Initiative aims to unify identity management

ITU wants system interoperability to reduce mutilple user names and passwords

Fewer user names and passwords could improve security

The International Telecommunication Union (ITU) is backing a new initiative on online identity management to bring interoperability to solutions that help reduce the need for multiple user names and passwords.

The ITU Focus Group on Identity Management aims to bring global harmony to identity management through a technology and platform-independent solution because it believes the use of multiple usernames and passwords is a boon for hacking, identity theft and other forms of cyber crime.

Key players in identity management including developers, software vendors, standards forums, manufacturers, telecom firms and academia, will share their knowledge and co-ordinate identity management efforts to promote interoperability among systems by providing an open mechanism based on a ‘trust-metric’ system that will allow different identity management solutions to communicate.

The ITU says achieving interoperability will increase trust in online services as well as help cyber security, reduce spam and seamless ‘nomadic’ roaming between services worldwide.

Abbie Barbir, chairman of the Focus Group on Identity Management and Nortel standards adviser, said: ‘Our main focus is on how to achieve the common goals of the telecommunication and identity management communities. Nobody can go it alone in this space; an identity management system must have global acceptance. There is now a common understanding that we can achieve this goal.’

Graham Titterington, principal analyst at Ovum says people have many user names and passwords that they need for all sorts of services.

'It is a mess and people can’t remember all their passwords so they write them down which compromises security,' he said.

'Harmonising identity management would mean people would not have to remember so many identifiers and what remains would be more securely managed. Currently they are stored in many databases and are not managed well or securely.’

‘It’s not just about security - it’s also about ease of use. Having to re-enter passwords and re-authenticate yourself is annoying and does not help e-business.’

However, Ant Allan, a research vice president at analyst Gartner, says having multiple user names and passwords does not inherently compromise security.

‘Multiple names and passwords can give you more protection because if you have any kind of integrated system for authentication, once it is compromised everything is exposed,’ he said.

He says the group should look at the verification method and who is responsible for authenticating a user.

‘If a unified framework is created so that information cannot be compromised, it would be an enabler of ebusiness,’ he said.