Professionals in every industry have a specialized and acronym-laden jargon deftly wielded to communicate insider concepts and stymie casual observers. The security industry, historically no stranger to obtuse buzzwords, is currently in even worse linguistic shape than most. The problem is convergence.

Security is attempting to bring together identity management, video surveillance, access control and IT. These meetings are earnest and clumsy, promising and frustrating, and, perhaps most of all, confusing. Experts from five different industries are now slinging incompatible jargon at each other, and a lot of pretty straightforward ideas are being obscured in the crossfire.

For the next thousand or so words, let's get back to basics and look at the four big questions in the merger between identity management and access control: What? Why? When? and How?

What Is It?

The world is becoming identity based. Today, access to physical and logical resources tends to be managed by ad-hoc, single-purpose systems. A card gets you into a building, and a password logs you onto a computer. The card and password aren't linked to each other, and neither is strongly tied to your identity. Counting physical keys, prox cards, PINs, alarm codes and computer passwords, an average person has about a dozen identity representations. I have 8,398. The disadvantages are obvious.

An identity-based access control system tries to improve the situation by separating your identity from your privileges. Your identity is then linked to a credential (a smart card or passport or entry in a database), which is secured against physical or electronic forgery attempts. Once there's a good way to determine your identity, an identity-based system lets privilege providers specify what you are, or aren't, allowed to do. Your identity is then managed by a central authority (such as your employer, industry consortia, or government), while local privileges and access rights are managed by your building facilities supervisor, IT department, HR staff, or drill sergeant.

Why Do We Need It?

There's a ribald old joke that everyone seems to know; it asks why a dog licks a certain part of its own anatomy. The familiar punch line: “Because it can.” You don't need to look for more subtle reasons access control and identity management should come together. Their merger provides improvements to security, convenience and lower total cost of ownership by eliminating the redundancies and loopholes inherent in running separate and parallel systems. If it can be done, it should.