The Jericho Forum’s new guidelines for designing better identity systems are timely because of cloud computing, according to Forum president Paul Simmonds.
The Jericho Forum has this week published a set of principles, the Identity, Entitlement and Access Management (IdEA) Commandments, to promote open and interoperable standards that can be used to help build identity management processes that can work on a global, de-perimeterised basis.
The Jericho Forum works to define and promote solutions on the issue of de-perimeterisation, which is becoming more widespread as organisations want to collaborate more.
“True cloud is the most extreme case of a de-perimiterised world, so cloud is definitely one of the major drivers [for the identity commandments],” said Simmonds.
“If you can make it work in the cloud environment, it will work better anywhere else.”
User or resource-centric identity management is cheaper, more scalable and more secure than traditional application or system-centric identity and access management, according to the Jericho Forum.
“Passwords are broken,” Simmonds said.
“Core identity has to be under the user’s control if it is going to work for the internet age, and to implement it, you have to support identity access management and asset management. Both of those we do wrong at the moment, and we have been doing it wrong for too long.”
Simmonds said that existing technologies for identity were purely stopgap solutions, and did not really solve the problems of managing identity in a global, collaborative and de-perimeterised environment.
The root of the problem is that current authentication systems are designed for computers, not humans, he said, and that federating existing identity access management systems was not scalable.
“There are lots of people trying to provide sticking plaster solutions because identity is broken,” he said.
Furthermore, Simmonds said that providing a ‘super persona’, for example, through a national ID card scheme, was dangerous.
“The problem is your super persona then becomes a pseudo-core identity, and you’re back to a core identity you don’t manage. It’s a really bad idea,” he said.