ENISA report on Mobile Identity Management

A 35-page ENISA document on Mobile Identity Management covers a lot of ground, starting from some 'use cases' describing typical situations in which, for example, a person's identity needs to be authenticated while they are on the move. The well-written and referenced paper goes on to describe the risks such as identity theft and eavesdropping, and then approaches for aspects such as federated identity management:

Identity federation can be defined as the set of agreements, standards and technologies that enable a group of service providers to recognise user identifiers and entitlements from other service providers within a federated domain. These agreements include policy and technology standards, resulting in a single virtual identity domain. Federation refers to mechanisms for cross-domain authorization, while provisioning refers to the provisioning of users from authoritative systems to subsidiary systems. In addition to federation, provisioning may be necessary in the backend systems. The automatic registration initiated by an authoritative system is provisioning.

The paper briefly reviews applicable (European) laws and concludes with a series of recommendations for those designing identity management systems.

All in all, an excellent primer for security architects and CISOs with an interest in this area - which means all of them, surely?