ITU identity standards could end multiple passwords

Multiple passwords to access computer networks and services may soon be a thing of the past.

Two new standards to enhance identity and...

Multiple passwords to access computer networks and services may soon be a thing of the past.

Two new standards to enhance identity and trust between users and network-based services worldwide were agreed last week at meeting of an International Telecommunications Union (ITU) security standards group.

ITU-T X.1250 provides the ability to enhance data exchange and trust in the identities used worldwide by users, network access devices and service providers using a certificate-based public key infrastructure (PKI) system. This is similar to how e-passports are verified.

Also agreed was X.1251, a framework for users of digital identity. The standard defines a framework to enhance user control and exchange of their digital identity-related information.

Record attendance at the meeting of ITU-T's Study Group 17 last week showed the growing importance of cybersecurity to the global ICT community, Malcolm Johnson, director of the ITU's standardisation bureau told Computer Weekly.

Johnson said the work on identity management could reduce the number of passwords a user needed to just one. He said the work would incorporate existing commercial standards and best practices. "Verisign has been very helpful and active," he said.

Two other important recommendations were proposed. X.1252 provides a collection of terms and definitions used in identity management (IdM) and it sets the stage for common definition for the whole industry.

X.1275 provides guidelines and best practices regarding radio frequency identification (RFID) procedures that can be used by service providers to gain the benefits of RFID while attempting to protect personally identifiable information.

Johnson said that these would be posted on the study group's web page for comment. If there were no further arguments, they would go forward as standards in four weeks.

Standardised identity management (IdM) promised to reduce the need for multiple user names and passwords for each online service used, while maintaining privacy of personal information, Johnson said. "A global IdM solution will help diminish identity theft and fraud," Johnson said. "It is one of the key enablers for a simplified and secure interaction between customers and services such as e-commerce."

The SG 17 meeting also set up new groups to start work on security for cloud computing, e-health and grid computing.

Read more on Antivirus, firewall and IDS products