EU develops common ID management standards

Specifications should ensure member states' electronic identity management systems are interoperable

The European Commission is on track to deliver common specifications for European Union member states' identity management systems next year, according to an official working on the initiative.

Speaking at the Information Assurance Advisory Council (IAAC)’s seventh annual symposium earlier today (5 July), Andrea Servida, deputy head of the EC's Internet, Network and Information Security unit, said the EC aimed to announce common specifications during the third quarter of 2007 to ensure electronic identity management systems are interoperable. He added that it would then aim to have a framework in place by 2010 to ensure member countries' federated identity management systems are interoperable.

Dame Pauline Neville-Jones, chair of IAAC, welcomed the news, but warned the timeline was very ambitious and depended on the progress made by individual member states with their own identity management and electronic ID card initiatives.

Common EU-wide standards, which are likely to cover how ID management systems should interoperate and what data should be held on citizens, would help to reduce fraud, according to Guy Bunker, chief scientist at security giant Symantec. "At the moment fraudsters can steal an identity in one country and use it in another where systems or processes may be less secure," he explained. " Standards would help tackle the problem."

Separately, IAAC published a new roadmap to improve identity assurance in the UK, calling for greater co-operation between government, citizens, and small and big business as they seek to protect identity data. IAAC chief executive Maarten Botterman said the organisation would spend the next two years promoting research into identity management frameworks and would work to foster stronger links between government, industry and academics.