The governance of Identity, Entitlement & Access Management regimes

The goal: to support the development of a sustainable "identity" ecosystem that will balance the interests of governments, infrastructure suppliers, industry and commerce, customers and consumers with different cultural, legal, religious, and linguistic, backgrounds. 
 
The EURIM (www.eurim.org) policy study on Rebuilding Confidence in the On-line World http://www.eurim.org.uk/activities/PolicyStudiesProspectus_2011.pdf  has ambitious objectives (National, European and International) and builds on a wealth of previous work of the EURIM Information Governance Working Group  but the first meeting of the leadership team, hosted by Google in the Orwell Room of their UK headquarters on 13th July, homed in on three key issues:
 
1) There is no agreed taxonomy. Attempts to agree definitions and classifications reveal that very different cultural, technical and legal assumptions underly the various definitions of "identity" and "trust" in use as well as the structures and business models already operational or proposed around the world.
 
2) Most proposals for comprehensive and consistant Identity frameworks are extrapolations of the needs of a single player or group of players by those with little or no understanding of the needs of other communities
 
3) The current confusion of regulatory regimes is costing business and governments billions without adding to the protection of consumers or the security of states  and the situation will not be improved unless industry takes a lead in looking at the issues from a customer perspective
 
There are three pre-conditions for a sustainable "Identity Ecosystem":
  1. Trust between users (both individual and corporate), relying parties and service providers  
  2. Accessibility, and ease of use, for all concerned. (Affordance)
  3. Viability: it must deliver value for all parties or they will not use it  
The Ecosystem also needs to be seen to protect the freedoms of the individual - bearing in mind that this is one of the areas where definitions and interpretations differ wildly within nations let alone between them
 
The Jericho Forum Identity Commandments are an attempt by a community of business users (across a variety of industries) to influence the parties involved in designing and using there products and services that might populate a sustainable Identity Ecosystem.
 
The meeting on the 13th of July, proposed a number of actions
  1.     Identify the Key Stakeholders whose needs have to be met
Stakeholders will need to be classified by by role, industry and application to identify who needs to be involved in the exercise to identity the needs that the ecosystem must serve if it is to be sustainable. Their appear to be five main roles:
    Principal(s)/(Requesting Party) The entity that wants access to another entity (organisations, devices, services or individuals).
            (Goal: Reliable and often Secure Access)
    Relying Party(s) - (Resource Owner) The Entity that uses Attributes to make the access decision.
    Identity Service Provider(s) - The various service providers involved
    Trusted Attribute Provider(s) - The entities that have control over key attributes associated with other entities, and can verify claims related to these attributes.
    Government(s) - In their role of providing an regulatory environments that foster good practice and meet other national needs
  
The key set stakeholder that is not easily recognisable in the above list are individuals, who will protect human rights in this initiative?
There is no clear Right of Identity declared in the 30 Declarations of Human Rights, should there be?
 
    2. Identify the purposes/needs that a next generation identity eco-system is to meet:
         Help us create a list of Identity Purposes here, at this stage let's brainstorm the list we can sort out the results, after we have created a rich list.
 
    3. Create a Common Language for use within the study.
        Note that we are not trying to solve world "glossary" hunger but simply develop a common understanding across the group.
 
    4. Identify the Components that allow activities of a principal to sell, share, use, rent or buy resources (assets or services)
      
    5.
Add Links to key external documents related to this initiative, or submit the documents to the Document Store. For example key STORK documents
 
    5. List of Interested Parties and their declared goals
 
    6. List of Related Initiatives
        This should include the many and varied, Global Governmental, Not for Profit, and Commercial initiatives that need to be subject to joined up scrutiny.
        While this should clearly include EU initiatives, it is important to identify all Global initiatives that need to be coherently integrated for the successful
        creation of a Next Generation Identity eco-System
 
Thoughts:
Cultural Differences
 
Themes
Trust
Scope
Affordance/Use-ability
Value