Feeds

Naming some identity standards

Politics could be the biggest identity issue

Intelligent flash storage arrays

Confused about how the emerging identity standards and systems fit together and which to work with? You're not alone. There's a lot of talk – and quite a few demos – of interoperable identity systems, but how do you know how well they really fit together?

That's what the ITU focus group on identity management (FG IdM) was set up to thrash out: how do we turn promising developments into an identity layer for networks that everyone can work with?

User names and passwords as we use them today are enough of a security and usability problem on the Web; as converged next-generation networks become a reality, many of the services that are planned simply couldn't work that way. According to the chairman of the focus group Abbie Barbir “What we really need in the long run - or the short run - is the identity layer as the enabler of the service layer; I see the identity layer as the enabler of federation of services at the end of the day”.

With only nine months to work, the focus group can't solve the whole problem, but it can, explains Barbir, document how the different systems are solving it: “What we want to do is a framework for defining what you do with identity rather than being technical about how it's done.” It’s looking at CardSpace (formerly InfoCard), Open ID, the Higgins project, IBM's Identity Mixer, openLiberty and other identity frameworks.

While many of these frameworks are already looking at interoperability, there are also overlapping areas and rivalries to contend with. Barbir says the problems aren't all in the technology: “A lot of them are political. The technical issues - they are solvable. It's mostly a political problem. Speaking as the chair of this focus group, this is where the ITU comes in. This is a global industry. If it can be done, the ITU is the place to do it.”

Tony Rutkowski, Verisign's VP for regulatory affairs, agrees that the aim is to “formalise and fill holes”. Although there are many approaches, there's general agreement that identity management services need discovery, interoperability – and, of course, security.

“There may well be solutions everyone could agree on to provide these,” Rutkowski says, “What exists that everyone could buy into as a common global solution; or what can we do to make existing solutions work together? We're casting the net very wide, from authentication of people, authentication of providers - which is increasingly important - and identity management of objects from RFIDs [radio-frequency identity tags] up. There will be a ratio of 400 objects [with an identity] per person very shortly and it's still growing. We're also focusing on trust mechanisms; so that when you deal with another party under a particular set of circumstances and using a particular kind of asserted identity, you have the ability to measure in some quantitative sense what the level of trust is.”

And, of course, “All these systems create their own problems and insecurities,” as Rutkowski points out, and "one has to ask what vulnerabilities we're creating within the systems.”

Trust is vital. Along with identity services come identity providers and there has to be a way of knowing who's reputable, says Barbir. “Part of our aim,” he explains, “is to enable an identity provider to be an anchor of trust; whether at the user, application or network level. Currently that anchor of trust is not communicated to the upper level. This is needed, that what we call ‘trusted identifiers’ can be available - we need that glue before we can have any [safe] interaction with the identity layer.”

So, how long before we get away from ‘silos of identity’ (whether it's Active Directory or your Amazon account) to an interworking identity system. Going by Barbir's estimates, you shouldn't hold your breath – at least in part because of those political issues. “I'm expecting three-five years,” Barbir says,

“that's the timeframe - you have to get that silo mentality to go away. I think the pressure from Open ID will put enough pressure on the other silos. We are certainly heading that way; I think the Liberty Alliance [people] will eventually see that this is coming down and they have to do something about it. The key is how we are going to do federation; I see federation as a key component of how we do this identity layer. The whole concept revolves around the use of the Web services stack, a protocol that more and more identity information is being based on. After all, ‘identity’ is nothing but some data that need to be exchanged and updated… data in a database that need to be synchronised.”

The next FG IdM meeting is in Geneva, 23-25 April 2007 and the focus group Wiki is here.

Top 5 reasons to deploy VMware with Tegile

More from The Register

next story
Preview redux: Microsoft ships new Windows 10 build with 7,000 changes
Latest bleeding-edge bits borrow Action Center from Windows Phone
Google opens Inbox – email for people too thick to handle email
Print this article out and give it to someone tech-y if you get stuck
Microsoft promises Windows 10 will mean two-factor auth for all
Sneak peek at security features Redmond's baking into new OS
UNIX greybeards threaten Debian fork over systemd plan
'Veteran Unix Admins' fear desktop emphasis is betraying open source
Entity Framework goes 'code first' as Microsoft pulls visual design tool
Visual Studio database diagramming's out the window
Google+ goes TITSUP. But WHO knew? How long? Anyone ... Hello ...
Wobbly Gmail, Contacts, Calendar on the other hand ...
DEATH by PowerPoint: Microsoft warns of 0-day attack hidden in slides
Might put out patch in update, might chuck it out sooner
Ubuntu 14.10 tries pulling a Steve Ballmer on cloudy offerings
Oi, Windows, centOS and openSUSE – behave, we're all friends here
prev story

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.