There are capabilities or functions that we all use and depend upon when online including communicating, bookmarking, sharing, creating, blogging, collaborating, and organizing. There are also the capabilities of curating, e-learning, and publishing that many people perform regularly. All of these online capabilities depend on identity management. Without identity management they could not be performed. Imagine trying to communicate with someone or some group without being confident that you know who you are communicating with. Would you be able to or want to create, organize, bookmark or share without being about to reliably access your information?
To be able to perform any of these capabilities effectively, productively and in an empowering way you must feel safe and secure. Being safe and secure is to be free from both accidental and intentional harm or risk while online. Online safety is being able to share openly, freely and easily in a way that fosters more knowledge sharing and learning. Information security, which identity management is a part of, is used to make an online environment as safe and secure as possible. With technology and the Internet changing so rapidly often the best that information security can do is to stay a few steps ahead of the bad guys.
The core principles of any information security system are confidentiality, integrity and availability. This is called the core security triad. All Information security systems must be designed to ensure these fundamental principles. Confidentiality is sharing your information with only those that are allowed to see the information. Integrity is the confidence that your information has not been modified without your knowledge. Availability is being able to access your information when and where you want to access it. These requirements must be met to have a secure system. Identity management is a fundamental component of a good information security platform and requires confidentiality, integrity and availability.
Identity management is the management of identity related information, authentication and authorization in information systems. This information makes up an online identity. Authentication is confirming that you are who you say you are. Authorization is determining what systems or applications you have access to.
Identity management also handles how users are given an identity, the protection of that identity and the technologies supporting that identity. Identity management takes care of managing your usernames and passwords, called credentials, which is what enables you to login to systems and applications. Additional capabilities that are becoming more prevalent are single sign-on and advanced security or strong authentication capabilities. Single sign-on enables you to access multiple applications with one login. Strong authentication, also called multiple factor authentication, is an advanced feature that makes your login stronger and more secure. It’s the process of entering multiple pieces of information to authenticate you. It is based on providing something you know, something you have and sometimes something you are. Systems will require the use of either one, two or three of these factors based on how much security they must maintain. The first factor is typically your username and password which is something you know. The second factor is something you have and is typically a token that is provided to you by the organization that you are requesting access to or by a third-party. There are numerous types of tokens that you can use and the most typical is a six digit code received via an SMS message. The third factor is something you are and is a biometric element, usually a thumbprint or eye scan.
Why is identity management important to lifelong learning online? The potential of lifelong learning online is great and identity management is required to maximize and fulfill its potential. Identity management is required to enable individuals to safely work online and enable groups of individuals to share, communicate, collaborate and learn. Everyone must have secure communications, have the confidence that they are safe online and that their online actions are not corrupted, violated or interrupted. There are other capabilities that are required to have a secure online learning environment including encryption of data at rest and in motion, endpoint protection, and network security. Identity management is the first critical capability that must be in place to assure secure online learning.
Identity management enables the proper and secure access to systems. It enables the ability to securely, confidently and fully participate in online learning. This allows more people to participate. Identity management allows people to participate wherever and whenever they like. It allows certain people to access restricted or confidential materials online. It allows groups to have private and open conversations. It also decreases the overall costs related to eliminating the risks of performing transactions online.
Identity management is also going through major changes resulting from growing challenges. The large number of credentials that people are forced to manage in order to use the multitude of online systems has become overwhelming. Online identity theft is a major risk that could inhibit progress if it’s not eliminated or controlled. Mobile e-learning and commerce is growing rapidly and will soon be the primary end-user medium.
There are important initiatives underway to attempt to secure and simplify your online identity. Doing so is a major challenge but has significant potential rewards and all participants in an online transaction could benefit. Some of the key objectives of these initiatives that envision a secure online identity that everyone accepts and can be used to access anything, anywhere are:
- Accessing your online identity securely from anywhere, anytime and from any device.
- Assuring privacy so that only the information that you want is shared.
- Providing just enough personal information required for the requested transaction.
The most important current initiative that’s driving towards this is called the National Strategy for Trusted Identities in Cyberspace, or NSTIC, which has been initiated by the US government. It is a public and private initiative, initially funded by the government, that spans all industries and user groups. The question is whether NSTIC can accomplish its objectives, or even just create enough positive momentum to solve many of the current challenges. If so lifelong learning technology will be better off and can start to achieve the goal of bringing lifelong learning to everyone.