27 December, 2010
category: Corporate, Digital ID, Government
AVISIAN’s 2010 Expert Panel Series
One of the reliable features of the identity space is constant change. Technology innovations bring capabilities previously unseen and from there new laws, standards and treaties change how technologies and processes can be deployed and amend how previously contemplated visions could be accomplished.
The past year has seen a flurry of activity, particularly within the U.S. and among standards bodies globally. The National Strategy for Trusted Identities in Cyberspace (NSTIC), which was spawned by recommendations from industry advisory groups, has generated a number of companion initiatives regarding identity, privacy, technology standards development and public policy responsibilities.
Add in several similar initiatives globally and even the most devoted have found keeping up with all the moving parts, and how they may be related, a demanding chore.
The year 2011 will see more of the same as these move to maturity and new initiatives appear. There will be a variety of efforts to achieve trusted identities across lines of business and assurance levels, to forge consistent applications of systems, policies and procedures compliant with industry specific identity and privacy standards.
To accomplish this, and to accommodate the perspectives of a broader number of audiences and participants, there will be significant–and not always aligned–efforts in five areas:
-
Vetting practices. What is necessary to assure individuals are who they claim to be.
-
Authentication modes. The rise of mobile authentication using new and alternate form factors and processes to assure individuals are actually, at the time of the transaction, using mobile or other devices.
-
Levels of assurance. What is the appropriate level for specific transaction types and structures across different lines of business and how to make different levels of assurance coexist peacefully in the same environment–particularly in cloud environments.
-
Privacy assurance. What are the rules of what can be shared, to whom and what permissions or “opt out” structures will need to be put into operating environments? Expect a lot more effort to define what is personally identifiable information–particularly regarding attributes and metadata that should be included–for individuals and businesses.
-
Liability. What happens when there is a breach? Who is responsible, what are the responsibilities for notification and what are the limitations?
In each of these areas, there will be increased focus surrounding legal jurisdictions or which rules govern when data flows across borders, cloud environments and federation structures. In some cases this will be a debate at sub-national levels.
In the U.S., for example, states have provisions inconsistent with one another for identity protection while in places like the European Union; there are multiple state contracts with additional nuances by particular states for operations within their environments.
All of this will be accompanied by the ever-constant introduction of new products with more robust capabilities and possibilities which give rise to new challenges and opportunities to upgrade existing practices and policies. Whether these technologies will be more robust in the sense of durability and expanded range of operating conditions, or to open up new debates such as using these capabilities to change the acceptability of remote enrollment and authentication, change will come.
There will be more activity to better educate the user community and the public about why all this activity is important and how to better protect themselves. We should see more robust business cases and training materials that provide lessons learned and best practices for those who want to proceed with some confidence that they are making the “right” choices for them and for the right reasons.
In all, a very busy year!
About the AVISIAN Publishing Expert Panel
At the close of each year, AVISIAN Publishing’s editorial team selects a group of key leaders from various sectors of the ID technology market to serve as Expert Panelists. Each individual is asked to share their unique insight into what lies ahead. During the month of December, these panelist’s predictions are published daily at the appropriate title within the AVISIAN suite of ID technology publications: SecureIDNews, ContactlessNews, CR80News, NFCNews, DigitalIDNews, ThirdFactor, RFIDNews, EnterpriseIDNews, FinancialIDNews, GovernmentIDNews, HealthIDNews, FIPS201.com, IDNoticias es.