Introduction and definition Digital identity management has long been a policy priority in the EU Member States, and large-scale investments have been deployed. In the context of collaborative governance, digital identity constitutes a fundamental pillar of trustworthy cooperation. Identity management systems include control and management of credentials used to authenticate one entity to another, and authorise an entity to adopt a specific role or perform a specific task. Global in nature, they should support non-repudiation mechanisms and policies; dynamic management of identities, roles, and permissions; privacy protection mechanisms and revocation of permissions, roles, and identity credentials. Furthermore, all the identities and associated assertions and credentials must be machine processable and human understandable.
At the EU level, the goal is to provide an interoperable privacy protecting infrastructure for eID that is federated across countries, with multiple levels of security for different services, relying on authentic sources, and usable in a private sector context.
Alongside this, a flexible, context-dependent and interoperable identity management system is required for large-scale deployment. In particular, federated identity management systems that ensure flexible deployment and seamless integration of users창€™ preferred identities, including commercial (such as Facebook connect) and open source solutions (such as OpenID) are needed. Particular focus should be put on usable delegation of privileges, which is very important for workflows and integrating services.
Electronic identity management should identify non-humans (devices, sensors) as well as humans, in order to ensure validated identity in the context of participatory sensing and the Internet of Things.
At the same time, eIdentity management should take into account the risks of information centralization in terms of data privacy and security. Cost-benefit considerations of centralised versus federated systems remains a key issue. Identity federation can be accomplished in any number of ways, some of which involve the use of Internet standards, such as the OASIS Security Assertion Markup Language (SAML) specifications, with the use of open source technologies and/or other openly published specifications.
Why it matters in governance Identity certification is one of the core tasks of government, and therefore pertains specifically to the governance context. This is reinforced by Meta Group (2002), who views the implementation of identity management 창€œnot as a differentiator but as mandatory security consideration, a business imperative and a non-negotiable user expectation창€?.
Recent trends The role of Identity Management is vital in the context of ICT for Governance and Policy Modelling. The importance of addressing eIdentity-related issues for secure public service provision, citizen record management and law enforcement has made Identity management a strategic issue for governments at both a local and international level. Research for the design and implementation of privacy preserving digital identity, as well as for its supporting management infrastructures, and delegation of authority, has reached a satisfactory level. Nevertheless, one of the greatest problems in Identity Management is lack of interoperability of digital identities and identity management systems between proprietary systems and standards-based ones, and between organisations and governments.
Current practice - Electronic ID creation at national level
- Pilots in cross-border interoperability of field in EU (STORK project)
Public Policy Applications The development of a Federated Identity Management would be to the following benefits at governmental level:
- Avoid replicated efforts: reduction in the number of sign-ons and passwords needed for accessing multiple systems and databases, thereby decreasing cost and time-waist
- It would be possible to define a mechanism of sharing and managing identity information as it moves between discrete legal, policy and organizational domains which would be based on standards
- Institutions would not have to establish separate relationships and procedures with one another
- It is possible to grant ad revoke user access to info more easily
- Reduce the number of passwords accumulated: citizens either forget them or choose simple ones thereby increasing insecurity and fraud possibility
- Increase in security regarding the user access to information and the digital resources, as it eliminates the need to replicate databases of user credentials for separate applications and systems, which are potential weak points
- Increase in sensitive information shared across government and organizational boundaries in case of crisis
- Allows to focus on users of information and services rather than on entities that house those resources
Key challenges and gaps - Fragmentation of research in identity along disciplinary lines
- Need for new identity proof processes
- Privacy issues: use limitation principles, avoid pervasive surveillance
- Capability to efficiently integrate services throughout the chain
- Time saving identification
- Specifications and nature of a Digital Identity dictated by the social and political environment of the country of issuance
- Increasing number of electronic identity-related crimes (identity fraud, identity theft, impersonation), which makes it difficult to guarantee the legitimacy of identities
Current research - Cultural-dependent identity systems
- Mobile and biometrics in eIdentity
- Privacy protecting identity management systems
- User-centric identity, delegation of authority
Disciplines of research: legal, technological, social, economic
Possible research instruments: testbeds and living labs, STREPs
Future research: long term and short term issues Short-term research - Quantitative research on cost-benefit analysis of interoperable identity
- Dynamic user-controlled identity disclosure
- Formal verification of identity management systems
- Governance and legal issues, levels of assurance
Long-term research - Context-dependent identity management