The keys to authentication
Coalition's new research center to focus on the challenges of identity management
- By William Jackson
- Nov 14, 2008
IDENTITY MANAGEMENT is the crucial element ' and in many
ways the missing link ' in Web-based services. A coalition of
public, private, academic and commercial organizations is
addressing the problem by creating a group with the goal of
identifying gaps in identity management solutions and driving
research to fill them.
The Center for Applied Identity Management Research (CAIMR), a
nonprofit group based in Washington, will focus on applied,
empirical research to provide pragmatic solutions, said Executive
Director Gary Gordon, a senior scholar in identity management at
the Indiana University School of Law.
The ability to establish, manage and authenticate identity
underlies the modern economy and enables access to resources of all
kinds. Systems are leaking personal and financial data, and
shortcomings in identity management interfere with law enforcement
and national security.
'It has become a core issue,' Gordon said. 'I
don't think we fully appreciate the importance identity
The intent of the organization is to be able to produce results
quickly rather than spend years studying a problem, said Norm
Willox, chairman of the CAIMR board and chief business officer of
'This is a faster, quickerpaced model, so we have a chance
to have an impact before things change,' Willox said.
The organization's formation was announced in October, and
it held its first planning meeting to identify research needs and
resources Oct. 29. It plans to issue a blueprint for research
programs in January.
'I don't think we're going to have any trouble
getting the academicians involved,' Willox said. Indiana
University will be the academic home of CAIMR, and 'I know
they will be champing at the bit.' The University of Texas at
Austin, another academic member, 'is absolutely ready to go.
Funding is always an issue, but the funding is there. It's a
matter of direction,' he said.
Other members of the organization include companies in the
financial services and information technology industries, nonprofit
organizations, academic institutions and federal agencies,
including the Secret Service and U.S. Marshals Service.
The diverse roster is needed because the organization's
members are addressing a multidisciplinary problem, Gordon said.
'No one sector can do it by itself.'
Issues of policy, process and education need to be addressed,
and a trusted environment is needed in which law enforcement and
government can share data. 'The technology is the easiest
part,' he said.
There are plenty of products for authenticating identity, Willox
agreed. However, 'this involves societal as well as technical
issues. Solving a problem technically doesn't necessarily get
you there.' There are also policy, legislative and education
challenges to be addressed. 'That is why we call it applied
research. We need to take in all the stakeholders.'
Why is identity management such a thorny problem? 'We all
have our separate ways of doing it,' each one balancing the
security, ease of use and cost issues for each user, Gordon said.
He said multiple identity management schemes probably will always
be necessary for different users, but common best practices could
improve the situation.
The impetus for creating such an organization has been growing
for some time, Gordon said. Many people are interested in the
issues, 'but we weren't seeing a lot of change
He said CAIMR would fill a niche now vacant. 'We
wouldn't support another if there was already someone doing
this,' he said.
CAIMR will not develop products or be a standards body but is
intended to direct research to promote policies and best
CAIMR members are Indiana University, the Secret Service,
LexisNexis, IBM, Intersections, Cogent Systems and Visa, Fair
Isaac, University of Texas at Austin, Wells Fargo, the U.S.
Marshals Service, Dragnet Solutions, ID Experts, Identity Theft
Assistance, Information Technology Association of America and the
Center for Missing and Exploited Children.
William Jackson is freelance writer and the author of the CyberEye blog.