Location and presence take identity mgmt. to next level

Identity management is a key initiative for 2004 and 2005, according to IT executives participating in Nemertes Research’s upcoming “Securing the Enterprise” research benchmark. Digital “identity” refers to the traits, attributes and preferences upon which one may receive personalized services. Identity traits could include government-issued IDs, corporate user accounts and biometric information. Two user “attributes” which may be associated with identity are presence and location.

Identity, presence and location are three characteristics that lie at the core of some of the most critical emerging technologies in the market today: real-time communications (including VoIP, instant messaging and mobile communications), collaboration and identity-based security.

“Presence” is a particularly hot issue, with upwards of 70% of participants in the upcoming benchmark saying they anticipate presence technologies to become pervasive in their organizations within the next 12 months. Presence - most often associated with real-time communications systems such as IM - describes the state of a user’s interaction with a system: which computer they are accessing, whether they are idle or working, and perhaps also which task they are currently performing (reading a document, composing e-mail etc.).

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Identity management is a key initiative for 2004 and 2005, according to IT executives participating in Nemertes Research’s upcoming “Securing the Enterprise” research benchmark. Digital “identity” refers to the traits, attributes and preferences upon which one may receive personalized services. Identity traits could include government-issued IDs, corporate user accounts and biometric information. Two user “attributes” which may be associated with identity are presence and location.

Identity, presence and location are three characteristics that lie at the core of some of the most critical emerging technologies in the market today: real-time communications (including VoIP, instant messaging and mobile communications), collaboration and identity-based security.

“Presence” is a particularly hot issue, with upwards of 70% of participants in the upcoming benchmark saying they anticipate presence technologies to become pervasive in their organizations within the next 12 months. Presence - most often associated with real-time communications systems such as IM - describes the state of a user’s interaction with a system: which computer they are accessing, whether they are idle or working, and perhaps also which task they are currently performing (reading a document, composing e-mail etc.).

“Location” refers to the user’s physical location - typically, it includes latitude, longitude and (sometimes) altitude. Location is most often associated with GPS-enabled mobile devices.

Though presence and location are not often discussed in an information security context, they can contribute to the security of the enterprise in quite surprising ways.

Authentication and authorization mechanisms generally focus on determining the “who” aspect of identity. But knowing “where” (location) and “what” (presence) can assist in user authentication/authorization through:

* Consistency checking. If a user is attempting to access a company’s network from an IP address in China, while the user’s GPS device locates them in San Jose, the system can raise a red flag and refuse access.

* Selective access. If a user is connecting from a location that is not included in a pre-determined set of locations (home, office, branch) then the authorization system may request additional authentication mechanisms such as two-factor authentication.

* Task-based pre-authentication. If a user is initiating a new task, such as accessing a document, the authorization system may pre-authenticate the user to provide them with greater access to other related data needed to complete a task.

* Proximity authentication. Detecting a user’s proximity to their desktop may allow an authentication system to pre-authenticate the user, automatically signing the user onto the desktop as they approach it.

* Proximity de-authentication. Users can also be logged-out of systems as they move away from the console.

A first step towards the convergence of identity, location, and presence was signaled last year, when the Liberty Alliance announced the completion of Phase 2 specifications for federated identity and provided a glimpse into the Phase 3 features. Phase 3, which is currently in progress, will add location and presence features to the ID Services Interface Specification (ID-SIS). With the availability of a standard framework tying identity to presence and location, vendors will be able to develop standard-based services for identity management that incorporate presence and location.