HIPAA tech
HIPAA dvisory
HIPAAdvisory > HIPAAtech Phoenix Health Systems
news
regs
action
tech
wares
alert
live
latest
online HIPAA training
HIPAAstore
HIPAA help desk
search
contact us
site map

Identity Management

From the Liberty Alliance project, whose role is to support the development, deployment and evolution of an open, interoperable standard for federated network identity in order to enable a networked world in which individuals and businesses can more easily conduct transactions while protecting the privacy and security of vital identity information.

What is network identity?
Network identity refers to the global set of attributes that are contained in an individual's various accounts with different service providers. These attributes include such information as name, phone numbers, social security numbers, addresses, credit records and payment information. For individuals, network identity is the sum of their financial, medical and personal data-which must be carefully protected. For businesses, network identity represents their ability to know their customers and constituents and reach them in ways that bring value to both parties.

What is federated network identity?
On a very basic level, federated network identity means consumers and businesses can allow separate entities to manage different sets of identity information. Account federation enables associating, connecting or binding a user's multiple Internet accounts within an affiliated group established between or among commercial and non-commercial organizations and governed by some legal agreement. Federated single sign-on enables users to sign on with one member of an affiliate group and subsequently use other sites within the group without having to sign-on again.

What's driving the need for a federated network identity?
Network identity management reflects the same interactions in a digital world that businesses and consumers have with each other in real life. For example, in-person relationships consist of security, trust, convenience and often a shared history. A relationship in the digital world should have the same elements.

Understanding and creating the best technical infrastructure to enable these relationships to work in a digital world will help drive the next generation of the Internet-what we call federated commerce. It has the power to drive e-commerce, enhance relationships among businesses and their customers, vendors and employees, and ultimately advance computing in practically every industry.

GSA and the Department of Defense Look to the Open Liberty Alliance Project to Address Digital Identity Challenges

March 05, 2003 -- The Liberty Alliance Project announced today that the US General Services Administration (GSA) and the US Department of Defense (DOD) have joined the Liberty Alliance in its pursuit to develop open and interoperable standards for electronically managing identity information.
The global collaboration of government organizations, corporations and consumer interest groups will help solve the complex technical and business issues associated with network identity that the Liberty Alliance is currently working to address.

"Governments and companies are looking at how to use the Web to improve business processes and provide consumers and constituents with better access to information," said Michael Barrett, president of the Liberty Alliance Management Board and vice president of Internet Strategy for American Express. "Identity management is central to each of these things, and identity management is becoming even more relevant as an increasing number of transactions and relationships move online."

For example, eAuthentication is one of the Bush Administration's 24 eGovernment initiatives. The initiative was designed to verify (authenticate) the identity of citizens and businesses doing business with the government over the Internet. eAuthentication will enable the mutual trust needed to support widespread use of electronic interactions between the public and government and across governments.

GSA, the managing partner for this initiative, is responsible for the development and implementation of infrastructure for common authentication services across the Federal Government. GSA's participation in the Liberty Alliance is an important step toward the development of a common infrastructure to advance the President's eGovernment agenda.

Other government groups, on the federal as well as state and local level, are looking at how digital identity affects their own systems and processes. Some, like the Department of Defense, are joining the Liberty Alliance as a way to participate in the discussion and solve their identity issues.

Articles

Better Security Through Identity by Michelle Delio, Computerworld, September 9, 2004
Identity doesn't just define who a user is; it connects the "who" directly with the "what" – what a user's role in the organization is, what resources and information that user needs access to, and what he or she can and can't do with that information. Identity is the big picture, the whole story that allows corporate policy and processes to be applied in a consistent and comprehensive manner across an entire enterprise.

Guidelines for Identity Management Implementation by Christopher Burry and Ace Swerling for Computerworld, October 20, 2003
The most important task in implementing identity management is to map interactions that more or less correlate to interfaces among applications. Instead of building additional layers of functionality and complexity, one should strive to define a strategic architecture for applications and infrastructure. This presents opportunities to simplify infrastructure, reducing long-term costs. It also greatly simplifies application integration and Web services projects. These guidelines should be helpful for customers designing and implementing an architecture for identity management – regardless of operating system.

Liberty Alliance Details Network Identity Specs by Paul Krill, Info World, July 15, 2002
THE LIBERTY ALLIANCE Project announced availability of Version 1.0 of its specifications for a federated network identity system for e-commerce and Web services.

According to the alliance, Version 1.0 specifications do not involve exchange of personal information, but provide a format for exchanging authentication information between companies to protect user identities. Uses include business-to-consumer commerce, business-to-business commerce, and enterprise-to-employee applications.

"The alliance has produced an important standard--the Liberty Alliance [Version 1.0] specifications -- that, once implemented in e-business infrastructures, will allow users to link their accounts across different organizations, security

domains, and application environments," said analyst James Kobielus, senior analyst at the Burton Group in Alexandria, Va., in an e-mail response to questions. "Users will be able to optionally link -- and de-link -- their accounts, so as to reduce the number of times they need to enter user IDs and passwords when transacting business across one or more 'federated' or affiliated organizations."

"The principal shortcomings of the Liberty Alliance 1.0 specifications is that they are new, unproven in the field, rely on the still immature but promising SAML 1.0 standard, and leave many complex technical integration details to be worked out by organizations that implement Liberty-enabled account linking. Liberty 1.0, like SAML 1.0, which Liberty's specs extend, still needs to be implemented and integrated in a critical mass of commercial products and services," Kobielus said.

Single Network Identity: Holy Grail or Nightmare? by Beth Cohen, July 18, 2002, eSecurity Planet
The overall theory of single sign-on is that you have one network identity for access to all of your various networked systems and accounts. In the new hyper-security conscious world, does single network identity security still make sense? The answer is yes and no. When you think about it, all networks are ultimately insecure. Security professionals are all paranoid, that is their job. For the rest of us, it is a matter of how much risk can we tolerate. If someone steals your wallet with all your credit cards, it can be a very traumatic experience. If you forget to pick up the change at a newsstand, you're likely not terribly concerned about the loss. Think of computer and network security in the same way. If your Yahoo! e-mail account gets spammed, that is just part of using a relatively public address. If your credit card information is appropriated after you have made a secure purchase on Amazon, you'll be justifiably upset.

Single network identity does make sense in the workplace environment, where the IT department must keep track of literally thousands of people and machines. Having a system that allows staff to log in with one account name and one password inside a corporate firewall, where the users are protected by the security systems maintained by the corporate IT department, can be very cost effective. More importantly, the vulnerable data is not personal information, but company property. The company is balancing the risks of compromising important company records and the costs of maintaining thousands of accounts.

David Lavenda, Vice President of Marketing & Product Strategy at Business Layers Inc., remarks, "Network security is not only about pulling the plug when employees leave but limiting the access while they are in the company. In today's volatile business environment, departments and teams are built and changed constantly." Their product, eProvision, allocates appropriate resources to employees based on business rule sets. The digital identities stay with the employee as they move through the company. If (or when) people leave a company, they are securely and systematically disconnected from all resources - providing companies with an added level of security.

Go to TOP