Identity and Access Forum releases fall snapshot, highlights digital identity advances

The Secure Technology Alliance (STA) Identity and Access Forum (IAF), a nonprofit dedicated to advancing secure identification, has released its fall market snapshot, reflecting recent advancements in the identity and access sector. The Forum shared these insights during a members-only meeting held in August.

Ryan Galluzzo, lead of NIST’s digital identity program, previewed the upcoming second public comment draft of the fourth revision of NIST’s Digital Identity Guidelines SP-800-63-4.

A notable update is the introduction of Syncable Authenticators, or passkeys. These authenticators allow for the export and synchronization of authentication keys across different devices, offering enhanced protection against phishing and replay attacks. Galluzzo highlights that while these authenticators could be used for AAL2 (Authentication Assurance Level 2), they are not suitable for higher security requirements due to limitations in key exportability.

Other updates include a revised risk management process and new organization of proofing rules by identity type. These types cover remote unattended, remote attended, onsite attended, and onsite unattended methods. The updated guidelines aim to streamline the deployment of identity proofing across various scenarios.

Addressing identity issues in healthcare

Linda Van Horn, CEO of iShare Medical, discusses the impact of identity issues on healthcare. She highlighted a study from Texas showing significant problems with patient matching, which can lead to medical errors due to incomplete or inaccurate patient information. Van Horn called for real-time data exchange to improve the accuracy of patient records.

The non-profit organization DirectTrust is working on standards for digital healthcare identities to enhance authentication and interoperability, aiming to ensure accurate and timely medical information exchange.

Public trust and ethical use of digital identities

A key theme at the forum was the responsibility of industry stakeholders to maintain public trust in digital identities and data use. In Canada, the Digital ID and Authentication Council of Canada (DIACC) is working on the Pan-Canadian trust framework to standardize digital ID practices. In the U.S., the International Biometrics Industry Association (IBIA) is advocating for a uniform national standard for personal information privacy.

Neville Pattinson, head of digital identity strategy at Thales, emphasizes the need for machine-verifiable and tamper-proof digital identities. Teresa Wu, vice president of smart credentials for Idemia, stresses the importance of ethical standards and self-regulation in the rapidly evolving field of identity technologies.

Article Topics

digital identity  |  identity access management (IAM)  |  identity management  |  Secure Technology Alliance  |  standards