2012 promises to continue to advance the case for and the solutions to address the need for trusted interoperable, privacy-enhancing digital identities.
With global fraud on the order of $1 trillion – not a typo – no one really questions the important role identity plays. And this in turn drives the business case for strong authentication and trusted authorization across enterprise, e-commerce and device related applications.
So expect in 2012 to see:
- Federal Information Processing Standard 201-2 draft comments to be released for further comment and updates. Of particular interest will be guidance on binding identity credentials to mobile devices and establishing secure contactless communications aiding the adoption of PIV and PIV-I.
- Mobile devices become the credential form factor of choice, with an associated disruption in the credential marketplace. Government will push for secure methods to use the devices and industry will take advantage of it.
- The National Strategy for Trusted Identities in Cyberspace (NSTIC) moves into an operational phase, establishing a governance infrastructure and getting on track with pilots.
- The Canadian government making strides. In contrast to the NSTIC, Canada has already awarded production contracts for branded credentials and credential brokering services, bringing banks, government and technology vendors together to provide solutions for governments and citizens. This provides a basis for comparison between a government led, Canada, and an industry led, U.S., approach.
- On-line fraud, theft and other crimes become the primary focus for government and law enforcement both in terms of cybersecurity as well as cyberwarfare.
- JSON Web tokens, OAuth, OpenID Connect, SAML 2.0 and SCIM progress as standards and/or with interoperability testing.
- Normalization of attributes becomes possible as a result of the profiles developed and the lessons from interoperability testing. The identity conversation expands to include attribute providers as well as identity providers and their certification, level of assurance and business models.
- Convergence is redefined as the impact of intelligent devices is felt across use cases and eliminates the distinction and separate requirements between personal and business technology and the on-line and physical world.
- Convergence, further accelerated by cloud computing and Web services, will raise the bar on software to be more robust, RESTful and to work on platforms of indeterminate configurations.
- Solutions to protect personal data and provide individual control of personal data including adoption of User Managed Access (UMA) become mainstream.
- A focus returns to the requirements for registration of identity and attributes in ways other than self assertion including the best practices called out in FIPS 201.
- Identity analytics become part of the core set of enterprise services, joining administration, authentication, authorization and audit as the 5th A.