Identity management
From Blindside
[edit] What is it
...Brief abstract of role of ID management and ID assurance - to follow. While we're waiting, Wikipedia provides this summary definition. "In information systems, identity management, sometimes referred to as identity management systems, is the management of the identity life cycle of entities (subjects or objects) during which:
the identity is established: a name (or number) is connected to the subject or object; the identity is re-established: a new or additional name (or number) is connected to the subject or object; the identity is described: one or more attributes which are applicable to this particular subject or object may be assigned to the identity; the identity is newly described: one or more attributes which are applicable to this particular subject or object may be changed; the identity is destroyed. "
[edit] Impact & Maturity assessment
We estimate the impact level of identity management issues at 3 (the highest level) and the maturity level at 2 (the intermediate classification).
The impact of identity managment issues is currently quite high. Especially at government levels, IM issues would require a more mature technology to resolve the problems faced in ID cards, e-Voting, e-Healthcare, immigration, probation and criminal justice. This is exacerbated by higher levels of maturity of complementary technologies such as biometrics and nanotechnology.
As a coherent discipline, identity management is not mature. Searching atScirus using advanced search with identity management in quotes returned 81,594 results on 18 June 2007. However, only 321 of these were academic journal publications, and only 597 were patent applications. Of those 597 patent applications, 556 have been filed since 2002. Only 5 patents were filed before 1997. Similarly, of the 321 journal publications in the field, 286 have been published since 2002.
Related terms such as biometrics have a longer history and a more robust publication record. But the idea of considering identity management as something in and of itself, a separate category of thought and activity, is frighteningly new.
[edit] Information Assurance issues
If Identity Management fails, information assurance is impossible.
The obvious issues are quickly identified and affect criminal justice organisations, immigration policy, determining eligibility for and disbursement of government benefits, e-Healthcare, voting, licenses, passport control, organ/blood donor/recipient data, student administrative portfolios, marriage/cohabitation contracts and agreements, parental identification, suitability for employment near children and more.
[edit] Timescale
Is the impact of this emerging technology felt - now (less than 18 months) - in 2-5 years? - in 5-25 years - longer-term than that even
The impact is being felt now, and can best be seen in the objections to the structure of the National ID project, as well as some of the problems with patient identity protection in the NPfIT.
We expect the impact to grow for 5 years, as globalisation, continued immigration and continued attempts to create national-level information structures will continue to put pressure on a technology sector that has not had time to develop mature solutions to the issues it faces.
After 5 years, we expect the impact to diminish, as solutions come to the fore and government bodies begin to adapt their requirements more efficiently to the state of technological expertise.
[edit] Report on Identity Management to the CSIA posted here for comment:
Identity Management (IDM) Overview
The topic is discussed in depth here: http://www.blindside.org.uk/wiki/Identity_management Not truly an emerging technology, identity management is an emerging discipline growing out of IT security and password/certification authentication and communications. Of the relatively tiny number of academic publications and patent filings found at Scirus (a cross-disciplinary database of scientific publications), 89% of journal publications and 93% of patent filings with the phrase “identity management” in the title, abstract or text were published after 2002. It must be emphasized that little work has been done in this field; only 321 academic publications are found on Scirus and 597 patent applications in total. This compares with 17,833 academic publications and 8,309 patent applications for “biometrics.” Identity management issues transition to information assurance issues, sometimes seamlessly.
ID management has a tighter focus, concerning itself with the management of the identity life cycle. However, it should be noted that if identity management fails, information assurance is impossible.
As the inter-reaction between complex information systems and users mushrooms, IDM attempts to manage authorized user access, enablement of access to authorized services and information, and dealing with similar issues for members within an organisation. IDM further assumes responsibility for sign-on, authentication, access to authorized information and services, blocking users from unauthorized information and services, and sign-off, while also managing user privacy issues Identity management should be looked at in a cross-disciplinary framework, perhaps focusing upwards on an information assurance programme for direction, and downwards on technologies that impact implementation and performance.
The citizen point of view of identity management looks through the other end of the telescope: • Do I trust the system that holds the information used to authenticate my identity? Will they lose it, sell it or abuse it? • Can I manage the multiple logins and passwords mandated by the numerous systems I interact with? • Do I have to continuously re-enter the same information time after time, frustrating me and increasing the chances of an error on my part or on the system’s? As both public and private sector organisations have had recent, well-publicized incidents involving loss or theft of data, citizen concerns seem justified on the first issue. As organisations set their own access protocols without taking into account the number of systems a citizen/consumer wants or needs to access, the second and third points above seem valid as well. It must be said that evidence of citizen concern is minimal, and manifested more in a general malaise regarding all interactions with government. However, individual organisations seeking to influence public policy represent themselves as a proxy for citizen concern, or perhaps more accurately, what they feel citizen concern should be. Some of those organisations assisted in the Blindside information gathering process.
Key findings: • Although identity management obviously pre-dates the digital era, as a subset of other IT issues identity management as a discrete discipline is new. • Effective identity management relies on effective performance of other technologies which are developing at different rates, and IDM is impacted by developments in other technologies disproportionately (e.g., biometrics) • Information Assurance programmes need to take into account the immaturity of ID management protocols and the plastic nature of enabling technologies that are used for identity management
Implications for UK Government:
• Biometric information used in identity management should be encrypted prior to transmission. Encrypted biometrics enables a more robust data management programme • The most successful systems rely on user input and verification of data. o Amazon and eBay have systems that are more robust than banks, as they get information directly from the user alone, and prompt for updates with each transaction. Banks get information from customers too, but it is at the beginning of the relationship and they do not prompt for information change, and side inputs from other sources (credit rating agencies, etc.) are prone to much higher error rates. o Information assurance programmes willing to accept private sector verification of identity might well consider using retailers that make home deliveries, looking for recency of successful interaction rather than length of relationship. The number of online shoppers was estimated at 14.5 million in 2005, including 2.7 million over age 55. • Information assurance programmes that do not carefully vet every element of identity management procedures in sub-hierarchies should not rely on those organisations’ attestations of verified identity. o An ongoing audit programme including attempts to defeat individual systems should be a vital part of any information assurance programme o More importantly, the audit programme should try to construct false identities using information from a variety of systems to establish bona fides, with a goal of getting drivers’ licenses and passports. Information from these efforts should be shared only with system owners in efforts to improve system performance, to improve co-operation with affected organisations • Of pressing current interest is the use of mobile wireless networks for Internet access. Laptop computers that use an unsecured network should not have confidential information on them, nor should they be permitted access to confidential information. Identity management protocols should identify the status of a user’s network connection and politely deny access until a secure connection can be established. Individual laptop computers that permit storage of or access to confidential information should be configured to prevent access to unsecured networks. o As the physical security of laptop computers is not addressed elsewhere in this report, we take this opportunity to note that: laptops should have a proximity alarm installed to remind the user not to leave a laptop behind, a form-based permission mechanism should be used to minimise the loading and retention of confidential information on laptops. This could include automatic destruction of sensitive data after a date set by the user GPS tracking should be used to retrieve lost or stolen laptops Preparations should begin now for similar security protocols for mobile phones and PDAs to future-proof identity management systems prior to introduction of devices with capabilities much greater than present versions
Related Issues
Biometrics
There are a number of issues relevant to Identity Management relating to the use of biometric information in the verification of personal identity: • False acceptance and false rejection rates are still unacceptable for highly sensitive information, and attempts to mitigate either issue exacerbate problems with the other • Using multiple biometric samples (10 fingerprints plus iris scan, etc.) speeds performance but makes central databases a high value target for theft and/or hacking. This would also be susceptible to function creep antithetical to personal privacy, and insider abuse • Biometric encryption is discussed in a paper by Doctors Ann Cavoukian and Alex Stoianov , found online at http://www.ipc.on.ca/images/Resources/up-1bio_encryp.pdf • We believe that encrypted biometrics would resolve a variety of technical, political and social issues regarding the use of biometric information for identity management purposes
Location Based Services
This is discussed elsewhere in this report, but the identity management implications are large, principally allowing the tracking of devices in space and over time. A secondary implication is that the wide variety of commercial location based services will require mobile telecommunications providers to institute robust identity management and information assurance programmes. They may prove to be better at this than government. Alternatively, they may need regulatory guidance.
Citizen Centric
It must not be forgotten that citizens need to trust the identity of the organisation they are dealing with. Spoof websites are common and do collect sensitive information. Spam emails enable this, and information assurance programmes need to actively participate in the battle against both.
[edit] Examples
IBM contractor loses employee data
[edit] Comments (attributed)
According to Dave Miller, Chief Information Security Officer of Covisint, "Manufacturing is global -- your trading partners might be in Japan or South America, so as you open up your applications, you will need to provide 7x24, multi-lingual help desk support for your external users. We feel it's much better to rely on federation to eliminate the need for dozens of passwords, and let supply chain members use only one authentication method to securely access all those applications for which they have permission."
"When you look at the market, and what's happening around identity theft, phishing, privacy concerns, and privacy regulations in the US and in Europe -- how can you NOT make this a corporate initiative?" asks John Jackson, Director of Software Technology at GM.
[edit] Organisations
Credentica
Edentity
Experian
IAAC
No2ID
Home Office Identity & Passport Agency
[edit] Documents & research papers
Very brief abstracts or links to informative documents, presentations or academic research papers about this emerging technology
What user-controlled identity management should learn from communities (Link is to abstract. Article published in Science Direct.
Abstract
To enable trustworthy privacy, identity management has to be user-controlled, i.e. each user administrates his/her partial identities being supported by an identity management system running on his/her machines under his/her control. Past work on user-controlled identity management focused on isolated users administrating their partial identities mainly used towards organizations, e.g., shops, public administrations and the like. But users intensively interact with other users as well. Additionally, these interactions are not only direct, but indirect, too, as, e.g., within communities. A universally usable identity management meta-system (IMMS) will have to be able to handle and combine all interactions possible.
For the sake of privacy, users interacting with organizations might minimize the personal information transmitted in the context of AAA (authentication, authorization, and accounting) without losing functionality. But users interacting with other users, in particular within a community, have to share additional supportive information, e.g., awareness information. Otherwise, neither a community nor team spirit will develop. Balancing privacy and functionality in communities is a current research question. Therefore, an IMMS has to be flexible enough to incorporate new knowledge and demands as they develop.
Recent Patent Applications (from Scirus)
1. Usability and privacy in identity management architectures Jøsang, Audun / Alzomai, Mohammed / Suriadi, Suriadi, conference, Jan 2007 Digital identities represent who we are when engaging in online activities and transactions. The rapid growth in the number of online services leads to in an increasing number of different identities that each user needs to manage. As a result, many ...
2. DISTRIBUTED HIERARCHICAL IDENTITY MANAGEMENT SYSTEM AUTHENTICATION MECHANISMS HARDT, Dick C., EUROPEAN PATENT APPLICATION, Mar 2007 patno:EP1766852
3. GRADUATED AUTHENTICATION IN AN IDENTITY MANAGEMENT SYSTEM HARDT, Dick C., EUROPEAN PATENT APPLICATION, Mar 2007 patno:EP1766840
4. AUDITABLE PRIVACY POLICIES IN A DISTRIBUTED HIERARCHICAL IDENTITY MANAGEMENT SYSTEM HARDT, Dick C., EUROPEAN PATENT APPLICATION, Mar 2007 patno:EP1766853
5. SEGMENTED NETWORK IDENTITY MANAGEMENT PEARCE, Andrew, Keith / CHUA, Roy, Liang, PATENT COOPERATION TREATY APPLICATION, Feb 2007 patno:WO07016436
Segmented Network Identity Management Background of the Invention Field of the Invention The present invention relates generally authentication and authorization policies...
[edit] Experts (academic, practitioner)
Links to academic experts or expert practitioners and commentators on this emerging technology
Impact assessment [Discuss assessment]
Likelihood: 5 - Certain
Impact: 3 - Severe but not fatal
[edit] Identity management failures
Looking at emerging ID technologies Brian Collins points out first the range of things we need to identify. People: as unique individuals; as being endowed by organisations with certain rights (eg to enter a building, access a computer system,or arrest someone); as holding a role at a point in time; as having authorit; or, society asserts, as people who have transgressed rules of laws.
Also organisations (eg is this really the web site of an online bank?); objects such as cars or mobile phones that we connect with people, processes of value, and systems that join up the people, processes and objects.
He lists the stages in identifying them as: enrolment; storage; verification; revocation; linking; consent and dealing with multiples. He then lists a set if issues to do with ID management:
- offering anonymity (even if only temporarily)
- where is disclosure managed
- availability, such that documents work when and where they're needed
- performance
- trust (even when espionage techniques are used such as subverting insiders)
- certification
- audit
- forensics (eg in producing evidence for law enforcement)
At the intersection of each of these subjects with each process step lies a different set of issues, he says, giving an amazing range of complexity. Perfect ID management for the entire population the whole time is an illusion, so the question we're left with is how graciously the ID management systems we use will fail, and what the consequences are.
[edit] Academic experts
Ross Anderson / Ian Brown / Stefan Brands / Kim Cameron / Brian Collins / Simon Davies / Gus Hosein / Ben Laurie / Marek Rejman-Greene / Angela Sasse
