Thales Blog

Why Is Identity Management So Complicated?

May 10, 2010

Chris Skinner’s recent comment, ‘Why identity management is so complicated’, raises some interesting points. It’s true, identity management is complicated but the industry may be further ahead than we think.

While we haven’t yet reached the identity management nirvana of ‘A simple multibank, cross-border identity system that can work easily and simply and conveniently behind the mobile bank interface’, there is an implementation in Sweden that already ticks some of the boxes…

BankID is a digital identity IT infrastructure that is currently run by ten Swedish banks to help tackle digital fraud. BankID allows members of the public to identify themselves to government authorities, companies and organisations and enables users to electronically sign legally binding documents. Currently, more than 2 million people use BankID in over 400 private and public services. BankID allows for electronic identification and electronic signature to take place over the internet and is based on the PKI technical standard. Similar implementations are in place in Norway and Finland, and there is interoperability between the schemes.

The digital identity system can verify as many users as wish to use it and it’s flexible enough to allow verification of a range of different trust schemes and transaction values. It can also support the use of different authentication methods. At present, consumers are using a range of smart cards, mobile phones and software-based certificates, issued by different authorities, to authenticate payment transactions. The security of the system relies on the strong identification of customers by the banks in Sweden.

So, this ID management infrastructure ticks the multi-bank and mobile phone boxes, and partially ticks the cross-border box too. It doesn’t rely on the cloud, but it is scalable. Perhaps this concept of a clear bank identity management system is actually just around the corner…