Monday, October 10, 2005

 

The World and me Posted by Picasa

Wednesday, March 23, 2005

 

The New world Identity Crisis

Identities have undergone a sea of change with time.

Things which seemingly defined an identity are no longer of relevance. Much has to do with the way commerce has moved to ecommerce and business has moved to abusing.

The world now wants to identify not only you but also the systems you own or have access to. Often the systems you have access to to will define your identity. This dependence on technology and technology enablers often poses new challenges as the capacity to defraud based on identity specific enablers has greatly increased.

We have seen time change as the name was replaced with user id and the handshake replaced with the password. The mole on the right cheek don't matter any more as your biometric enabler like credit card or swipe card will do. We are not searching for birth marks so much as questioning your social.

This seemingly new means of identification requires systems to smarten up in terms of dealing with identities. A whole new area of expertise by the name of identity management has emerged to address specific challenges in this area.


Identity management is the ability to manage many users, in a variety of roles across the organization and sometimes outside the organization, as those users access content, applications and services. Identity management automates the processes related to monitoring and controlling access: automated provisioning (setting up/terminating a user account on IT systems); reporting and auditing on who-has-access-to-what, approval workflow to enforce policy, and who gave the OK; password management; Web access management; delegated administration; and directory management (securely managing the directories in which identities are stored).
Also, the collaboration requirements of the new world of business has spun off a separate section of identity management called Federated Identity Management:

What is it? A system that allows individuals to use the same user name, password or other personal identification to sign on to the networks of more than one enterprise in order to conduct transactions.

How is it used? Partners in a Federated Identity Management (FIM) system depend on each other to authenticate their respective users and vouch for their access to services. That allows, for example, a sales representative to update an internal forecast by pulling information from a supplier's database, hosted on the supplier's network.

Why is it necessary? So that companies can share applications without needing to adopt the same technologies for directory services, security and authentication. Within companies, directory services such as Microsoft's Active Directory or products using the Lightweight Directory Access Protocol have allowed companies to recognize their users through a single identity. But asking multiple companies to match up technologies or maintain full user accounts for their partners' employees is unwieldy. FIM allows companies to keep their own directories and securely exchange information from them.

How does it work? A company must trust its partners to vouch for their users. Each participant must rely on each partner to say, in effect, "This user is OK; let them access this application." Partners also need a standard way to send that message, such as one that uses the conventions of the Security Assertion Markup Language (SAML). SAML allows instant recognition of whether the prospective user is a person or a machine, and what that person or machine can access. SAML documents can be wrapped in a Simple Object Access Protocol message for the computer-to-computer communications needed for Web services. Or they may be passed between Web servers of federated organizations that share live services. Who is using it? Early adopters include American Express, Boeing, General Motors and noise. Another, Proctor & Gamble, had improvised its own federated-identity system using the more generic extensible Markup Language but is now moving to adopt SAML.

Are the standards solid? They're getting there. SAML is backed by the Organization for the Advancement of Structured Information Standards (OASIS). The Liberty Alliance, an industry group formed to promote federated-identity standards, has adopted SAML 1.1 as part of its application framework. Microsoft and IBM have proposed an alternative specification called WS-Security. But Dan Blum, a technology analyst with the Burton Group of Midvale, Utah, believes that OASIS may try to make these two approaches converge in SAML 2.0.

What are the challenges? Trusting a partner to authenticate its own users is a good thing only if that partner has solid security and user-management practices. Also, while some Web access-management products now support SAML, implementing the technology still commonly requires customization to integrate applications and develop user interfaces.

This trend in the industry to adopt a federation of Identity is a good sign for the world and specially to the customer. Federation would ensure that companies build infratsructure and mainatin solid practices around their identity management strategies. This would ensure lowered risks of identity thefts and higher confidence in ebusiness.


This page is powered by Blogger. Isn't yours?