Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Jericho Trumpets At Identity's Walls: Page 2 of 2

The other problem with size is that the bigger something gets, the more attractive it becomes to “bad guys,” says Simmonds. “Once any critical ecosystem gets to a critical mass, the bad guys are going to target it. That's the crown jewels, especially if it includes super-persona--everything about you.”

IdEA is just the starting point, he says. “You need to have an identity strategy out there, to move from IAM. ... It's quite a fundamental shift in architecture, not something to do overnight, but over the next two-three years.” The danger, he says, is that this will happen whether you want it to or not: “You have no choice about doing cloud. Your only choice is if you want to do it securely.”

IdEA Commandments:

1. All core identities must be protected to ensure their secrecy and integrity.

2. Identifiers must be able to be trusted.

3. The authoritative source of identity will be the unique identifier or credentials offered by the persona representing that entity.

4. An entity can have multiple separate persona (identities) and related unique identifiers.

5. Persona must, in specific use cases, be able to be seen
as the same.

6. The attribute owner is responsible for the protection and appropriate disclosure of the attribute.

7. Connecting attributes to persona must be simple and verifiable.

8. The source of the attribute should be as close to the authoritative source as possible.

9. A resource owner must define entitlement.

10. Access decisions must be relevant, valid and bi-directional.

11. Users of an entity's attributes are accountable for protecting the attributes.

12. Principals can delegate authority to another to act on behalf of a persona.

13. Authorized principals may acquire access to (seize) another entity's persona.

14. A persona may represent, or be represented by, more than one entity.

For the full version, visit: http://www.opengroup.org/jericho/Jericho%20Forum%20Identity%20Commandments%20v1.0.pdf

See more on this topic by subscribing to Network Computing Pro Reports Strategy: IPv6 Security (subscription required).