Four industry leaders breakdown the importance of online credentials

There have been many discussions about digital identities and online credentials in 2011. The National Strategy for Trusted Identities in Cyberspace (NSTIC) is picking up steam and organizations are seeking to further secure IT networks as threats from hacking increase.

But questions and uncertainty abound. What are digital identities and how do they work? Will one credential work with another? How will they impact privacy and help address regulatory compliance?

In light of these and other pressing questions, Re:ID editors asked some of the leaders in the space to share their thoughts and vision for online ID.

Participating in the roundtable are: Jeremy Grant, senior executive adviser and manager of the National Program Office for NSTIC; Mollie Shields-Uehling, president and CEO at SAFE-BioPharma; Judith Spencer, former co-chair of the Federal Identity, Credential, and Access Management Subcommittee at the U.S. General Services Administration and now CertiPath’s policy management authority chair; and Scott Rea, board member and director of operating authority at the Research and Education Bridge Certification Authority (REBCA).

CertiPath, SAFE-BioPharma and REBCA along with the U.S. Federal Bridge make up The Four Bridges Forum a network of inter-linked cyber communities. The Four Bridges Forum includes all U.S. government agencies as well as the aerospace and defense and research and education communities. 

Microsoft’s Windows 8 will include a feature called Live ID that will enable a user to store any password and then sync it across all other trusted Windows 8 machines, according to a report on theverge.com. Since the Live ID is the only password the user will have to remember, other passwords can be set to long, complex, and unique values that would be otherwise difficult to remember.

This is similar to services such as 1Password and LastPass, where a master password is used to sync login information across devices. It’s likely a user would have to stick with a Microsoft product in order to use the new system. 

Symplified announced the Winter 2011 release of its cloud identity and access management service, a new entry-level version called Symplified ONE for businesses that only need to integrate with a single cloud application and support for the new Amazon Kindle Fire tablet.

With this release, Symplified supports strong authentication for high-trust and sensitive applications that require more security than username and password logins. The Winter 2011 release offers pluggable authentication support, multiple authentication level policies, step-up authentication and mobile strong authentication. 

Datacard Group announced a new partnership with DED Limited, a UK-based distributor of point-of-sale equipment, plastic card printers and specialty printers. The partnership will help expand the reach of the Datacard standard desktop ID solutions throughout the Europe, Middle East and Africa (EMEA) region.

Specifically, the partnership will extend distribution of the Datacard SD260 and SD360 desktop card printers. 

Digital Certificate provider GlobalSign has launched an identity certificate product designed specifically for authentication of iOS devices.

The iOS Identity Certificates provide authentication services that give enterprises more control over mobile devices that attempt to access corporate business services and networks. 

Trustwave has released a mobile two-factor authentication product, reports the Web Host Industry Review. Called MyIdentity, it uses a variety of authentication mechanisms to provide two-factor authentication within the cloud.

MyIdentity supports network or application authentication. Customers can utilize self-service enrollment and authenticate from desktops, laptops, smartphones and remotely. 

idOnDemand announced its Commercial Identity Verification (CIV) credential. With the Identive SmartID card with CIV, private enterprises can leverage the same technology and data model that the federal government uses to establish a secure, electronically verifiable identity program without the requirement for cross-certification with the Federal Public Key Infrastructure (PKI) Bridge.

This product is aimed at international or multi-site companies looking for a secure credential that enable employees and contractors to carry only one badge to log on to the company network as well as to access facilities.