Identity management has become a key issue in
information security. Governments and businesses are using identity
management systems to provide and control access to places and
services such as bank accounts, buildings and computer
applications.
Identity
theft is increasing. With it, the risk intensifies that not
only data but an individual's privacy and reputation might be
compromised. This growing need for data security is one of the
driving forces behind the
Data
Protection Act.
An individual's identity arises in two ways: biologically and
socially. Biometric identity relates to things we inherit from our
parents, such as DNA, fingerprints and retina patterns. The chances
of duplicate patterns occuring are tiny. So, individually or in
combination, these patterns determine our identity with a very high
degree of certainty.
This makes
digitised biometric identity management interesting to state
agencies such as immigration, the police, the National Health
Service, and others that need to determine an individual's identity
accurately and quickly.
We also have a wide range of social identities. These arise from
our interaction with others.
Identity management - liability
Creating a social identity requires an authority to accept
liability for certifying that the person concerned is in fact the
individual they say they are. That requires a verifiable audit
trail.
For instance, parents register the birth of a child and medical
records should confirm the mother's pregnancy and the child's
birth. But only a match of the baby's DNA with that of both its
parents will prove to a court a child's identity and who his or her
parents are.
Developments in identity management have led governments to seek
to join together an individual's social and biometric identities.
The aim is to provide greater certainty about the authenticity of
an identity. This lies behind the
UK government's controversial
intention to introduce biometric-based identity cards for all
UK citizens.
Identity management - limiting access
In the workplace, companies are increasingly using a person's
role plus their identity to provide access to a firm's information
system, but to limit that access to only those systems to which the
individual needs access.
In the past, information depended on a physical device, such as
a magnetic card, or a logical key, such as a password. This is
known as single factor authentication. Increasingly, firms are
using two, three or even four factors, or credentials, to
authenticate the user's identity and allow access.
There is a vibrant industry devoted to identity authentication
and access technologies, such as fingerprint readers, retina
scanners, palm readers and the like. There is an equally vibrant
criminal fraternity devoted to finding ways around such
systems.
Identity management - user behaviour
An increasingly common method to defraud an individual of their
identity is to
mimic expected behaviour. This requires method of fraud uses
psychological tricks to get people to part with their access codes
and identification devices.
Identity management - protecting individual
identity
The only sure way to protect individuals and firms is to educate
users. Research has found that many people are willing to
supply
their individual security data for a chocolate bar.
Identity management - identity access and
removal
It is crucially important to provide a new staff member with a
company identity for them to gain access to the information they
need to do their jobs. Equally important, but often overlooked, is
the need to retract staff access when they leave the company.
Identity management for a SOA era
VW to save £35m with global access management
Federated ID: Still not ready for prime time
Information security: Who can you trust?
Wikipedia
on identity management
The
US National Electronic Commerce Coordinating Council's White Paper
on Identity Management
Article
on identity in cyberspace
An alternative view from
OpenID
David Lacey's security blog
Video
User
provisioning - gaining the most bang for the IT buck
Identity
Management Learning from Sun
Simplify
Identity Management with Quest Software