Identity management encompasses all the processes used to create and manage information system user accounts. In the information system world, the creation of private networks, where users had to identify themselves with a user name and password occurred first. Only as systems expanded and the field of computer science grew into the Internet in the early 1990’s, did the role of the public or general user develop.
As a result of this expansion, identity management has evolved from a centrally controlled user ID process managed by a "gatekeeper" into a system of user driven self service. Users are now responsible for password resetting and management, downloading a central function of system maintenance away from the technical staff and placing this role in the hands of the user community. To address this shift in process, complex workflows surrounding the management of user access, approvals and account management has been developed.
With the huge expansion in the use of information systems in everyday life and in the workplace, identify management has become increasingly important. The original concept of a series of independent systems led to an unexpected problem. With the rapid increase in the number of systems, the number of unique user IDs users were required to maintain multiplied.
In response to the fear of security breaches, the required complexity of identify management solutions grew. The minimum number of characters in a password increased, as did the requirement for a combination of letters, numbers and characters. These changes were made in an attempt to reduce the effectiveness of computerized programs designed to break the identity management system. This shift actually reduced the quality of the security provided in an identity management system, as users simply write down the system name, their user ID and the password on paper or in another software tool in an attempt to manage this data.
Based on this behavior and the realization that the current method is no longer useful, came the desire for one logon for all interconnected systems. A large, centrally controlled identity management system allows the user to have a single sign-on, but access to multiple, independent systems with one user ID and password. Multiple approaches are being used to implement this concept.
A physical key or passport, stored on a USB or memory key, in combination with a user ID and password to uniquely identify the user is one approach. Microsoft developed its passport.net framework to function as an identify management system. Users create a Windows Live ID via the internet and link their various MSN products to this account. When they log into Windows Live, a dashboard is provided that displays the various accounts and applications they have joined.
As part of the European Union, Privacy and Identity Management for Community Services (PICOS) has been formed to investigate and create one method to manage security, privacy and identity management for mobile devices. PICOS is comprised of members from seven different countries and is part of the Trust & Security Group within the EU.