Is there a uniform way to handle online identities?
Keeping track of the identity of remote users accessing online resources is a critical and daunting task with few standards for large-scale implementation.
There are working schemes for federated services such as the Federal Bridge Certification Authority but little assurance of visibility by all parties involved, which can introduce risks into identity management and access control. This has been a major hurdle in the efforts of agencies to provide more information and services online to remote workers and citizens.
“There is no uniform approach to dealing with the federation process, nor is there a uniform method for revoking credentials or their associated attributes in a federated community when there are threats to system security and information privacy,” the National Institute of Standards and Technology noted in a recent bulletin.
In an interagency report, NIST proposes a solution to this challenge with a model that assigns roles for each of the parties in the identity management and authentication process. NISTIR 7817, A Credential Reliability and Revocation Model for Federated Identities, lays out requirements to assure secure operation of electronic authentication systems. The Uniform Reliability and Revocation Service (URRS) is a collaborative model for all parties of the federated community.
The report examines models for identity provisioning and authentication, based on the number of parties involved.
The two-party model, involving only the credential holder and service provider, is most frequently used but not scalable. The service provider also provides ID credentials to its users, and users must manage different credentials for every service provider.
The three-party model includes an independent identity provider that also can perform authentication, which is passed to the service provider. This enables outsourcing by the service provider and the creation of federated identity management, but can also create security blind spots. “Evidence of malicious activity at the service provider is not generally shared with the identity provider,” the report notes. “This situation is unfortunate, as the service provider is at the forefront of attacks. It has all audit trails and knowledge of suspicious or malicious account activities.”
With the feedback from the service provider, an identity provider could revoke credentials and help prevent further attacks at other parties.
The four-party model complicates things by introducing an attribute provider, which authenticates additional characteristics of a person, such as age, status or job. This can be used to enable access control based on something about the user in addition to who the user is. This is important for persons such as first responders who must have access to secured areas and interact with members of number of agencies during emergencies. “It is important for attributes to be verified and up-to-date,” NIST says.
A single scheme for enabling collaboration and feedback between the various parties in federated identity, to ensure that data credentials are up to date, could mitigate some threats and ease the task of providing online services to remote workers and citizens.