[KI-LC] identity management article

Salvatore D'Agostino sal at idmachines.com
Fri Feb 26 12:47:07 CST 2016

Hi Danny,


On behalf of Kantara I drafted the following.  As references I am currently
the Chair of the Leadership Council and the Chair of the Identity
Relationship Management Working Group at Kantara.


A number of the latest advances in identity management stem from the fact
that there is a growing understanding that the nature of the requirements
and the issues in play in order to perform identity management have changed.
And at the same time a parallel understanding that this impacts the
business, legal and technical constructs and therefore the nature of the
solutions brought to the fore.  

The Kantara Identity Relationship Management working group was formed in
many ways as a result of the fact that the paradigm has shifted from simply
managing access with a narrow concept of identity to one in which solutions
need to be highly contextual and to take into account the particular
identity relationships as opposed to managing a single identity and related
resource with a specific method of authentication.  In doing so we defined a
range of principles that we believe help define the characteristics of the
current paradigm.  (you can see the principles and an exercise we are
conducting to see how they apply here
http://kantarainitiative.org/confluence/display/irm/IRM+in+the+Wild ).  

Mobility and the internet of things are really helpful in examining this
shift.  The authentication and authorization decisions that identity systems
manages is no longer that of a single identity tied to the static
relationship that can be established before the fact and then related to a
particular transaction.  In the mobility + IoT cases an individual, the
phone and the things and their many interrelated attributes are extremely
dynamic and wide ranging.  These bring into play the challenges of scale,
performance and indirect control (the phone and devices are not wholly part
of the identity management solution as they are typically 3rd party
components that need to be integrated and vary significantly).  As a result
identity relationship management needs to be in place in order to deliver
what has traditionally been identity and access management.  These solutions
need to evolve to bring into play things like much larger data sets, complex
and dynamic database relationships among the attributes and information
contained (which in combination is big data), situational (people, places,
things, time, user control and consent) awareness, tenancy (as part of a
cloud based solution), multi-factor authentication (to help confirm exactly
the relationship of use to authentication device) and a new generation of
digital credentials (OAuth, JSON Web Tokens, distributed ledgers-block
chain), consent receipts as a new token category and user managed access
(UMA)  besides the identity relationship manager to implement solutions that
leverage all of these.

"It's a really interesting and challenging time for those providing identity
management solutions.  What was previously a set of requirements that could
be defined inside the walls of the enterprise have now become a set of
requirements in which there a literally no long-lived boundaries.  Today's
solutions need to be externally focused and in doing so embrace a nearly
unlimited set of possible identities, resources, situations and resulting
relationships.  The result is a new generation of identity relationship
management systems and associated business, legal and technical  components
that can address this and in doing so address the gaps that currently exists
among legacy identity and access management systems." 




Salvatore D'Agostino

IDmachines LLC

1264 Beacon Street, #5

Brookline, MA  02446


http://www.idmachines.com <http://www.idmachines.com/>  

http://idmachines.blogspot.com <http://idmachines.blogspot.com/>  


+1 617.201.4809 ph

+1 617.812.6495 fax


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kantarainitiative.org/pipermail/lc/attachments/20160226/62eac5e8/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 4839 bytes
Desc: not available
URL: <http://kantarainitiative.org/pipermail/lc/attachments/20160226/62eac5e8/attachment.bin>

More information about the LC mailing list