90 likes | 103 Views
This panel discusses the complexity of identity management (IdM), the consolidation of traditional IdM in enterprises, new trends impacting IdM, and the top challenges and opportunities in IdM. It also explores user-centric IdM, federated IdM, business-driven IT management, device-based identity management, and identity governance and compliance.
E N D
Managing Digital Identities: Challenges and Opportunities IdM Panel at TrustBus 2007 Marco Casassa Mont Hewlett-Packard Labs
Overview • Identity Management (IdM): A Very Complex & Active Area • Consolidation of “Classic” IdM in the Enterprise • New Trends Impacting on Identity and IdM • New IdM Initiatives • Old and New Identity Management Issues • Top Challenges and Opportunities
Identity Management: A Very Complex Area … Whole New Set of Initiatives in the Identity Management Space Consolidation of Traditional Identity Management in Enterprises Enterprises/ Orgs Users Flow of Identity Information Across Boundaries … Government Identity Information Stored all Over the Places (Devices, Service Providers, Enterprises/Orgs, Govs Sites, etc.) Old and New Threats
New Trends Impacting Identity Management - Web 2.0, - Collaborative Networks, - Content Generation & Mash-up, … - Enterprise (Web) 2.0 - Convergence IP/Telco Networks (NGN) - Business-driven IT Management - Risk & Assurance Management - New Laws and Legislation - … - Mobility, - New types and range of Personal Devices - New Services - Convergence of IP/Telco in Next Generation Networking (NGN) Enterprises/ Orgs Users Government - Terrorism, - New Global Threats, - New Legislation, Laws, …
Identity Management: A Whole New Set of Initiatives … Identity 2.0 & Web 2.0 for Enterprises: - Content-aware Access Control … Enterprises/ Orgs Users User-Centric IdM (Identity 2.0) Driven by Web 2.0 & Federated IdM: - OpenId - InfoCard - Sxip - … Government Identity as a Service Business-driven IT Management and Implications for IdM: - ITIL, Cobit, BS7799, … - Federated Identity Assurance National Identity IDs/Cards (biometric IDs, etc.) Device-based Identity Mgmt: - Liberty Alliance Identity-Capable Platforms (ICP) - Next Generation Trusted Computing (TCG) - Network-based Identities … Privacy Laws, Other Legislation (US RealID, etc.) Identity Governance & Compliance to Laws - Role Mining in Complex Orgs/M&As, …
Identity Management: Old and New Issues … Enterprises/ Orgs - Privacy: (pseudo-)anonymity vs. need to disclose - New Potential Risks introduced by Identity 2.0 (e.g. Identity Phishing …) - Identity Thefts and Frauds - Lack of (Digital) Education - Lack of User Control on Data - Lack of Assurance and Trust Users - Too much reliance on Human-based Processes: Lack of Automation of Privacy Management and Compliance Management. … - Lack of IdM + Privacy Standards - Little control given to users over data - Lack of Control, Assurance and Accountability in Outsourced Environments - … Government - New Potential Privacy Threats for Citizens - Cross-Organisations Data Correlations - …
IdM: Challenges and Opportunities (Next 5 Years) Top Challenges • 1. Improve Users’ Control on Their Personal Data (within Devices and Orgs) • 2. Enterprise Privacy Management: Automation of Privacy Management and Regulatory Compliance in Enterprises • 3. Alignment of Enterprise IdM Practices and Solutions to Business-driven IT Management (ITIL, etc.): Identity Governance, Risk and Assurance Mgmt • 4. Secure, Privacy-aware and Trustworthy Federated IdM/SSO • Interoperability between various Federated IdM/SSO initiatives • 6. Standards to enable Data Exchange between Enterprises/Orgs driven by Security and Privacy Policies and Users’ Preferences • Exploitation of Web 2.0 + Identity 2.0 in Enterprises/Organisations … Top Opportunities 1. Improve overall Enterprise IdM Practice and User Experience/Control … 2. New Research & Development Opportunities in the Identity Management Area both at the User and Enterprise sides 3. New Business Opportunities in the Identity Management space in terms of IdM Services, Solutions, Products, …