Jericho Forum Conference
London, May 10^th 2011

Summary Report:
The Critical Role of a Digital Identity Ecosystem to Improve Cybersecurity

• Welcome and Introduction
  Allen Brown, President & CEO, The Open Group
  
  

·         Why the Need for an Effective Digital Ecosystem for Cyberspace/Cloud/Critical Infrastructures – Why should we care?
James Whyte, Head of IT Service Delivery, UK Foreign & Commonwealth Office
Why the Need for an Effective Digital Ecosystem for Cyberspace/Cloud/Critical Infrastructures – Why should we care?
James Whyte, Head of IT Service Delivery, UK Foreign & Commonwealth Office
James discussed the challenges of managing IT security in the financial sector. His presentation raised issues around how ready businesses are with respect to integrating consumer IT devices into enterprises. His presentation placed identity ("who") as a core issue to be addressed.

• How is the Jericho Forum addressing them? (Identity Commandments, Identity Management, Entitlement Management, Access Management) and what to expect from the rest of the conference
  Paul Simmonds, Jericho Forum
  Paul described the evolution of connectivity and de-perimiterization, and the impacts upon IT. He addressed the question on why to focus on identity for the Jericho Forum. Identity issues include: passwords are broken, federation has scale issues, trust outside of your locus of control, spam issues, replication of IDs/passwords for many sites, and consumers not being able to be security experts.
  
  
• The UK Government's Aspirations for Managing Identity
  The Earl of Erroll
  Lord Erroll provided a presentation outlining identity issues and his views on the role of governments with respect to identity. He talked about the balance needed between citizens' rights to privacy, and government interests in identity, and the dynamic tension that exists around privacy. He described the need to separate identifiers from attributes.
  
  
• The Consumerization Industry View from PayPal
  Andrew Nash, Senor Director of Identity Services, PayPal
  Andrew's presentation described identity assurance levels and identity trust. He described a need for risk-based evaluation of claims and identity. OIX frameworks are useful.
  
  

·         The Jericho Forum’s Identity Commandments – a Deeper Dive into how they Advance the Identity Ecosystem Debate (Seccombe

; Arnold; Yeomans)
Jericho Forum speakers: Adrian Seccombe, John Arnold, Andrew Yeomans, Steve Whitlock..
Adrian Seccombe, Surrey University, and Steve Whitlock, Boeing, provided a deep dive into the following identity topics: provisioning and entitlement management. To manage entitlements, resource owners must define entitlement/access rules resources. Access decisions must be relevant, valid, and bi-directional. Also discussed were access decisions. Andrew Yeomans, John Arnold, and Adrian Seccombe continued a deep dive on the Identity Commandments. Andrew's discussion described the taxonomy of terms associated with the Identity Commandments, including defining personas, delegation, and trust issues. John Arnold's presentation looked at identity issues and challenges in government. John measured the older UK Government ID Cards Scheme and the new Identity Assurance Framework against the Jericho Identity Commandments, and found that the ID Cards Scheme was lacking, while the Identity Assurance Framework lined up well with, and was much closer to the Commandments.

• Independent External Assessment
  Robin Wilton, Identity Management Expert
  Robin Wilton, Gartner Research, provided an analyst view on the Identity Commandments. Robin was generally very complimentary towards the identity commandments. Roger Clarke's (Australia) identity definitions are worth looking at. Areas where the commandments need to be sharpened include identity ownership (data rights might be a better way to describe identity data relationships), and privacy and control (rights-based may be useful here as well).
  
  
• PANEL SESSION
  Moderated by Stuart Okin, CEO, Comsec Consulting
  Panelists included John Arnold, Guy Bunker, Andrew Yeomans, Steve Whitlock
  The day concluded with a hybrid panel/round table session, moderated by Stuart Okin. Many issues and challenges with respect to identity were raised, and good suggestions for adoption were brought forward.

--------------------------------------