United States-English
» Home - Tab
Blogs - Tab - Selected

Archie Reed's Secure Observations Blog

Specifications for Linking Digital Identity Management to Consumer Devices

Published 22 March 2007, 12:32 PM

You should have caught a recent announcement from the Liberty Alliance on the release of specifications for "Linking Digital Identity Management to Consumer Devices".

HP takes a wide view of this standard, seeing it as part of a much larger opportunity for individuals, vendors and service providers. While not trivial, we believe the advantages of federating devices with services while being focused on identity is to create a truly dynamic and extensible enviornment for the usage of personal devices as a hub for personal data, media and communications. The benefits to us as individuals is faster access to services we want, while allowing us to have better control over the exchange of personally identifiable information (PII) we share to get that access.

This is a very interesting effort that has been validated somewhat through work HP has done with BT and Intel as demonstrated at the 2007 RSA Conference.  You can see a summary of the federation and identity provisioning aspects here: RSA Conference Workshop: Liberty Alliance Identity Standards as presented by Greg Whitehead of HP
Liberty's Advanced Client is introduced here, with an exploration of the history of client support within the Liberty standards and provisioning the Advanced Client. ID-WSF is also explored, as well as HP Select Federation.
•  HP Secure Identity Provisioning.pdf

AND in the RSA Conference Workshop: Liberty Alliance Identity Standards: Intel Presented by Conor Cahill of Intel
The Intel Identity Capable Platform, based on Liberty's ID-WSF, is a trusted environment which offers full lifecycle support for Manageable Identities, that can provision, update, delete, activate, deactivate, and aerialize/deserialize. Offering complete portability, it is capable of over the wire/air as well as physical provisioning with policy-controlled access and operations. This presentation details this project and its use of the Liberty standards.
•  IntelIdentityCapablePlatform.pdf

My colleague Marco Casassa-Mont recently discussed this in his "On Identity-capable Devices and Liberty Alliance related Work …" posting. He notes:

Dealing with devices’ identities and various degrees of associations to human identities is not trivial. This has an impact on current identity management solutions, as it involves:

  • making decisions on how to model devices’ identities;
  • provisioning them to enterprise systems and solutions;
  • dealing with their lifecycle;
  • setting proper access control policies (covering various “combinations” of users’ identities and devices’ identities) and enforcing them;
  • dealing with trust and assurance aspects

So this is the next step in research.

Interesting times... so let us know your scenarios and potential areas for research.

Posted By ArchieReed | 1 Comments | Trackbacks | Permalink


Comments

Hi Archie. Thanks for spotting and highlighting this point. Further work and progress is going to be made in the "identity-capable device" space in the coming months. A related area to explore is about the implications of adopting and managing this kind of devices in enterprises and other organisations ...
# Thursday, March 29, 2007 04:36 PM by Marco Casassa Mont

Leave a Comment

(required)  
(optional)
(required)  


Type the digits above:
Submit »
Information disclosed in this community becomes public. Exercise caution when deciding to disclose your personal information. HP reserves the right, but is not obligated to, edit or remove your comment if it contains personally identifiable information or other content HP deems unacceptable.  Opinions expressed are your personal opinions or those of the original authors, and not of HP. Please see HP's web Terms of Use for more details.