Multiple passwords to access computer networks and services
may soon be a thing of the past.
Two new standards to enhance identity and trust between users
and network-based services worldwide were agreed last week at
meeting of an International Telecommunications Union (ITU)
security
standards group.
ITU-T X.1250 provides the ability to enhance data exchange and
trust in the identities used worldwide by users, network access
devices and service providers using a certificate-based
public key infrastructure
(PKI) system. This is similar to how e-passports are verified.
Also agreed was X.1251, a framework for users of digital
identity. The standard defines a framework to enhance user control
and exchange of their digital identity-related information.
Record attendance at the meeting of ITU-T's Study Group 17 last
week showed the growing importance of cybersecurity to the global
ICT community, Malcolm Johnson, director of the ITU's
standardisation bureau told Computer Weekly.
Johnson said the work on identity management could reduce the
number of passwords a user needed to just one. He said the work
would incorporate existing commercial standards and best practices.
"Verisign has been very helpful and active," he said.
Two other important recommendations were proposed. X.1252
provides a collection of terms and definitions used in identity
management (IdM) and it sets the stage for common definition for
the whole industry.
X.1275 provides guidelines and best practices regarding radio
frequency identification (RFID) procedures that can be used by
service providers to gain the benefits of RFID while attempting to
protect personally identifiable information.
Johnson said that these would be posted on the study group's web
page for comment. If there were no further arguments, they would go
forward as standards in four weeks.
Standardised identity management (IdM) promised to reduce the
need for multiple user names and passwords for each online service
used, while maintaining privacy of personal information, Johnson
said. "A global IdM solution will help diminish identity theft and
fraud," Johnson said. "It is one of the key enablers for a
simplified and secure interaction between customers and services
such as e-commerce."
The SG 17 meeting also set up new groups to start work on
security for cloud computing, e-health and grid computing.