Government Technology

Emerging Standards for Identity and Access Management

September 22, 2005 By

Tod Newcombe
One of the biggest issues government faces today is the management of user identity and access to information in an increasingly intergovernmental world. Chip Felton, CIO for the New York State Department of Mental Health, outlined how the state is tackling the problem. He chairs the state CIO Council Committee on Technology, which has set the goal of developing standards for a federated approach to identification and access management (IAM) that leverages the state's existing enterprisewide infrastructure.

A federated solution is a much simpler approach to identity management, when compared to a centralized system. In the commercial sector, credit card companies, such as Visa and MasterCard, use a federated approach when it comes to managing the millions of users who have credit card accounts. Most experts in the public sector see federated IAM as the best solution to growing demands for cross-agency and intergovernmental information sharing.

Some of the technological components of a federated IAM system include: directory services, single sign-on tools, credentials, tokens, biometrics and federators, which are translators between legacy IAMs and new IAMs.

The standards that underlie these technologies include LDAP and SAML, which is a security assurance markup language, a sort of XML for IAM over the Web. SAML is a critical middleware, the glue that makes IAM happen. It has become the emerging standard that could make IAM a viable solution for state and local governments.

The benefits that a standards-based IAM can deliver include:
  • A simpler way to grant and revoke user access to information
  • A reduction in the number of sign-ons and passwords an individual must work with to access multiple systems and databases
  • Greater security when it comes to user access to information
  • The elimination of complex, bilateral data sharing rules and structures between different levels of government.
Not surprisingly, the current state of IAM in New York is a hodge-podge of standards and solutions. In a recent state agency survey conducted by the CIO Council, they found that:
  • There's no uniform process for establishing user identification
  • There's no regular recertification of identifications
  • There's no single identification process within an agency, which means too many workers are dealing with too many passwords
  • Passwords are the most common form of identification and access control
  • Some biometrics are being used for IAM
  • The amount of information being shared across agencies and governments is increasing significantly.
To put the proper focus on the situation, the CIO Council has drafted an "emerging enterprise strategy" for IAM. It starts with a Common Trust Model that sets policies and procedures for identity management and also establishes the proper process for issuing and revoking credentials for users. Second, it calls for an Enterprise Infrastructure and an Internal Agency Infrastructure for IAM, which includes directory services across legacy applications. Third, it establishes the Federation Layer, which is where SAML middleware will be applied to make federated IAM possible.

New York's CIO Council plans to issue a report on its strategic plan for IAM in October.

| More


Add Your Comment

You are solely responsible for the content of your comments. We reserve the right to remove comments that are considered profane, vulgar, obscene, factually inaccurate, off-topic, or considered a personal attack.

In Our Library

White Papers | Exclusives Reports | Webinar Archives | Best Practices and Case Studies
Fresh Ideas In Online Security for Public Safety Organizations
Lesley Carhart, Senior Information Security Specialist at Motorola Solutions, knows that online and computer security are more challenging than ever. Personal smartphones, removable devices like USB storage drives, and social media have a significant impact on security. In “Fresh Ideas in Online Security for Public Safely Organizations,” Lesley provides recommendations to improve your online security against threats from social networks, removable devices, weak passwords and digital photos.
Meeting Constituents Where They Are With Dynamic, Real-Time Mobile Engagement
Leveraging the proven and open Kofax Mobile Capture Platform, organizations can rapidly integrate powerful mobile engagement solutions across the spectrum of mobile image capture, mobile data capture and complete mobile process integration. Kofax differentiates itself by extending capture to mobility, supporting multiple points of constituent engagement. Kofax solutions dynamically orchestrate the user’s mobile experience from a single platform—reducing time to market, improving process perf
Public Safety 2019
Motorola conducted an industry survey on the latest trends in public safety communications. The results provide an outlook of what technology is in store for your agency in the next five years. Download the results to gain this valuable insight.
View All

Featured Papers