"It is impossible for ideas to compete in the marketplace if no forum for
  their presentation is provided or available."           Thomas Mann, 1896

---

Managing Identities

By: Vijay Auluck, Shelagh Callahan and Abhay Dharmadhikari
Contributed by: Intel Corporation

Abstract

As the world around us grows increasingly digital, so do the identities we use for each other, as well as the identities of devices, processes, and organizations. Most of us have digital identities associated with multiple devices, networks, services and organizations. What we lack is a good way to manage these identities, including the credentials used to access our devices and services, and the policies controlling where and how we expose our identities. This white paper explores a client-based approach to this problem: Intel’s Manageable Identities. Manageable Identities (MID) technology is intended to complement infrastructure-based identity management solutions under development - in standards like the Liberty Alliance and products like Tivoli Identity Manager and others. By providing a consistent, user-focused view, Intel’s Manageable Identities facilitate the ways people interact with the devices, networks and services they use every day.

Introduction - the Growing Need for Identity Management

The sheer number of identities most people have is reaching the point where they’re becoming personally and organizationally difficult to manage. For instance, a person might have:

• Personal identities like a driver’s license, social security number or passport

• Identities related to devices, such as passwords to get into computers, PDAs, cell phones and answering machines

• Logins to access home networks, enterprise networks, wireless hotspots and cellular networks

• Accounts to access the Web, email, online businesses (e.g., eBay* and Amazon*), instant messaging, Short Message Service (SMS), and voice message services

Having so many identities makes it hard to keep track of them all. Whether it’s trying to remember a username and a password, or keying in a wireless access code, people experience problems daily dealing with the multitudinous identities required for access to their devices, networks and services. As a

result, people look for ways to simplify their identities. According to a recent RSA Security survey (February 2004) of 1,000 consumers, 15% use the same password for everything. Others maintain long, easily stolen lists of their usernames and passwords. This is both a real security issue and a sign that people are having trouble coping.

On the enterprise side, as people’s identities and devices have proliferated, so have the administrative issues surrounding assigning identities and privileges, as well as verifying them. A worldwide study (State of IT Security 2003) conducted by CIO Magazine and PricewaterhouseCoopers found respondents most frequently employed user passwords (84%), multiple logon/passwords (51%), and levels of authentication based on risk classification (27%) to protect critical data and information systems. They pay dearly for these controls. According to an IBM estimate, companies spend as much as $400 a year to manage a single user and 40% of help-desk costs are password-related.

Today’s Digital Identity Management Solutions

Most identity management efforts to date have focused on the infrastructure portions of corporate enterprise and service provider solutions. The IT world considers identity management critical for managing access to information and applications scattered across a wide range of internal and external computing systems. The ever-changing number and transient nature of users and devices, both inside and outside the organization, make enterprise identity management extremely challenging.

Research from the META Group (May 2002) shows that organizations with annual enterprise-wide revenue greater than $500 million generally have more than 75 applications, databases and systems that require authentication. This same research reports that the average user spends 16 minutes per day authenticating and signing in. For a 10,000 person organization, that’s the equivalent of 2666 hours per day. This suggests a significant barrier to ease of use and manageability - as well as a significant hit to the bottom line.

The financial industry once dealt with a similar problem regarding credit cards. Originally credit cards were store-specific. Consumers had to carry many cards (and thus many different identities) in order to do business with a wide variety of stores. Third-party companies like VISA, MasterCard, and American Express changed that. Now it’s possible to have just a few credit card identities which use back-end business agreements to coordinate consumer access.

Some recent identity-management solutions take a similar approach. Federated identities make use of business agreements that permit controlled sharing of identity information between multiple providers. A user can ‘sign-on’ to one provider and have that instance transferred appropriately to another. Examples of such approaches include the Liberty Alliance and the WS-Federation. Both of these approaches make use of security specifications available from OASIS.

Intel’s Interest in Identity Management

Intel believes a client-based approach to identity management could complement infrastructure-based identity management solutions and radically reduce the complexity of identity management for people and devices. This approach - Intel’s Manageable Identities technology - would provide the missing piece of the puzzle.

The benefits of improving identity management would be enormous. Intel’s Manageable Identities technology would help:

• Make it easier for people to gain immediate and secure access to the information they need, when and where they need it.

• Enable individuals, businesses and organizations to operate and do business more efficiently and achieve productivity gains.

• Provide better ways to manage the overwhelming number of identities (passwords, pins, credit card numbers, etc.) people have to maintain each day for themselves and their devices.

• Ensure compliance with government data-privacy and auditing regulations - a growing concern as legislation and public policy continue to evolve and new technical issues and expectations come up.

Intel’s Manageable Identities Technology

Intel Manageable Identities technology is a client-based approach designed to enable flexible access to any device, network or service through a trusted access environment that cooperates with and extends infrastructure-based solutions, including federated models. This technology - working with the full constellation of cell phones, PCs, PDAs, and other personal and business devices - will enable identities to be shared, transported and locally managed, depending on provider and user policy.

Manageable Identities technology was originally conceived as part of a suite of technologies designed to remove obstacles to the complete mobility of people, devices and services. Complete mobility would require access to content and services anytime, anywhere, from any device. Hence, a major goal for the Manageable Identities Framework is enabling individuals (acting alone or as a member of a group/organization) to choose:

• Which identity they wish to use for a given activity or usage

• The most appropriate device

• The most appropriate network to access the desired service

Fundamentally, Manageable Identities enables a consistent view of an identity:

• On-line or off-line

• In concert with an identity infrastructure, including federated schemes

• Across different infrastructure domains, e.g. home and office

The technology is intended to complete an identity system by filling out the infrastructure view of identities with a coherent, compatible client view.

FIG 1. Intel’s Manageable Identities technology enables easy, trusted consistent access across devices, networks and services through a policy-based model that defines identity by context (i.e., the relationship between the two or more identities seeking connection to each other). A person simply chooses the appropriate identity for or through a device to access the right network and service.

What makes an identity a manageable identity? Manageable Identities technology uses a contract-based model for identity. To be manageable under Intel’s framework, an identity is considered defined only if there’s an agreed contract for its use between two or more entities (such as between an individual and an Internet Service Provider (ISP) or an individual and a WLAN). The contract could be relatively informal, such as that between two peers, where the agreement is only a nod between those individuals. Or it could be based on a highly structured business agreement between multiple companies.

The Four Manageable Identity Components

A Manageable Identity consists of four components which define the Manageable Identity’s behavior under the contract between the parties. Parties to such a contract can include individuals (or organizations), devices, or software processes. Figure 2, for instance, uses a person/device as one contractual party and a service provider as the other. The number and type of contractual parties is arbitrary. Here’s a brief description of the four components.

FIG 2. How the four components of Manageable Identities technology work together to establish an engagement between a person or a device and a provider.

1. Assertion. Traditionally known as credentials, assertions include identity objects such as SIM keys, certificates, username/password, and biometrics. This data is used to ‘assert’ an identity. A given Manageable Identity may have multiple assertions associated with it, or may even share assertions with other Manageable Identities. The only requirement is all contractual parties understand and can authenticate the assertions. Anything else is allowed by implementation. However, some choices may have strong side effects. For instance, choosing to share assertions between Manageable Identities may bring a heavy management burden, as well as exposing some privacy issues.
    

2. Mechanism. This is the mutually agreed process/protocol operating over the assertions assigned to the contractual parties. Examples of such mechanisms include authentication, authorization, and introduction. Note that mechanisms may support multiple types of entities (e.g. persons, devices, services) and that they may operate over more than two entities. For instance, an authentication mechanism may be defined that mutually authenticates all parties to a conversation, not just a supplicant and an authenticator. Manageable Identities will usually have multiple mechanisms defined. For instance, there may be multiple authentication mechanisms to go with different assertions. The various authentication mechanisms might be activated simultaneously or layered. One might also layer both authentication and authorization mechanisms. To be a valid Manageable Identity, there must be at least one set of mutually agreed assertions defined, and at least one mechanism defined, and that mechanism must be authentication. After that minimum is established, any number of assertions and mechanisms may be added.
    

3. Policy. Policies make identities manageable by adding mutually agreed boundaries of use for electronic environments. Examples include policies for sharing an identity, copying an identity, and transferring an identity to another device. Policies are critical in forming an identity that is truly manageable. For instance, they help to translate the policies embodied in the ownership of physical proofs of identity, such as driver’s licenses, to a purely electronic instantiation.
    

4. Preference. Preferences refer to unique user or issuer characteristics for an identity. Examples would include shopping preferences, confidential document accesses, and driver license points. Intel’s Manageable Identities implementation focuses, in detail, on assertions, mechanisms and policies. Preferences are supported as undifferentiated data sets that are transported with the identity. This choice of focus was made because the actual preference data varies greatly by market segment and may have existing well-known or standard definitions.

The Manageable Identities Vision for Identity Usage

The goal of Manageable Identities technology is to make access to devices, networks and services as easy and flexible as possible. Where required, strong, multi-factored authentication may be deployed. On the other hand, Manageable Identities allows the creation of Manageable Identities with lower privacy requirements, which need not be linked to more strongly authenticated identities, thus preserving their privacy.

As a client-based approach, Manageable Identities technology starts with the individual and the constellation of client devices an individual might use at home, office, or on the move. These devices might be connected sporadically or continuously by a variety of interconnects (e.g., Bluetooth*, IR, USB*, WLAN). Any of the local devices may use any of the appropriate Manageable Identities (as permitted by policy) owned by an individual. Some of these Manageable Identities are issued by a remote provider. Others may be managed more informally, locally by the user, for interaction solely within a given domain like the home. For those Manageable Identities issued by a provider, policies between user and provider determine how identities and their management interact locally and within a provider context.

Within a client constellation of devices, depending on provider and user policy, Manageable Identities could be:

• Shared

• Transported from one device to another

• Locally and/or remotely managed

• Limited to local use

• Located in one device that acts as an identity server for other devices

Support for Hardware and Software Identities

Intel’s Manageable Identities technology will support the co-existence of hardware and software identities and their existing business models. Hardware identities (identities embedded in processors so they cannot be corrupted) may have Manageable Identity reflections for purposes of integration and management.

Each form of identity has its advantages. Hardware identities provide:

• Walk away factor - Smart Cards and similar identity devices make it easy to carry identity-relevant information in a wallet, pocket or purse.

• Turnkey operation - A hardware identity device can be use as an “ignition key” for a device.

• Provisioning support - Many businesses have existing processes built around deployment of hardware identities.

FIG 3. Intel’s Manageable Identities technology promotes a supportive co-existence and integration of hardware and software identities that are governed by provider and user policies

Software Identities provide:

• Device integration - Smooth transition between devices (and their varied resources), networks and services for true mobility.

• Policy-based transportability - Extremely transportable and manageable where allowed by policy.

• Expanded system environment - A more capable, associated protected environment for applications to execute in. This means greater range and value for such applications.

Basic Manageable Identities Functionality

Common Interface

Manageable Identities technology defines a common interface for various operations that control the lifetime of a usable identity. These include:

• Creating and destroying identities

• Sharing identities

• Transporting an identity over to other devices

• Linking a sub-identity to a previously existing identity on which it depends. (An example of a linked identity is a movie club sub-identity that is linked to a previously existing credit-card identity through which billing is done)

The existence of a common interface makes it easy to write applications that can use all different kinds of identities without having to know low-level details of how each identity works internally. It also allows the partitioning of rights between a user of an identity and a manager of an identity, while scoping the interaction so that managers and users see only those identity attributes that belong to them.

Communicating Trust

Manageable Identities technology has the ability to insert assertions about the trustworthiness characteristics of the platform into the mechanism processes. This could include information regarding protected storage, protected execution, encrypted I/O with attached biometric reader, etc. Applications controlling access to very sensitive resources can use this information as part of their decision on whether or not to grant access, make decisions about whether a particular Manageable Identity is transportable, or log the information for regulation compliance audits.

Multiple Identities

Users are frequently given the same kind of identities for different purposes, such as for accounts with different businesses. The Manageable Identities framework provides a convenient place to store all these identities and search through them to select the right one for the task. It also enables identities held in common, e.g. electronic credit cards, to be used as a common resource and applied to different applications or providers. What’s more, as new kinds of identities and devices come up, Manageable Identities technology gives these identities into a common framework so that applications can treat the identities in the same way.

FIG 4. Intel’s Manageable Identities technology enables management of many types of identities with appropriate policies and device trust levels

Configurable Policies

Identities are a sensitive resource requiring control

over who can perform various operations upon them. For example, you may need to limit who may transport an ID to another device or who may share it. Manageable Identities technology includes a simple system of configurable policies that allow you to determine who may perform which operations and who may alter the policies.

Operations

Manageable Identities operations are defined in the same manner for all Manageable Identities. For instance, Transport, will always transport a Manageable Identities between devices, leaving no copy behind. Copy will always duplicate a Manageable Identity for transport or as a template for re-use.

This is different than Manageable Identities mechanisms such as authentication and introduction. These mechanisms are defined on an individual, per Manageable Identity basis. This means that some mechanisms, such as the protocol supporting SIM authentication, may be the same among different Manageable Identities, but others might not be and could even be proprietary. In cases where a well-known mechanism is employed, a library reference from a range of mechanisms could be used.

Mobility

Managtel lobby. Criteria could include wireless service providers with whom the user already has an established account, connection speed, and cost. Users will be presented with a list of choices ranked by the selected criteria.

Manageable Identities Technology in Action

How will Manageable Identities technology improve upon the ways digital identities are used today? To find out, let’s now look at some possible usage scenarios.

1. Public/Private Networks. Today, people have to use a username/password to access each different network they use. That can add up to a lot of usernames/passwords (or one insecure one). With Manageable Identities technology, these identities can all securely reside, ready for use, in a notebook or other device. The device can require users to identify themselves through biometrics (e.g., fingerprint reader), Smart Card, or other method. Once sufficiently locally authenticated, any one of a number of defined Manageable Identities could be used to access a network or service (home ISP, LAN, wireless hotspot). At an airport, for example, a user would be able to use Manageable Identities technology to provide appropriate identities for selecting and establishing service with the best connection option. The user would then be allowed access to the extent permitted according to the selected identity’s policies. Another area in which Manageable Identities technology could play a major role is in one-bill roaming for wireless devices. As a person moves between different wireless networks, such as from an 802.11b hotspot to a 3G cellular network and then to a wireless LAN, Manageable Identities technology could automatically provide the correct identification for access to each network. This identification could include a preference for choosing an existing billing method, e.g. SIM or credit card, where permitted by the provider.
    

2. Home/Personal. Keeping teenagers from accessing things they shouldn’t on the Internet is tough. Particularly if they’re clever enough to learn a parent’s password. Manageable Identities technology could ensure access according to the policies parents set for each member of the family. Manageable Identities technology could link different identifications, such as password and biometrics, to create one secure authentication for authorizing various privileges unique to each member of the household. Manageable Identities technology could likewise be used for a DVD read/write device connected to your cable box. This would prevent people (such as a teenager or house guest) from making DVDs of content you don’t want to pay for or want them to have. Manageable Identities technology might also be used in a digital wallet. By policy, it could track when and where a person buys things. Need to return something? Manageable Identities technology will help verify that you indeed bought the item you are trying to return.
    

3. Corporate/Work. Assigning employees Manageable Identities bound by policies would add another level of management beyond user names and passwords. This would provide a better means of allocating permissions and restricting access to sensitive information, making it is easier to “step up” authorization only as it is required. Once Manageable Identities are established for an employee, additional policies can be added to that identity, providing greater access to corporate resources as the responsibilities of that employee grow. What’s more, when an employee chooses to leave the company or is terminated, all privileges and accesses associated with that employee’s Manageable Identities (and other corporate identities the employee may have) can be canceled through the corporate network electronically. This would mean that even wireless devices not returned by a terminated employee would have their Manageable Identities canceled or altered. Manageable Identities technology could even make the device useless to an ex-employee by preventing them from logging in to the operating system

Summary

Intel’s Manageable Identities technology provides a much needed way to dynamically manage the ever increasing number of digital identities people create, use and eventually terminate in every aspect of their lives. By helping to develop a client-based framework for using this technology in a broad spectrum of devices, Intel is leading the way to helping people and organizations come to grips with a fast-growing problem that will continue to have repercussions throughout society until these identities are better managed and secure. Next steps in Intel’s research and development of Manageable Identities technology include sharing the ideas and technology with the industry to speed development of a solution to the society’s growing digital identity crisis.

Version 1, February 23, 2005,

INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL® PRODUCTS. NO LICENSE, EXPRESS OR IMPLIED, BY ESTOPPELS OR OTHERWISE, TO ANY INTELLECTUAL PROPERTY RIGHTS IS GRANTED BY THIS DOCUMENT. EXCEPT AS PROVIDED IN INTEL'S TERMS AND CONDITIONS OF SALE FOR SUCH PRODUCTS, INTEL ASSUMES NO LIABILITY WHATSOEVER, AND INTEL DISCLAIMS ANY EXPRESS OR IMPLIED WARRANTY, RELATING TO SALE AND/OR USE OF INTEL PRODUCTS INCLUDING LIABILITY OR WARRANTIES RELATING TO FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY, OR INFRINGEMENT OF ANY PATENT, COPYRIGHT OR OTHER INTELLECTUAL PROPERTY RIGHT. Intel products are not intended for use in medical, life saving, life sustaining applications. Intel may make changes to specifications and product descriptions at any time, without notice.

Copyright © Intel Corporation 2005 

Visit the Authors Web Site