A Need for Standards

I came across an interesting eWeek Blog entry.  In it, Michael Vizard makes some interesting points about lack of standards in Identity Management. He makes some valid points in that there is no real standard for creating physical means proving identity. While a comprehensive framework makes sense for physical provisioning and Access Management, I have some concerns.  If we have a published framework for creating Access Management tokens, that makes it that much easier to compromise those standards.

Mitigating this concern is the fact that there are several ways to ensure the validity of the issued token.  The FIPS standard cited in the blog entry makes heavy use of PKI technologies.  I would assume other hashed attributes would be a part of the token as well.

My other primary concern is that the examples that Vizard cites are both governmental in nature.  It would make much more sense to me if there was a public sector standard cited as well.

It will be interesting to see how this develops in both the public and private sectors.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s