The Jericho Forum has published a new set of principles to help organisations and industry develop best practice identity managment systems and processes.
The Jericho Forum Identity, Entitlement and Access Management (IdEA) Commandments promote open and interoperable standards that can be used to help build identity management processes that can work on a global, de-perimeterised basis.
The aim is that the new, user or resource-centric identity management is cheaper and more secure than traditional application or system-centirc identity and access management.
"The IdEA commandments serve as a benchmark by which identity, entitlement and access management concepts, solutions, standards and systems can be assessed and measured," the document states.
Cloud computing technology, which Jericho Forum's president Paul Simmonds described as the most extreme example of de-perimeterisation, has been one of the key drivers for the organisation to set out the new identity management 'commandments'.
According to the Jericho Forum, one of the key principles is to ensure the protection and integrity of all core identities, which can refer to human or digital identities. The identities need to be protected to the extent that their associated core identifiers, which need to be trusted, never need to be disclosed. For example, a person can indicate that they are over 18, without having to disclose their full birth date.
A good identity managment solution will also allow people or organisations to have multiple and separate personas, each with their unique identifiers. In addition, people would also be able to substitute one persona for another current one, without the change affecting the trust of the relationships. However, there is an exception to this. In some circumstances, only a single, consistent persona may be accepted, for example, a person can only have one vote.
Meanwhile, owners of a persona must be responsible for keeping their details, or attributes, updated, and for not revealing so much of their attributes that they could be used to work out the core identity.
But this does not mean that the attributes should be over-complicated. It is important to the Jericho Forum that the attributes should be simple and verifiable. It believes that identity management solutions should allow for delegation, to support the intrinsic nature of how businesses and organisations operate and collaborate.