 |
The Technologies Roger Clarke |
 |
|
The Technologies Roger Clarke |
|
How do organisations know who they're dealing with over the Internet?
This 70-page report provides what you need to assess the relevance of Identity Management offerings for your organisation, and to gauge whether they're 'ready for prime time'.
Prepared by a leading consultant in eBusiness strategy, the report delivers a framework within which the increasingly hectic marketplace can be understood.
The document draws on expertise developed in a long series of consultancy assignments for governments and business in Australia and overseas, complemented by research into relevant issues conducted over the last two decades.
The author strikes through the complexities to hit the raw nerve-endings. The text focusses on the key factors that will make and break the investments of vendors and user-organisations alike.
The Contents Page is provided. A great deal of related material is available gratis from the index-page for the author's eBusiness publications.
The report is provided as a PDF copy emailed to the licensee as an attached document.
Two alternative copyright licences are available:
Note: The price is subject to 10% GST for sales within Australia, but not for overseas sales. The ordering process will display a price of $145 or $245 plus charges, and the total charge to your credit-card will be $195 or $295 plus GST if appropriate. The purchasing process involves enrolment and provision of credit-card details.
The sale and licensing transaction is being handled by Xamax's agent, AEShareNet Limited. AEShareNet provides a number of services, including licensing, order form handling, and credit-card payment facilities.
On completion of the transaction, AEShareNet will email the order details to Xamax, which will then deliver the PDF file to the email-address you have provided. If you do not receive the report within 12 hours of ordering it, please contact Xamax directly.
References (5 pages)
Appendix: Industry Participants (3 pages)
Glossary (9 pages)
The concept of 'identity management' has burst into prominence during the last few years. Identity management schemes are intended to provide organisations with assurance about the identities that they deal with over the Internet, particularly the identities of individuals.
This report commences with an introduction to the problem that identity management schemes are designed to solve, and an outline of the general shape of the solutions that are being promoted. A case study is provided of the first scheme that was deployed on a large scale, including lessons learnt from it.
Many variants of the general solution have been proposed. The second part of the report examines those that are being offered to corporations and government agencies, in particular extended forms of single-sign-on, and federated services.
But tools already exist, and more are emerging, which place identity management closer to the client end of the network. Moreover, the scope exists for subversion of corporate identity management schemes and for counter-measures against them. This alternative world of identity management mechanisms is examined, and the tensions identified between them and mainstream, server-side schemes. A 'super-architecture' is outlined, which provides an overview of the complex inter-relationships that are emerging.
For a product to succeed in the marketplace, it needs to display a number of characteristics. Strategic partnerships and client lists are important, but they are unlikely to overcome the disadvantage of poor product features. The next section digs down beneath the surface of the mainstream schemes in order to evaluate whether they are conceptually sound.
The current crop of products and proposals are shown to be seriously inadequate. One problem is a deficiency in the appreciation by designers of what the assertions are that organisations need to authenticate in order to manage their business risks. Most schemes also fail to distinguish between identities and the entities that underlie them, and overlook the existence, and likely continued existence, of anonymity and pseudonymity.
Consideration is also given to the extent to which scheme sponsors are addressing trust and privacy issues, and whether and how they are involving in the development of their schemes the people whose identities they propose to manage.
The schemes that are attracting the most press are conceptually inadequate, and have not achieved a balance among their many objectives. The report identifies ways in which identity management schemes could reconcile the conflicting interests. It draws attention to research projects that may enable the next round of schemes to be more likely to succeed than the current proposals.
Roger Clarke has been active in eBusiness consultancy since the late 1980s. He also has expertise in aspects of information infrastructure, and in dataveillance and privacy. During the last five years, much of his consultancy work has related to cryptography, identification, authentication and biometrics.
During a decade as a senior academic (1984-1995), he published leading articles on human identification in Information Systems, and he has subsequently published a great deal of information about the related topics of information security, digital signatures and PKI, authentication and nymity.
He has spent 35 years in the I.T. industry, in Sydney, London, Zürich and Canberra, variously as professional, manager, academic, consultant and Company Director and Chair. He holds degrees in Information Systems (MIS) from U.N.S.W., and a doctorate from the A.N.U.
He has published scores of papers, all since 1995 on his web-site, which attracts over 2 million hits per annum.
Go to the Xamax Consultancy Home-Page.
Created: 24 February 2004
Last Amended: 16 March 2004
Xamax Consultancy Pty Ltd, ACN: 002 360 456
78 Sidaway St
Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 1472, 6288 6916
Roger.Clarke@xamax.com.au