The technology behind managing digital identities

This week Microsoft was pleased to have the opportunity to participate in the Digital Identity Conference 2012 on Managing Digital Identity in a Networked World, organised by the Victoria University of Wellington.

There are many facets to the dialogue on digital identity. It is woven of philosophy, context, technology, security, privacy, and individual rights and freedoms.

Looking at the practical needs for IT systems, people need access to information and IT resources to get their job done. But if the wrong people get access, there can be serious consequences. Reliable identity information is essential for IT systems to know who should have access to what. 

As we move to a digital-first mind-set, there is an evolving discussion about the ways that organisations - particularly if they are closely related - can save significant time and improve reliability of identity verification by moving to a single set of trusted client credentials and relying on a single agency’s identity information - provided that the correct policy and technology settings are in place to protect individuals.

This article briefly discusses some of the practical issues relating to identity management in IT systems, and Microsoft technology that can help.

Reliable information

It’s common for organisations to use multiple systems, and have multiple copies of identity information. This results in complexity, lots of work, and errors. Technology like Microsoft’s Forefront Identity Manager helps organisations to establish an authoritative single identity that draws on multiple systems to maintain an accurate and complete set of identity claims.

A well-managed identity is the foundation for IT systems to reduce complexity and automate access.

Use one set of credentials

A well-managed identity can be extended (or “federated”) reliably to other systems and trusted outside agencies so that people can have secure access with one set of credentials. Federation makes collaboration between agencies simpler, and makes a single sign-on password possible. Microsoft’s Active Directory services for Windows Server and the Windows Azure cloud provide interoperable and open platforms to help IT systems connect in a way that keeps it simple for people using them.

Secure access from anywhere

IT policies can be used to deliver the right information more securely to the right people, regardless of the device or service they are using, and - if permitted by an organisation's policies - even when they do not have access to the internal network or approved devices.

People should be able to work effectively away from the office, whether they are travelling, or simply working from home. Microsoft’s cloud services, DirectAccess technology, and the Forefront Unified Access Gateway work together to provide simplified remote access not only to securely managed trusted devices, but also to devices and web interfaces that are not managed by IT security policies.

Reduce routine work

IT staff can spend a lot of time handling routine tasks like resetting forgotten passwords and processing requests to access services. It’s all too easy for complexity to creep in, and for mistakes to happen. With Forefront Identity Manager, approval processes and password resets can be automated, or directed to people with the right level of authority, rather than being done manually by IT staff. This sounds like a small thing, but the savings can be significant.

Enhance privacy

With claims-based cryptographic technology like Microsoft U-Prove, privacy can be enhanced by minimising the exchange of personal information to verification of only the necessary attributes (such as age or income) without unnecessarily disclosing identifiable information (such as name or address).

This approach offers an opportunity to actually enhance privacy and protect individuals, while greatly increasing the efficiency of IT systems.

By Waldo Kuipers, Corporate Affairs Manager, Microsoft New Zealand Limited