AUSTIN, Tex., 4 May 2006. Unisys Corporation has introduced policy proposals designed to help create global standards and practices for identity authentication and credentialing. Unisys submitted the proposals to delegates at the 15th World Congress on Information Technology (WCIT 2006), who will later vote on the proposals.
Unisys recognizes an urgent need for identity authentication standards, especially given that one's identity is validated daily, but little global coordination exists in identity management practices and procedures.
The Unisys proposals represent the first attempt to create a diverse and impartial consortium that would develop standardized business procedures for worldwide identity authentication. The end goal is to create a baseline for adoptable global practices, allowing ID credentials to operate across international borders and encourage confidence and trust from organizations and individuals around the world.
WCIT's goal is to make specific, actionable policy recommendations to the global IT community. The Congress delegates will vote on the Unisys proposals following presentations on related issues.
Unisys Policy Proposals include:
Policy #1: International business and government communities must collaborate to define and promote global standards for the development of internationally trusted, interoperable baseline electronic credentials used to authenticate, with appropriate levels of assurance, a person's identity. Organizations should be able to incorporate credentials based on these standards into both new and existing instruments of identity authentication--such as e-passports, national ID cards, driver's licenses, and credit cards.
Policy #2: Standards for electronic credentials must be built on the business processes for authentication and not just the underlying core technologies. They should promote common approaches for how organizations across different industries create credentials and use them within their various business and government operations. Therefore, standards must address data elements, verification procedures and management requirements necessary to create credentials protected by design and ongoing maintenance from tampering and misuse. Standard practices must accommodate varying organizational identity management requirements ranging from one- to three-factor authentication.
Policy #3: To address privacy concerns and foster a climate of consumer confidence and trust, organizations issuing electronic credentials must demonstrate and publicize the safeguards used to protect an individual's personal information. Furthermore, organizations must adhere to a code of conduct, based on best practices, that requires them to clearly define and present to the public the uses of and benefits from electronic credentialing prior to requesting any personal data necessary to create these instruments.
