Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


10:04 AM
Dark Reading
Dark Reading
Products and Releases

The Open Group Jericho Forum Publishes Identity Commandments

Commandments focus on the fundamental design issues surrounding identity management and the access to systems, services, and data

LONDON, 16 May, 2011 – The Open Group Jericho Forum' has unveiled a set of Identity Commandments focusing on the fundamental design issues surrounding identity management and the access to systems, services and data. The Identity, Entitlement and Access Management (IdEA) Commandments represent a set of open and interoperable principles that IT professionals can use to build a user-centric security framework within their organizations. They are geared not only to enabling organizations and individuals to address the needs of increased collaboration and operating in the Cloud, but also to providing a benchmark by which existing and developing Identity solutions can be assessed and measured. Users in both the public and private sector can now evaluate the plethora of new corporate, government and commercial identity initiatives currently emerging.

“Jericho Forum' builds on the work of NSTIC by providing an effective direction going forward. The creation of a large centralized database containing key identifiers and information is far too vulnerable. The private sector must avoid the Big Brother approach proposed in the now abandoned UK national ID card scheme. In the Jericho Forum' Identity Commandments, ownership of essential personal data stays with the individual and cannot be compromised or exploited by any powerful player,” said Merlin, Lord Erroll, independent Cross-bench peer, who presented at the Jericho Forum' Conference last week, part of The Open Group Conference, London.

“The inadequacies of traditional approaches which lump identity management and access management simply highlight the need for a completely fresh approach. Entitlement is the key to separating identity management and identity access and promoting a more effective risk-based approach,” said Paul Simmonds, co-founder and board member of the Jericho Forum'.

Strategies that recommend the aggregation of identity data into a single database are not only ineffectual but can also expose confidential attributes. The recent loss of sensitive personal data by Sony, and the LastPass security incident where password information held in the Cloud went missing, remind us again of the dangers of having large reserves of personal information.

“Ultimately, we live in a world, where commerce, collaboration and the Internet are all global; therefore identity for the 21st century must also be global,” Simmonds added.

“This new work focuses on the de-perimeterization and globalization of "identity," and we see it as even more important than the original Jericho Forum' Commandments, on which it is founded.”

The new IdEA Commandments encompass all the “entities” – both human and digital – and promote a comprehensive and complete view of identity entitlement and access management.

They are:

1. All core identities must be protected to ensure their secrecy and integrity 2. Identifiers must be able to be trusted 3. The authoritative source of identity will be the unique identifier or credentials offered by the persona representing that entity 4. An entity can have multiple separate persona (identities) and related unique identifiers 5. Persona must, in specific use cases, be able to be seen as the same 6. The attribute owner is responsible for the protection and appropriate disclosure of the attribute 7. Connecting attributes to persona must be simple and verifiable 8. The source of the attribute should be as close to the authoritative source as possible 9. A resource owner must define entitlement 10. Access decisions must be relevant, valid and bi-directional 11. Users of an entity's attributes are accountable for protecting the attributes 12. Principals can delegate authority to another to act on behalf of a persona 13. Authorized principals may acquire access to (seize) another entity's persona 14. A persona may represent, or be represented by, more than one entity

For the full version, visit the Commandments on The Open Group website, here: http://www.opengroup.org/jericho/Jericho%20Forum%20Identity%20Commandments%20v1.0.pdf

The new Commandments were first presented in open debate last week at the first-ever Jericho Forum' one-day conference which took place within the framework of The Open Group Conference, London.

The Jericho Forum will be continuing its work in defining identity and is working on the development of the supporting glossary. The group welcomes continued feedback to ensure that its principles remain closely aligned to the needs of modern business.

# # #

About The Jericho' Forum

The Open Group Jericho Forum' is an international Forum within The Open Group that focuses on defining and promoting the solutions surrounding the issue of de-perimeterization and secure collaboration within Cloud Computing enterprise environments. The Jericho Forum' recognizes that over the next few years, as technology and business continue to align closer to an open, Internet-driven world, the current border-centric security mechanisms that currently protect business information will not match the increasing demands for protection of business transactions, collaborative working and shared data.

For more information please visit: http://www.jerichoforum.org or http://www.wikipedia.org/wiki/Jericho_Forum.

About The Open Group

The Open Group is an international vendor- and technology-neutral consortium upon which organizations rely to lead the development of IT standards and certifications, and to provide them with access to key industry peers, suppliers and best practices. The Open Group provides guidance and an open environment in order to ensure interoperability and vendor neutrality. Further information on The Open Group can be found at http://opengroup.org.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Manchester United Suffers Cyberattack
Dark Reading Staff 11/23/2020
As 'Anywhere Work' Evolves, Security Will Be Key Challenge
Robert Lemos, Contributing Writer,  11/23/2020
Cloud Security Startup Lightspin Emerges From Stealth
Kelly Sheridan, Staff Editor, Dark Reading,  11/24/2020
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-11-28
An issue was discovered in the Linux kernel before 5.2.6. On NUMA systems, the Linux fair scheduler has a use-after-free in show_numa_stats() because NUMA fault statistics are inappropriately freed, aka CID-16d51a590a8c.
PUBLISHED: 2020-11-28
An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. The copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check, aka CID-c444eb564fb1.
PUBLISHED: 2020-11-28
An issue was discovered in mm/mmap.c in the Linux kernel before 5.7.11. There is a race condition between certain expand functions (expand_downwards and expand_upwards) and page-table free operations from an munmap call, aka CID-246c320a8cfe.
PUBLISHED: 2020-11-28
An issue was discovered in kmem_cache_alloc_bulk in mm/slub.c in the Linux kernel before 5.5.11. The slowpath lacks the required TID increment, aka CID-fd4d9c7d0c71.
PUBLISHED: 2020-11-28
An issue was discovered in romfs_dev_read in fs/romfs/storage.c in the Linux kernel before 5.8.4. Uninitialized memory leaks to userspace, aka CID-bcf85fcedfdd.