Information Cards at the EEMA Meeting in London

The European e-Identity Management Association (EEMA) held its annual conference in London last week, and Information Cards were a major topic. At the opening session on Thursday, 25 June, Kim Cameron of Microsoft gave an overview of claims-based identity and the role of Information Cards in a claims-based identity metasystem. He also mentioned his new white paper, Proposal for a Common Identity Framework: A User-Centric Identity Metasystem, co-authored with Reinhard Posch (federal CIO for the Austrian government since 2001) and Kai Rannenberg (the T-Mobile Chair for Mobile Business and Multilateral Security at Goethe University Frankfurt).

The second day of the conference featured an Identity Metasystems Roundtable, moderated by John Bradley, ICF Fellow and OASIS IDtrust Steering Committee Member, Tony Nadalin of Microsoft, and Drummond Reed, ICF Executive Director. It was an in-depth discussion covering many current topics in the Information Card and IMI ecosystem, including:

• The status of the specifications and the near-completion of the OASIS Standard vote on IMI 1.0.
• The relevance of Information Cards and IMI to government identity initiatives, including the open government work in the United States, the UK ID card, and the STORK project in the EU (see below).
• The differences in the U.S. NIST levels of assurance (LOA) that can be achieved by OpenID (currently LOA 1), SAML (currently LOA 1 and 2), and Information Cards (currently LOA 1, 2, and 3).
• The growing need for certification programs or "assurance ratings" of identity providers just as we have long had business and consumer credit ratings as a measure of trustworthiness.
• The special privacy advantages of Information Cards when it comes to protecting against correlation of user activity across relying parties or even correlation of user activity at a single identity provider correlation.
• How Information Cards could leverage different options for users to employ local client devices (USB keys, smartcards, mobile phones) as a second authentication factor and potentially also as a cardstore.
• The potential role that U-Prove, idemix, and other zero-knowledge proof technologies can play in bringing new privacy-protecting information sharing capabilities to Information Card and IMI infrastructure.

The conference concluded with the second industry meeting of the STORK (Secure Identity Across Borders Linked) initiative. The aim of STORK is to simplify cross-border access to public services in the EU-for example to allow a Portuguese university student transferring for a year to an Austrian university to access and use Austrian public services using their Portuguese credentials. This session included a long discussion of the role that Information Cards could play in helping STORK achieve its objectives.