2.2.8: Identity Management
Other Information:
Digital identity management has long been a policy priority in the EU Member States, and large- scale investments have been
deployed. In the context of collaborative governance, digital identity constitutes a fundamental pillar of trustworthy cooperation.
Identity management systems include control and management of credentials used to authenticate one entity to another, and
authorise an entity to adopt a specific role or perform a specific task. Global in nature, they should support non- repudiation
mechanisms and policies; dynamic management of identities, roles, and permissions; privacy protection mechanisms and revocation
of permissions, roles, and identity credentials. Furthermore, all the identities and associated assertions and credentials
must be machine processable and human understandable. At the EU level, the goal is to provide an interoperable privacy protecting
infrastructure for eID that is federated across countries, with multiple levels of security for different services, relying
on authentic sources, and usable in a private sector context. Alongside this, a flexible, context- dependent and interoperable
identity management system is required for large- scale deployment. In particular, federated identity management systems that
ensure flexible deployment and seamless integration of users' preferred identities, including commercial (such as Facebook
connect) and open source solutions (such as OpenID) are needed. Particular focus should be put on usable delegation of privileges,
which is very important for workflows and integrating services. Electronic identity management should identify non- humans
(devices, sensors) as well as humans, in order to ensure validated identity in the context of participatory sensing and the
Internet of Things. At the same time, eIdentity management should take into account the risks of information centralization
in terms of data privacy and security. Cost- benefit considerations of centralised versus federated systems remains a key
issue. Identity federation can be accomplished in any number of ways, some of which involve the use of Internet standards,
such as the OASIS Security Assertion Markup Language (SAML) specifications, with the use of open source technologies and/or
other openly published specifications.
Indicator(s):
|
