyone could buy into as a common global solution; or what can we do to make existing solutions work together? We're casting the net very wide, from authentication of people, authentication of providers - which is increasingly important - and identity management of objects from RFIDs [radio-frequency identity tags] up. There will be a ratio of 400 objects [with an identity] per person very shortly and it's still growing. We're also focusing on trust mechanisms; so that when you deal with another party under a particular set of circumstances and using a particular kind of asserted identity, you have the ability to measure in some quantitative sense what the level of trust is.”

And, of course, “All these systems create their own problems and insecurities,” as Rutkowski points out, and "one has to ask what vulnerabilities we're creating within the systems.”

Trust is vital. Along with identity services come identity providers and there has to be a way of knowing who's reputable, says Barbir. “Part of our aim,” he explains, “is to enable an identity provider to be an anchor of trust; whether at the user, application or network level. Currently that anchor of trust is not communicated to the upper level. This is needed, that what we call ‘trusted identifiers’ can be available - we need that glue before we can have any [safe] interaction with the identity layer.”

So, how long before we get away from ‘silos of identity’ (whether it's Active Directory or your Amazon account) to an interworking identity system. Going by Barbir's estimates, you shouldn't hold your breath – at least in part because of those political issues. “I'm expecting three-five years,” Barbir says,

“that's the timeframe - you have to get that silo mentality to go away. I think the pressure from Open ID will put enough pressure on the other silos. We are certainly heading that way; I think the Liberty Alliance [people] will eventually see that this is coming down and they have to do something about it. The key is how we are going to do federation; I see federation as a key component of how we do this identity layer. The whole concept revolves around the use of the Web services stack, a protocol that more and more identity information is being based on. After all, ‘identity’ is nothing but some data that need to be exchanged and updated… data in a database that need to be synchronised.”

The next FG IdM meeting is in Geneva, 23-25 April 2007 and the focus group Wiki is here.

Remote control for virtualized desktops

More from The Register

next story
Euro Parliament VOTES to BREAK UP GOOGLE. Er, OK then
It CANNA do it, captain.They DON'T have the POWER!
Download alert: Nearly ALL top 100 Android, iOS paid apps hacked
Attack of the Clones? Yeah, but much, much scarier – report
NSA SOURCE CODE LEAK: Information slurp tools to appear online
Now you can run your own intelligence agency
Post-Microsoft, post-PC programming: The portable REVOLUTION
Code jockeys: count up and grab your fabulous tablets
Twitter App Graph exposes smartphone spyware feature
You don't want everyone to compile app lists from your fondleware? BAD LUCK
Microsoft adds video offering to Office 365. Oh NOES, you'll need Adobe Flash
Lovely presentations... but not on your Flash-hating mobe
prev story

Whitepapers

10 ways wire data helps conquer IT complexity
IT teams can automatically detect problems across the IT environment, spot data theft, select unique pieces of transaction payloads to send to a data source, and more.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
How to determine if cloud backup is right for your servers
Two key factors, technical feasibility and TCO economics, that backup and IT operations managers should consider when assessing cloud backup.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.