The Open Group Jericho Forum Publishes Identity Commandments

Commandments focus on the fundamental design issues surrounding identity management and the access to systems, services, and data

May 16, 2011

4 Min Read


LONDON, 16 May, 2011 – The Open Group Jericho Forum' has unveiled a set of Identity Commandments focusing on the fundamental design issues surrounding identity management and the access to systems, services and data. The Identity, Entitlement and Access Management (IdEA) Commandments represent a set of open and interoperable principles that IT professionals can use to build a user-centric security framework within their organizations. They are geared not only to enabling organizations and individuals to address the needs of increased collaboration and operating in the Cloud, but also to providing a benchmark by which existing and developing Identity solutions can be assessed and measured. Users in both the public and private sector can now evaluate the plethora of new corporate, government and commercial identity initiatives currently emerging.

“Jericho Forum' builds on the work of NSTIC by providing an effective direction going forward. The creation of a large centralized database containing key identifiers and information is far too vulnerable. The private sector must avoid the Big Brother approach proposed in the now abandoned UK national ID card scheme. In the Jericho Forum' Identity Commandments, ownership of essential personal data stays with the individual and cannot be compromised or exploited by any powerful player,” said Merlin, Lord Erroll, independent Cross-bench peer, who presented at the Jericho Forum' Conference last week, part of The Open Group Conference, London.

“The inadequacies of traditional approaches which lump identity management and access management simply highlight the need for a completely fresh approach. Entitlement is the key to separating identity management and identity access and promoting a more effective risk-based approach,” said Paul Simmonds, co-founder and board member of the Jericho Forum'.

Strategies that recommend the aggregation of identity data into a single database are not only ineffectual but can also expose confidential attributes. The recent loss of sensitive personal data by Sony, and the LastPass security incident where password information held in the Cloud went missing, remind us again of the dangers of having large reserves of personal information.

“Ultimately, we live in a world, where commerce, collaboration and the Internet are all global; therefore identity for the 21st century must also be global,” Simmonds added.

“This new work focuses on the de-perimeterization and globalization of "identity," and we see it as even more important than the original Jericho Forum' Commandments, on which it is founded.”

The new IdEA Commandments encompass all the “entities” – both human and digital – and promote a comprehensive and complete view of identity entitlement and access management.

They are:

1. All core identities must be protected to ensure their secrecy and integrity 2. Identifiers must be able to be trusted 3. The authoritative source of identity will be the unique identifier or credentials offered by the persona representing that entity 4. An entity can have multiple separate persona (identities) and related unique identifiers 5. Persona must, in specific use cases, be able to be seen as the same 6. The attribute owner is responsible for the protection and appropriate disclosure of the attribute 7. Connecting attributes to persona must be simple and verifiable 8. The source of the attribute should be as close to the authoritative source as possible 9. A resource owner must define entitlement 10. Access decisions must be relevant, valid and bi-directional 11. Users of an entity's attributes are accountable for protecting the attributes 12. Principals can delegate authority to another to act on behalf of a persona 13. Authorized principals may acquire access to (seize) another entity's persona 14. A persona may represent, or be represented by, more than one entity

For the full version, visit the Commandments on The Open Group website, here:

The new Commandments were first presented in open debate last week at the first-ever Jericho Forum' one-day conference which took place within the framework of The Open Group Conference, London.

The Jericho Forum will be continuing its work in defining identity and is working on the development of the supporting glossary. The group welcomes continued feedback to ensure that its principles remain closely aligned to the needs of modern business.

# # #

About The Jericho' Forum

The Open Group Jericho Forum' is an international Forum within The Open Group that focuses on defining and promoting the solutions surrounding the issue of de-perimeterization and secure collaboration within Cloud Computing enterprise environments. The Jericho Forum' recognizes that over the next few years, as technology and business continue to align closer to an open, Internet-driven world, the current border-centric security mechanisms that currently protect business information will not match the increasing demands for protection of business transactions, collaborative working and shared data.

For more information please visit: or

About The Open Group

The Open Group is an international vendor- and technology-neutral consortium upon which organizations rely to lead the development of IT standards and certifications, and to provide them with access to key industry peers, suppliers and best practices. The Open Group provides guidance and an open environment in order to ensure interoperability and vendor neutrality. Further information on The Open Group can be found at

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights