Identity management: the expert view


Identity management: the expert view

Identity management

Identity management has become a key issue in information security. Governments and businesses are using identity management systems to provide and control access to places and services such as bank accounts, buildings and computer applications.

Identity theft is increasing. With it, the risk intensifies that not only data but an individual's privacy and reputation might be compromised. This growing need for data security is one of the driving forces behind the Data Protection Act.

An individual's identity arises in two ways: biologically and socially. Biometric identity relates to things we inherit from our parents, such as DNA, fingerprints and retina patterns. The chances of duplicate patterns occuring are tiny. So, individually or in combination, these patterns determine our identity with a very high degree of certainty.

This makes digitised biometric identity management interesting to state agencies such as immigration, the police, the National Health Service, and others that need to determine an individual's identity accurately and quickly.

We also have a wide range of social identities. These arise from our interaction with others.

Identity management - liability

Creating a social identity requires an authority to accept liability for certifying that the person concerned is in fact the individual they say they are. That requires a verifiable audit trail.

For instance, parents register the birth of a child and medical records should confirm the mother's pregnancy and the child's birth. But only a match of the baby's DNA with that of both its parents will prove to a court a child's identity and who his or her parents are.

Developments in identity management have led governments to seek to join together an individual's social and biometric identities. The aim is to provide greater certainty about the authenticity of an identity. This lies behind the UK government's controversial intention to introduce biometric-based identity cards for all UK citizens.

Identity management - limiting access

In the workplace, companies are increasingly using a person's role plus their identity to provide access to a firm's information system, but to limit that access to only those systems to which the individual needs access.

In the past, information depended on a physical device, such as a magnetic card, or a logical key, such as a password. This is known as single factor authentication. Increasingly, firms are using two, three or even four factors, or credentials, to authenticate the user's identity and allow access.

There is a vibrant industry devoted to identity authentication and access technologies, such as fingerprint readers, retina scanners, palm readers and the like. There is an equally vibrant criminal fraternity devoted to finding ways around such systems.

Identity management - user behaviour

An increasingly common method to defraud an individual of their identity is to mimic expected behaviour. This requires method of fraud uses psychological tricks to get people to part with their access codes and identification devices.

Identity management - protecting individual identity

The only sure way to protect individuals and firms is to educate users. Research has found that many people are willing to supply their individual security data for a chocolate bar.

Identity management - identity access and removal

It is crucially important to provide a new staff member with a company identity for them to gain access to the information they need to do their jobs. Equally important, but often overlooked, is the need to retract staff access when they leave the company.

Identity management for a SOA era

VW to save £35m with global access management

Federated ID: Still not ready for prime time

Information security: Who can you trust?

Wikipedia on identity management

The US National Electronic Commerce Coordinating Council's White Paper on Identity Management

Article on identity in cyberspace

An alternative view from OpenID

David Lacey's security blog


User provisioning - gaining the most bang for the IT buck

Identity Management Learning from Sun

Simplify Identity Management with Quest Software

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

This was first published in July 2007


COMMENTS powered by Disqus  //  Commenting policy