Key Concepts Underpinning Identity Management

By Ian Dobson, The Open Group

Having trust in the true Identity of who and what we connect with in our global online world is vital if we are to have confidence in going online to buy and sell goods, as well as sharing any confidential or private information.  Today, the lack of trust in online Identity forces organizations to set up their own identity management systems, dishing out their own usernames and passwords/PINs for us.  The result is that we end up having to remember (or write and keep in a secret place) typically well over 50 different online identities, which poses a large problem since our online identities are stored by many organizations in many places that are attractive targets for identity thieves.

Online identity is important to all users of computing devices.  Today, our mobile phones are powerful computers.  There are so many mobile apps available that phones are no longer primarily used to make phone calls.  The Internet connects us to a global online world, so we need a global online identity ecosystem that’s robust enough to give us the confidence we need to feel safe and secure online.  Just like credit cards and passports, we need to aim for an online identity ecosystem that has a high-enough level of trust for it to work worldwide.

Of course, this is not easy, as identity is a complex subject.  Online identity experts have been working on trusted identities for many years now, but no acceptable identity ecosystem solution has emerged yet.  There are masses of publications written on the subject by and for technical experts. Two significant ones addressing design principles for online identity are Kim Cameron’s “Laws of Identity“, and the Jericho Forum’s Identity Commandments.

However, these design principles are written for technical experts.  Online identity is a multi-million dollar industry, so why is it so important to non-techie users of online services?

What’s In It For Me?
Why should I care?
Who else has a stake in this?
What’s the business case?
Why should I control my own identity?
Where does privacy come in?
What’s the problem with current solutions?
Why do identity schemes fail?
What key issues should I look for?
How might a practical scheme work?

This is where the Jericho Forum® took a lead.   They recognized the need to provide plain-language answers to these questions and more, so that end-users can appreciate the key issues that make online identity important to them and demand the industry provide identity solutions that make then safe and secure wherever they are in the world.  In August 2012, we published a set of five 4-minute “Identity Key Concepts” videos explaining in a non-techie way why trusted online identity is so important, and what key requirements are needed to create a trustworthy online identity ecosystem.

The Jericho Forum has now followed up by building on the key concepts explained in these five videos in our “Identity Commandments: Key Concepts” guide. This guide fills in the gaps that couldn’t be included in the videos and further explains why supporting practical initiatives aimed at developing a trusted global identity ecosystem is so important to everyone.

Here are links to other relevant identity publications:

Laws of Identity: http://www.identityblog.com/?p=354

Identity Commandments: https://www2.opengroup.org/ogsys/jsp/publications/PublicationDetails.jsp?publicationid=12677

Identity Key Concepts videos: https://collaboration.opengroup.org/jericho/?gpid=326

Identity Commandments: Key Concepts: https://www2.opengroup.org/ogsys/jsp/publications/PublicationDetails.jsp?publicationid=12724

Ian Dobson is the director of the Security Forum and the Jericho Forum for The Open Group, coordinating and facilitating the members to achieve their goals in our challenging information security world.  In the Security Forum, his focus is on supporting development of open standards and guides on security architectures and management of risk and security, while in the Jericho Forum he works with members to anticipate the requirements for the security solutions we will need in future.