Submitted to the UK Cyber Security Knowledge Transfer Network at the Identity Assurance Workshop held on May 3, 2007
Based on research supported by a grant from the Eduserv Foundation
Updated May 23, 2007
Framework to Analyze Fitness for Purpose of Authentication Services
by Chi Nguyen
This paper proposes that an identity assurance service must be fit for purpose. A consequence of this requirement is that an identity assurance service must have a well defined application. The paper includes an Identity Authentication Framework for consideration as a possible methodology to assess fitness for purpose of identity assurance services.
The UK government identity card system was one topic discussed at the Identity Assurance Workshop organized by the UK Cyber Security Knowledge Transfer Network (KTN). There were open questions regarding where and which agencies and organizations would be able to use such identity cards. The KTN could help the government address those questions by emphasizing the necessity for a methodology to assess fitness for purpose of each and every application of the identity cards. The KTN could also develop a reference framework that any organization could adapt for their own use.
Progression through the steps in Figure 1 indicates increasing complexity for the development, deployment, operations and management of identity assurance services. This increase in complexity has a proportional or possibly geometric effect on the costs and risks associated with the provision of such services. Identity assurance services should be encouraged to have specific uses and less complexity.
Less Data To Store
The decision to store data is often made without intentional analysis of security implications. Figure 1 aims to make such decisions an explicit aspect of analyzing the fitness for purpose of identity assurance services. Data storage should be policy or functional decisions and not separate behind the scenes technology decisions.
Less Risks and Liabilities
Figure 1 implies that identity assurance services which require accountability will have the highest level of security risks and liabilities due to the use of identifying attributes or tokens and the ethical responsibilities and legal obligations caused by the storage of identity related data. Consider for example an amusement theme park, such as Legoland in Windsor, that has a ride which requires a minimum height for all riders. The park already has a system to issue ID cards similar to credit cards to all visitors. It could add height data to the ID cards and ask for the ID cards at the ride. This would create unnecessary complexity and risks since the ID cards have individually identifying information. The park actually uses an efficient method that simply has a sign posted at the ride and requires riders to authenticate by standing next to the sign for visual comparison. Identity assurance services should be encouraged to avoid accountability requirements unless needed for a specific purpose.
Mere possession of certain attributes or tokens is not an authentication, identity or security problem. A problem is created precisely at the time an attribute or token is used to claim a specific identity. Diligent analysis of fitness for purpose reduces risks and complexity of identity assurance services. Best practices could be effectively captured and expressed in a standard analytical methodology.
- Kent, S. (Ed). (2003). Who goes there? authentication through the lens of privacy. Washington, DC, USA: National Academies Press.
- The Open Group (2000). Open group technical standard: authorization (azn) api. Retrieved May 23, 2007, from http://www.opengroup.org/onlinepubs/009609199