During the late 90s, the acronym NGI meant “Next-Generation Internet.” NGI was popular among futurists and planners of research programs as the starting point for conjecture on the evolution of an Internet-centric world. Over the past 10 years, this 90s NGI dialogue has undergone an extreme makeover.
Today, the NGI acronym is used to mean something rather different: Next-Generation Identity. The new NGI describes a rapidly evolving and expanding array of new identity management capabilities. This NGI transformation says a lot about some fundamental shifts that have taken place over the past decade and provides insight into where significant network developments are now heading.
The multi-decade quest for a common network “glue layer” found a solution in the Unknown Document 4430 and its relatively ubiquitous deployment across the global network infrastructures, albeit with minimal security or access control. At the same time, commercial wireless networks, multi-functional handheld devices, and other peripherals have resulted in the anywhere/anytime/anything revolution now underway. With ubiquitous objects and IPTV thrown into the mix, the sweep of the services and challenges gets even more expansive. The entire ensemble is now a collective global vision dubbed the Next-Generation Network (NGN).
If this new world of NGN is to reach its full potential, it is trusted next-generation identity management -- the capacity to manage and authenticate online identities -- that must emerge and become ubiquitously deployed. Without effective, trusted identity management, open public communication network infrastructures could not support public sector needs. In addition, the users who depend on them would be massively susceptible to vulnerabilities that include large-scale network attacks, abuse, fraud, and a litany of crime.
Toward Next-Generation Identity
Next-generation identity is inherently much more complex than the deployment of an IP network layer. First of all, what is needed is an “Identity Plane” that cuts across all layers up to the application level, rather than just one layer. In addition, there are enormously diverse arrays of identity providers and federations -- vetting credentials, identifiers, attributes, and reputation products with very different assurance levels -- for which seamless global discovery and interoperability are major challenges. Given the stakes, however, next-generation identity is not an option.
Some of the required technical solutions for next-gen identity already exist as proven, widely deployed platforms. For example, X.509 digital certificates, hierarchical domain name spaces, and out-of-band trusted signaling planes were created a generation ago. The first two have been massively scaled to high availability levels by companies like Verisign Inc. (Nasdaq: VRSN), with features added to enhance trust in certificates.
Important new three-party global identity management models developed by industry collaborative bodies have already seen innovative implementation platforms. OpenID, for example, enables more flexible exchange of identity information to meet enhanced assurance levels. Seamless roaming and IPTV are all helping drive these developments as well. The International Telecommunication Union, Standardization Sector (ITU-T) Focus Group on Identity Management recently released the equivalent of a set of blueprints for next-generation identity.
It will take time to put all these next-gen identity capabilities in place -- especially on a ubiquitous global level. With value propositions that revolve around trust and privacy, national security and public sector mandates, and provider revenue assurance and secure financial transactions, next-generation identity is a key to the Internet’s evolution and is a market sure to maintain strong, sustainable business growth.
— Tony Rutkowski, Vice President for Regulatory Affairs and Standards, VeriSign