• United States

Mailbag: Readers agree there is more to ID mgmt. than security

May 03, 20062 mins
Access ControlNetworking

* Your thoughts on the wider use of identity management

I’m very gratified by the response I got from last week’s cry, even desperate plea, for information that identity wasn’t somehow becoming merely the authentication step in a larger security process. Quite a few of you responded with notes on your personal projects as well as larger undertakings both from the user perspective and that of the identity management vendor community.

Australia’s John Tregea of Debraneys Systems, a vendor to the maritime industries, even forwarded a “statement of requirement” he’d received from the Australian Customs Service (you can get it here), which outlines a fairly rich set of identity management requirements.

Ian Glazer from Trusted Network Technologies, pointed out that he wrote about this whole “authentication obsession” problem a couple of months ago when he noted how easy it was to hack airport security. As he concludes, “Yes, authentication is important, but we cannot lose sight of the fact that authentication is just the beginning. Recognizing an identity is the start. Observing how that identity interacts with other identities fills in more of the picture. Getting the complete picture involves both recognition and observation.”

The Higgins Project’s Paul Trevithick really warmed my cockles when he wrote: “In June at the Berkman Conference we’ll be demonstrating using a Personal Information Provider (a Higgins-based Web service called a PIP) to support a Firefox browser extension called HBX that will show how a person can ‘project’ (don’t know the right word) their anonymous preferences on to an e-commerce site, the conference sites, and others. This is NOT about single sign-on at all.” The Berkman Conference on User Centric Identity and Commerce will be held June 19-21 in Cambridge, Mass. Sorry, but I couldn’t find any Web link to more information but watch the Berkman site for details.

Michael Richtberg of Citrix Systems perhaps summed it up best when he said: “I couldn’t agree with you more in your comments about identity management not solely being for security. In fact, I’d argue that security is what’s ‘maintained’ by these products, but that they are purchased to enhance usability.”

It does seem there’s still hope, so I’ll pass up the hemlock for now.