A Windfall for Identity Assurance
First off, I would like to would like to express my sympathy to those affected by the terrible earthquake that hit Chile this past weekend.
Envio mi palabra de aliento y de optimismo al pueblo Chileno. Tengo muy buenos amigos Chilenos y a todos les deseo lo mejor en vista de estas circunstancias, a sus familias y a todos los afectados... Las cosas de Dios son sin duda alguna indescrifrables.
In this blog post, I would like to share with you some recent developments in the world of identity assurance, which as you know from my recent blog posts: "Identity Assurance, an everyday life issue" part 1 and part 2, is a top of mind issue for me and for us here at Identropy. Quite frankly, I could not hope for better timing for these blogs to come about.
On Friday February 26th, 2010 the US Federal Government's Identity, Credential, and Access Management (ICAM) Trust Framework Evaluation Team (TFET) reviewed Kantara Initiative's latest submission and granted it Provisional Approval as a Trust Framework Provider at Levels 1, 2 & non-crypto Level 3 under the Open Identity Solutions for Open Government program. The removal of the provisional status will hinge on the release by TFET of additional guidance for assessors concerning privacy and Kantara's adoption of this guidance.
This is for me an extraordinary milestone, not only in my role of Chair of the Identity Assurance Work Group, but as an identity assurance activist altogether. Kantara submitted its application for the US Federal Government adoption of the Identity Assurance Framework (IAF) in November of 2009. Prior to that date, the IAWG has been working very hard, collaborating with Kantara and the Assurance Review Board (who oversees the Kantara Initiative Identity Assurance Certification Program) to achieve this important goal (albeit still under provisional status).
The significance of this milestone is that it represents an important step towards fostering the adoption of identity-enabled Government services at known levels of assurance, relying on identity credentials issued and managed by non-Government parties (referred to as Credential Service Providers in the IAF). It will create the right conditions for the certification program to be adopted in real-life scenarios and for the industry to benefit from a proven, best-of-breed certification program that effectively enables interoperability and trust. This means that the IAF will not be just a "paper" standard, incarnated in a compendium of documents, but an actual technology-agnostic program that organizations can certify against.
With the adoption of risk-based models, identity federation can achieve Internet scale, and facilitate public access to online information at specific levels of assurance. With adoption will also come economies of scale and further collaboration and interoperability across industries and Governments.
As someone who has been involved in identity management and identity assurance for quite some time, I cannot help but feel excited about the times I live in, and optimistic about what is to come.
I do anticipate and hope for more endorsements of the IAF in the near future by other organizations, and more importantly, the start of a paradigm shift in the way we all think about identity, both within the Enterprise and in a federated environment. Ultimately, this path will allow the identerati to focus on the real end goal: delivering identity-enabled solutions and services with the level of trust and confidence that is appropriate for the transactions being performed.
But this is just a first step...