… defines and promotes an Identity Ecosystem that supports trusted online environments.  The Identity Ecosystem is an online environment where individuals, organizations, services, and devices can trust each other because authoritative sources establish and authenticate their digital identities. 

The Identity Ecosystem enables: 

1. Security, by making it more difficult for adversaries to compromise online transactions;   
2. Efficiency based on convenience for individuals who may choose to manage fewer passwords or accounts than they do today, and for the private sector, which stands to benefit from a reduction in paper-based and account management processes; 
3. Ease-of-use by automating identity solutions whenever possible and basing them on technology that is easy to operate with minimal training;
4. Confidence that digital identities are adequately protected, thereby increasing the use of the Internet for various types of online transactions; 
5. Increased privacy for individuals, who rely on their data being handled responsibly and who are routinely informed about those who are collecting their data and the purposes for which it is being used;
6. Greater choice, as identity credentials and devices are offered by providers using interoperable platforms; and  Opportunities for innovation, as service providers develop or expand the services offered online, particularly those services that are inherently higher in risk;

The strategy proposes four primary goals and nine actions to implement and promote the Identity Ecosystem:

Goals

1. Develop a comprehensive Identity Ecosystem Framework
2. Build and implement an interoperable identity infrastructure aligned with the Identity Ecosystem Framework
3. Enhance confidence and willingness to participate in the Identity Ecosystem
4. Ensure the long-term success of the Identity Ecosystem

Actions

1. Designate a Federal Agency to Lead the Public/Private Sector Efforts Associated
   with Achieving the Goals of the Strategy
2. Develop a Shared, Comprehensive Public/Private Sector Implementation Plan
3. Accelerate the Expansion of Federal Services, Pilots, and Policies that Align with
   the Identity Ecosystem
4. Work Among the Public/Private Sectors to Implement Enhanced Privacy
   Protections
5. Coordinate the Development and Refinement of Risk Models and Interoperability Standards
6. Address the Liability Concerns of Service Providers and Individuals
7. Perform Outreach and Awareness Across all Stakeholders 
8. Continue Collaborating in International Efforts 
9. Identify Other Means to Drive Adoption of the Identity Ecosystem across the
   Nation

The Strategy Document doesn’t discuss any specific technologies, but rather, addresses the needs and general concepts required for a national Identity Ecosystem.

If you would like to make public comments on the strategy, a good place to visit is this IdeaScale page hosted by the Department of Homeland Security. Reading comments from other parties on that page is quite interesting.

In other areas of Cyberspace, the reactions to this strategy are mixed.  For example, an active proponent is my friend Dazza Greenwood, who encourages everyone to become familiar with the strategy and actively give feedback:

At the other end of the spectrum is a blogger, Arnold Vintner, whom I do not know, who shares a much more pessimistic view. In his post, “Obama Administration Moves to Reduce Online Privacy,” Mr. Vintner opines:

The Obama administration is proposing a new identity management system for the Internet which is calls “Identity Ecosystem.” This new system will replace individually managed usernames and passwords with a taxpayer-funded federally-managed system.

The scheme is outlined in the National Strategy for Trusted Identities in Cyberspace. The planned system will tie together all of your accounts into one national online identity.  This will enable the federal government to easily track all online activity of every American.

The system will start with the federal government requiring the ID’s for use in accessing federal web sites — such as for filing your taxes online.  The federal government will then force businesses to adopt the system, starting with banks and credit card companies and slowly spreading to encompass the entire online environment. Once fully implemented, Internet users will no longer be able to comment anonymously on blogs or web forums, because all online identities will be verified with the U.S. government.

Where do you stand?  I personally like the idea of public dialog on this issue and the call for public and private entities to participate in a solution.  I look forward to giving feedback and tracking progress.

Much of the article was dedicated to describing the benefits and deficiencies of facial recognition software used by online services like Facebook, Picasa and iPhoto to make it easier for users to keep track of photographs.  Speaking of such functionality,  Michael Sipe, vice president of product development at Pittsburgh Pattern Recognition, a Carnegie Mellon University split-off company that makes face-recognizing software said these types of photo programs are a response to the hassles of keeping track of growing digital photo collections.

"In general, there’s this tsunami of visual information — images and video — and the tools that people have to make sense of all that information haven’t kept pace with the growth of the production of that information," he said. "What we have is a tool to help extract meaning from that information by using the most important part of that media, which is people."

It is interesting that one of the most distinguishing attribute of a person’s identity – his or her face – is so difficult for computers to recognize.  We humans often say, “I can remember faces much better than names,” yet computers are just the opposite.  It turns out that a person’s smile, which may be one of the most easily-remembered feature of the human face (for us humans, at least), is the most difficult for computers to comprehend:

Anil Jain, a distinguished professor of computer science at Michigan State University, said it’s still not easy, however, for computers to identify faces from photos — mostly because the photos people post to the internet are so diverse.

Computers get confused when a photo is too dark, if it’s taken from a weird angle, if the person is wearing a scarf, beard or glasses or if the person in the photo has aged significantly, he said.

Smiling can even be a problem.

"The face is like a deformable surface," he said. "When you smile, different parts of the face get affected differently. It’s not just like moving some object from one position to another," which would be easier for a computer to read.

So … what will happen when this technology matures and makes the leap from family-friendly Facebook to applications in real live security or survellance applications?

Marc Rotenberg, executive director of the Electronic Privacy Information Center, said the motives behind the technology are what worry him.

Governments and corporations intend to use facial recognition software to track the public and to eliminate privacy, he said, noting that automatically identifying people in public in the U.S., when they are not suspected of a crime, could be a violation of constitutional rights.

When facial recognition comes to surveillance cameras, which are already in place, "you’re no longer racing through iPhoto to figure out how many pictures of Barbara you have," Rotenberg said. "You’re walking around in public and facing cameras that know who you are. And I think that’s a little creepy."

I suppose this is like many other technologies – there are an abundance of positive applications, and the potential for terribly nefarious uses.

For example, if facial recognition can be used to identify  terrorists so they could be detained prior to boarding airplanes, we would generally think that was a good application. 

Similarly, if I could be granted entrance to my corporate office building or be logged onto necessary computer systems just by smiling (or frowning) into a camera, the building and computer systems might be more secure and the present-day use of passwords or ID cards might go the way of the buggy whip.

However, if an abusive husband used facial recognition software to stalk his estranged wife, or if the government successfully tracked every movement its citizens made in the normal course of events, we would generally think of those applications as negative.

I have a crazy habit of smiling and waving at security cameras I see in airports or banks or convenience stores. Who knows what is happening on the other side?  At the present level of today’s technology, I’m probably being recorded and not much more.  In a few years, however, the sophisticated software behind the camera will probably recognize Mark Dixon and report my antics to the NSA.  That will surely make me frown, not smile, when I wave to the ubiquitous cameras.

“… detect cyber assaults on private U.S. companies and government agencies running critical infrastructure such as the electricity grid and nuclear power plants, according to people familiar with the program.”

We all know that the national infrastructure is vulnerable, as I mentioned recently in my blog about NERC Critical Infrastructure Protection (CIP) Cyber Security Standards. The object of this program appears to be an attempt to discover security holes that may not be CIP compliant, and detect patterns of attack before harm can be done.

U.S. intelligence officials have grown increasingly alarmed about what they believe to be Chinese and Russian surveillance of computer systems that control the electric grid and other U.S. infrastructure. Officials are unable to describe the full scope of the problem, however, because they have had limited ability to pull together all the private data.

How do you tackle this challenge?  Just monitor the network and find “unusual activity” that may suggest a pending cyber attack.

The surveillance by the National Security Agency, the government’s chief eavesdropping agency, would rely on a set of sensors deployed in computer networks for critical infrastructure that would be triggered by unusual activity suggesting an impending cyber attack, though it wouldn’t persistently monitor the whole system.

This accumulation and analysis of vast amounts of data from numerous sensors is a fascinating topic.  Last September, I blogged about work led by Jeff Jonas to analyze large data sets to detect the types of anomalies the NSA are seeking – all to catch threats to the Las Vegas gaming industry.  It would be interesting to know if the NSA is building upon his work to find terrorists before they strike.

Of course, any surveillance program led by the NSA is bound to be controversial, and this is no exception:

Some industry and government officials familiar with the program see Perfect Citizen as an intrusion by the NSA into domestic affairs, while others say it is an important program to combat an emerging security threat that only the NSA is equipped to provide.

Who knows … perhaps some day the NSA wizards might think my blogging efforts are a threat to national security and plant sensors to detect my email, blogging and social networking communications activity to see if something fishy is going on.   After all, I am not a “Perfect Citizen,” whatever that means.  No one is.

"The overall purpose of the [program] is our Government…feel[s] that they need to insure the Public Sector is doing all they can to secure Infrastructure critical to our National Security," said one internal Raytheon email, the text of which was seen by The Wall Street Journal. "Perfect Citizen is Big Brother."

It will be fascinating, in an apprehensive way, to see how this all comes together:

Because the program is still in the early stages, much remains to be worked out, such as which computer control systems will be monitored and how the data will be collected. NSA would likely start with the systems that have the most important security implications if attacked, such as electric, nuclear, and air-traffic-control systems, they said.

I doubt that covert surveillance of US citizens is the initial intent of this program, but unintended consequences are what trouble me.  For some diabolical reason, increasing the amount of power vested in any one person or group of people tends to lead to oppression of others.  And it sounds like this program will put vast informational power in the hands of a few.

“Power has been out for 30 minutes. We have like 15 candles lit… And it’s starting to heat up.”

Well, for young Eric and his wife, a temporary power outage might be a romantic diversion, but we are all tremendously dependent upon available, reliable electricity distribution.  We simply expect the lights to go on when we flip a switch or power our laptops when we plug them in.

In order for that to happen, the national electrical grid or Bulk Electrical System (BES) must reliably carry energy from generating plants to our homes and places of business.  We have grown to rely on that happening, 24×7x365.

However, according to a new white paper published by Oracle,

“there is mounting evidence that North America’s bulk power systems are dangerously exposed to threats from both within and abroad.” 

A few warning signs include:

• In June 2007, the Department of Homeland Security (DHS) leaked a video that showed how researchers launched a simulated attack that brought down a diesel electrical generator, leaving it coughing in a cloud of smoke, through a remote hack that was dubbed the Aurora vulnerability.
• In January 2008, a CIA analyst revealed that a number of cyber attacks had cut power to several cities outside the U.S.
• In May 2008, the Government Accountability Office (GAO) issued a scathing report on the number of security vulnerabilities at the Tennessee Valley Authority, the nation’s largest public power company.
• In April 2009, The Wall Street Journal reported, according to unnamed current and former national security officials, that Russian and Chinese attackers penetrated the U.S. power grid, installing malware that could potentially be used to disrupt delivery.
• In July 2009, NERC CSO Michael Assante told the House subcommittee on Emerging Threats, Cyber security, and Science and Technology, “Cyber threats to control systems are

In response to these and other conditions:

”the federal government has responded to this threat with a set of security standards for protecting cyber assets that comprise the BES, and set an aggressive schedule for mandatory compliance, beginning in 2007, with all covered entities required to be in ‘audit compliance’ by June 2010. Non-compliance could cost power companies up to $1 million per day in penalties.

“The North American Energy Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) cyber security standards, mandated through the approval of the Federal Energy Regulatory Commission (FERC), provide a broad, though not very prescriptive guide to implement a comprehensive cyber security program, stressing responsibility and accountability for protecting the organization’s critical assets.”

The new Oracle white white paper, entitled, “Protecting the Electric Grid in a Dangerous World,” describes how Oracle Identity Management solutions and the Oracle data security portfolio offer an effective, defense-in-depth security strategy to help meet this challenge, playing a key role in NERC CIP compliance, security and efficient use of resources.

Identity Management:

“Oracle Access Manager, Oracle Identity Manager, Oracle Identity Analytics and other products in the suite of Oracle Identity Management solutions provides application and system-level security, giving power providers and distributors the tools to create sustainable, manageable and auditable controls over access to their critical assets. Identity management and access control are essential components in CIP-003, CIP-004, -005, -006, -007, and are applicable in -008, -009.”

Data Security:

“Oracle’s comprehensive data security portfolio, including Oracle Advanced Security, Oracle Data Masking, Oracle Database Vault, Oracle Label Security and Oracle Audit Vault, allow managing critical information throughout the data protection lifecycle by providing transparent data encryption, masking, privileged user and multi-factor access control, as well as continuous monitoring of database activity. Database security, especially data access controls and privileged user management are essential in CIP–003, -004, -005, -006, -007, -008 and -009.”

It’s great to be a associated with a company whose products can play a major role in the protection of our electrical grid upon which we depend so much.

However, I must admit, lighting a few candles after dark may be enjoyable as well!

PS:  The grid map shown above comes from an interesting interactive map on the NPR.org website.  Enjoy!

I have been intrigued for a long time about the concept of the “Value” of “Identity”.  Consequently, I plan to devote several posts over the next period of time to this subject.  At this point, I don’ t know just what I will write.  I feel like I am entering a new phase of “Discovering Identity.”

Perhaps this train of thought has been triggered by the reality that businesses seek value in each procurement they make – including Identity and Access Management system purchases.  Nearly every customer meeting I have attended recently inevitably gets around to the addressing the need for a solid business case before a purchase can be made.

But I believe the value of Identity goes farther than business cases.  In his song, “Which Way Does that Old Pony Run,” Lyle Lovett reminds us,  “…what’s riches to you just ain’t riches to me …”.  The value placed on anything, including Identity, must be determined by individual people – the stakeholders in a given situation.

So, if you are so inclined to join me, let’s get on the old pony and explore the world of the Value of Identity.  If you have suggestions or ideas, please share them.  It will be a fun ride.

Running stop light = $100.00
DUI = $5000.00
Not wearing a seat belt = $50.00
Putting you & your girlfriend on your fake drivers license = PRICELESS

REMEMBER!! When making a fake ID, attach a picture of yourself ONLY, no matter how much you love your girl.  …  This is an actual drivers license from a traffic stop.

1. Focusing on business value derived from implementation certain technology
2. Focusing on technical capabilities (AKA speeds and feeds) of certain technology

Our unified position was that the the second position only really made sense if aligned with the first.  Technology by itself is certainly interesting, but in real world markets, it is becoming increasingly difficult to justify purchase of any technology unless it is very clear how that technology can deliver business value.

Therefore I spend most of my time focused on the business value of various Identity and Security technologies, rather than the technical details of how they are implemented.  Unless we can really make a positive impact on the business whom buy our products and services, our market is not sustainable.

The specific services provided in each category could include:

Identity Administration Services

• Create, update, delete identities
• Password/credential management
• Entitlement definition/management
• Provision/de-provision access privileges
• Role engineering/management
• Policy definition/management

Identity Enforcement Services

• Authentication
• Authorization
• Access control
• Federation
• Web services security

Identity Audit Services

• Reporting
• Evaluation
• Attestation
• Validation
• Remediation

Did I miss any services that you think should be present?  Any input on the categories or types of services?  Any input or criticism would be most welcome.

At the Platform as a Service (PaaS) and Infrastructure as a Service (IaaS) layers, the only users are administrators of the platform or infrastructure services, respectively.  However, these administrative users may be either on the provider side or on the recipient or enterprise side.  End users, whether within the enterprise (employees or contractors) or external to the enterprise (customers and partners), only exist at the application layer or Software as as Service (SaaS) layer.

This illustrates how cloud computing introduces increased complexity into IAM. Not only do the different layers (PaaS, IaaS and SaaS) have unique requirements, but multiple organizations (e.g. provider and enterprise) need to be considered.

For example, the nature of PaaS services will require provider administrators to have root access to the operating system, while enterprise administrators at the SaaS level may only need access to application configuration functions and external SaaS users only need to access to selected application functions.

Hopefully, this provides food for thought as we explore IAM in cloud computing.  I’d be grateful to hear your comments.

A copy of my presentation deck is available for download here.

At the heart of my the presentation was the following diagram, which illustrates major components required in a Patient Consent Management system:

A brief explanation of key components follows:

Identity and Role Repository

IAM technology and methods provide the foundation for an effective patient consent management system.  An Identity and Role Repository contains Identities, roles and access control credentials necessary to support the consent system.  This repository includes:

• Patients
• Providers
• Access Rights
• Roles (map business responsibilities to access rights)
• Override Rights (Only users with specific roles can perform override without consent)

Consent Registry

A consent registry is required to specify what permissions have been granted by patients, within the allowable limits specified by each applicable jurisdiction.   Some of the key attributes include:

• Consent Permissions for
• Patients
• Organizations
• Users
• System-wide mask (everyone)
• Fine gained access
• Include or exclude attributes
• Accommodation for multiple jurisdictions

Master Patient Index

A Master Patient Index enables correlation of patient data across multiple repositories.  This is essential because patient records are typically help in multiple locations.  In other cases, if patient records exist in the same physical data warehouse, they are often logically separated. 

Federated Data Access

If patient data is located in physically or logically separate locations, Federated data access controlled allows access across domain boundaries without compromising the privacy or integrity of individual patient record repositories.

Data Access Services

By providing a set of centralized data access services governed by IAM, the Consent Registry and the Master Patient Index, a secure method of patient data access is possible.