The road to identity management: How to know who's who and what's what

Computerworld - Providing secure, efficient and controlled access to information is critical. Companies must be structured so the right people have easy access to the information required to make smart business decisions.
Corporate executives also must track and control who has access to what information in order to comply with demanding regulations like the Sarbanes-Oxley Act and the Health Insurance Portability and Accountability Act. Added to these security pressures is the fact that businesses are being required to do more with less to remain competitive while also ensuring high-quality customer service.
To address these challenges, executives are turning to identity management as a method for minimizing security risks, controlling costs and maintaining service levels while also sharing information with employees, customers and partners across the virtual enterprise.
As identity management increases its critical role within organizations, two emerging concepts are approaching their respective tipping points -- federated identity and radio frequency identification (RFID).
Federated Identity: Who Is It
Federated identity helps businesses establish a virtual network, or "circle of trust," through authentication (of an identity) and single sign-on across domains. The vision is that users and their identities are grouped and trusted across many boundaries such as those with partners, customers and third-party contractors.
Companies are looking at federated identity as a way to deploy new services for their customers quickly, easily and at a lower cost. For example, a mobile telecommunications company can offer its subscribers news, messaging, ring tones and games from multiple third-party providers. Federated identity authenticates and authorizes access to levels of content based on a subscriber's service contract. The potential results are new revenue opportunities and increased customer loyalty.
Deploying federated identity requires coordinated planning and execution to get the various identity management applications to exchange information correctly. As a result, federated identity faces several hurdles before it becomes widely deployed.
The technology is available to make federated identity a reality, but quite often the business policies to support it are not in place within an organization. The goal is for one company to be able to understand and trust information from another company, regardless of their identity management applications.
For example, a wireless service provider can share federated identity information with retail vendors, such as Starbucks, so that as a user travels on business, he can be alerted of nearby store locations through a cell phone. Another example is a health care network using federated identities across multiple companies, which includes the passing of private data.
These two examples have very different levels of security associated