Work Items
Work is progressing on the Area's work items, which include:
- A catalogue of Identity Management implementations
- An Enterprise Identity Management Architecture Guide
- Liaison with the US government on authentication guidelines
- Liaison with standards bodies on identity management certification
Identity Management Project Issues
Members described their experiences with a number of Identity Management projects,
including:
- Implementation of PKI at a US federal agency
- Implementation of an enterprise directory at a major telecoms supplier
- Implementation of a directory synchronization service by a small vendor
- Deployment of identity management services in a major corporation
These experiences shed light on many aspects of Identity Management implementation,
particularly relating to project definition and organisation.
Role of Identity Management in Combatting Spam
The meeting received:
- A presentation of the results of a recent OECD workshop, which described the problem of
spam
- A presentation that described and reviewed common methods of dealing with spam
The common methods all categorize mail based on its originating domain, rather than its
originating individual. The first standard electronic mail system (X.400) provided for
originator identification, but was displaced by a cheaper system that does not have this
(SMTP).
Identity Management may assist in combatting spam, but because of the cost of
implementation would most likely be useful for business mail rather than personal mail.
We could therefore in future see two tiers of electronic mail provision: a cheap system
for personal mail, and a more expensive system for business mail.
But the most effective weapon for reducing spam might be not to identify the sender,
but to ensure that the sender, rather than recipient, pays the additional cost.
Core Identity
A proposal was presented for a core identity representation based on uuid pairs.
Existing representations of identity that can be used over the Internet suffer from two
major problems:
- There are many names for the same person (or thing).
- The names may not be stable (directory distinguished names can change when an
organisation re-structures its directory).
These problems make it difficult for organizations to communicate with their business
partners. A single, stable method of representing identities would solve them.
Use of a pair of Universally Unique Identifiers (uuids), one to identify the source of
authority for the name, the other to identify the individual within that sphere of
authority, meets all the requirements for such a method.
The presentation led to an interesting discussion, covering: the role of federation,
the establishment of trust, the need to follow complex legislation, the need in some cases
for anonymity, the role of biometrics, and other aspects.
No conclusion was reached; this is a topic of far-reaching importance, and more work is
needed to establish and explain the requirements before the value of the proposed method
can be judged.
Work will continue on the catalogue of Identity Management implementations, the
Enterprise Identity Management Architecture Guide, liaison with the US government on
authentication guidelines, and liaison with standards bodies on identity management
certification.
In addition, work will start on a White Paper that will describe the requirements for a
core identity representation.