AUTHENTICATION/IDENTITY MANAGEMENT

A more perfect union of ID management schemes

New organization aims to bridge the gaps between identity management schemes

SAN FRANCISCO — The formation of a new umbrella organization to promote interoperability between existing identity management schemes was announced April 20 by a number of groups working in that industry space.

The new organization will be called the Kantara Initiative, from the Swahili word for “bridge,” which also has roots in the Arabic word for “harmony.”

Kantara is intended to counter a perception of competition between different ID management technologies which has hindered the growth of the field, said Brett McDowell, executive director of the Liberty Alliance.

“This perception we believe has slowed deployment and boxed initiatives into niches,” leading customers to believe that they have to bet on one of three technologies when designing an ID management architecture, McDowell said. “We can’t have stovepipes of technology. Every advocate of this technology sees the value of sending a common message to the marketplace.”

The announcement was made during an identity management workshop being held in conjunction with this week’s RSA Security Conference.

Identity management is process of users authenticating themselves in order to access online resources, and for providers of those resources to control access by verifying the identity of users according to their policies. This is complicated in the digital world where users are not physically present to prove an identity, and by the fact that most users have multiple identities used for different purposes.

A number of workable technologies for asserting and verifying identity exist, and the development community now is working to bring them together into a single architecture. The U.S. government has been a major driver in this effort, McDowell said. The Federal CIO Council has an access management committee working on the issue.

“These fellow need to come up with an answer,” in creating an architecture that will support a variety of needs, he said, from sharing national security data to allowing citizens to access government services online. “Both of these things are critical in the national agenda,” as is the ability to store and share health care information electronically, which also depends on identity and access management.

Among the Kantara Initiative organizers, in addition to the Liberty Alliance, are the Concordia Project, the DataPortability Project, the Information Card Foundation, the OpenID Foundation, and OSIS, the Open Source Identity Systems organization. All of these organizations, and a large number of other newly formed groups, have been promoting interoperability in general or their own schemes, stretching thin the financial and technological support for the efforts.

Despite this proliferation, McDowell said the Kantara Initiative is not intended to replace all of the individual groups. But, “I think it will subsume some of the activities,” he said.

One of the groups most likely to be replaced by the new organization would be the Liberty Alliance itself, because it will closely parallel the work now being done by the alliance in promoting open standards for ID management. “We will be very outspoken advocates of this organization,” McDowell said.

McDowell said the identity management space now is broken into three broad categories:

  • Federated Identity, a trust system that allows authentication of identities across organizational boundaries, using technologies such as the Security Assertion Markup Language and Public Key Infrastructure.
  • Information Cards, a technique of managing multiple electronic identities for a variety of purposes, used by Microsoft Windows CardSpace, DigitalMe and Higgins Identity Selector.
  • OpenID, an open standard authentication protocol supporting multiple identities and services, usually in which the actual identity of the user is not important.

Demonstrating that these different ideas can work with each other is necessary to broad adoption, McDowell said. The challenges have more to do with business processes, policies and trust models than with technologies.

“All three of these are pretty well-baked technologies,” he said. “We don’t need a new technological solution. We need to make the solutions we have work.”

Although a handful of organizations have agreed to formation of the Kantara Initiative, they are not calling themselves founders at this point. A call for founding members was released today, so that all interested parties can get into the organization on the ground floor. It will have a bicameral structure, with a technical leadership council that will be draw from members according to their ability to contribute to the goals of the group.

McDowell called it a meritocracy. “You don’t get onto the leadership council by writing a check,” he said.

On the other hand, checks will be required, and a board of trustees will be drawn from the dues-paying membership.

Initial activities will bill on existing work, such as the Liberty Alliance’s interoperability testing and certification program, which is required for government acquisition of SAML products. McDowell said this program will be expanded to cover other technologies, and accreditation of testing and certification facilities is expected to begin this year.

Reader Comments

Tue, Apr 21, 2009 David Recordon San Francisco, CA

I wanted to correct one incorrect fact in this article which is that the OpenID Foundation is not currently participating in the Kantara Initiative. I also do not believe that OSIS is a part of this effort either.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above