What’s happening in the European identity management world?

Siemens of Germany has been involved in identity issues for longer than most current identity management companies have been in business. It goes back to the early days of x.500, yet I frequently forget to mention Siemens when talking about identity management issues for much the same reason I used to overlook RSA – I think of it in non-ID management terms. Siemens makes a full range of consumer products (phones, appliances, computers, hearing aids, televisions, radios and more) as well as power generators, measuring devices and even locomotive engines!

So I wasn’t surprised when Bernd Hohgräfe director of Siemens’ Director Center of Competence for Identity and Access Management, took me to task for being “a bit biased towards U.S. companies.” While I don’t think I have any prejudice against European identity organizations (companies from France, Norway, the U.K., Spain, Finland, Germany and the Netherlands have been mentioned in this newsletter), it may appear that I do favor North American organizations. Mea culpa. I will try to stay abreast of European happenings more in the future, but I’ll need your help, dear reader. Please drop me a note from time to time to tell me what’s going on in European identity management, or to point me toward a development I should be paying attention to.

One such development is the Modinis-IDM project. As the press release states: “The European Commission, DG Information Society and Media, has contracted K.U. Leuven Research & Development (BE), Lawfort (BE), and the Secure Information Technology Center – Austria (AU) to carry out a study on Identity Management in eGovernment under its MODINIS programme. The study aims to build on expertise and existing initiatives in the EU Member States to progress towards a coherent approach in electronic identity management in eGovernment in the European Union.”

As a first step toward developing a “coherent approach,” the group has released a “Common Terminological Framework for Interoperable Electronic Identity Management,” that is to say, a lexicon defining identity topics. Read this, then compare and contrast with another lexicon being put together by The Identity Gang, a largely North American group (with some significant British input).

Take the term “Digital Identity” for example. The Identity Gang defines it as: “The digital representation of a set of claims made by one digital subject about itself or another digital subject.”

The Modinis-IDM project defines it as: “A digital identity is a partial identity in an electronic form. For any given entity, there will typically exist many digital identities which may be unique or non-unique. A digital identity can be created on the fly when a particular identity transaction is desired. A digital identity is, by definition, a subset of the identity, and can in effect be considered a manifestation of an entity’s presence in an electronic IDM system (i.e., it is the subset of attributes belonging to an entity that is accessible through a specific IDM system). “

There’s enough of a difference between those two definitions to warrant a full-scale conference to hash out a converged statement. Still, by having published definitions both groups have made it easier for anyone viewing their writings (or listening to their discussions) understand what is being said. And that is a good thing.