Identity Assurance Frameworks Are Now Upon Us. But What Are They For?
Identity on the Internet continues on its unsustainable track. Users are overwhelmed by the need to both register and continuously prove their identity on the Internet, Web sites are burdened with expensive and highly redundant systems and processes needed to proof and authenticate users, and criminals are expanding their ability to take advantage of weak Internet identity systems to steal money and create havoc. While important identity federation technologies have been around for sometime – OpenID, SAML, Information Cards – and certainly show some traction and promise, the unsustainable march of identity on the Internet still continues. Why? How can we address the problem? Ultimately the problem is not one of technology, but one of trust and economics.
It remains clear that an important part of the ultimate solution will come from the use of federated identity on an Internet scale. Our ultimate solution needs to enable a situation where users have a relatively small number of places on the Internet where their identity is validated, but a very large number of sites where they can easily and securely go to transact both their personal and organizational business. What is needed is an open marketplace of identity services such that the three actors – Identity Providers, Service Providers, & Users – can be brought together for the benefit of all. Where users can get access to the services they want, securely, but also the economic incentives and levels of trust also exist such that this type of federated Internet collaboration can take place at massive scale.
Identity Assurance Frameworks, such as the one that was recently launched by the non-profit, Kantara Initiative, was created to help catalyze such a federated identity market. A more comprehensive description of the Kantara IAF can be found here. The purpose of my session is to describe more fully the problem area, what IAFs are, and how they are operated. It will touch on the enabling federation technologies, but not dwell on them. Also the session will delve into the market areas, both verticals and geographies, where IAFs are currently gaining the most traction and what we can learn from that. Finally I will conclude the session with recommendations on whether and how the audience and their respective organizations might be able to take part in these new identity services marketplaces.
Trust Frameworks vs. Government eID Solutions
With an increase in online services, having a user friendly and safe national eID solution is becoming more and more important. Different approaches to provide this exist, and especially the role of government is very different between countries. In this panel experts from different European countries and the US will debate if a national eID should be provided by the government (e.g., German ePA, Dutch DigiD) or within a trust framework (e.g., Sweden BankID, Dutch eRecognition, US ICAM/OIX). A trust framework is a set of rules, including governance of these rules, for private parties to compete with each other to offer eID services. This panel will discuss privacy aspects, trust issues, business models and security issues.