« September 2007 | Main | November 2007 »

October 11, 2007

A Question of Identity

fingerprint.jpgI have been working on identity management recently. It’s a Tír na nÓg for techies: tokens, certificates, assertions, authentication. But the real challenges may have more to do with human processes than technical ones.
Recent workshops suggest the biggest problems may be in user management and the granting and revocation of access rights.

The NHS has implemented high levels of security with its use of smartcards based on chips with high levels of PKI encryption and sound processes for user registration and authorisation. But this article shows how users can still thwart security, in this case by remaining logged in and allowing colleagues to use their access rights.

Gerald M. Weinberg says (I probably misquote): all problems are people problems. Perhaps one day someone will come up with an incompleteness theorem like Kurt Gödel’s: that confirms no matter how sophisticated IT becomes users will always break the system.