Who is trusted to do what—when, where and under what circumstances? This has always been a challenge for security, human resources and management.

We make business and personal decisions based upon what we know about the people we know, and what we surmise or infer about new people we meet. When the pace of business was slower—before e-mail, fax, and pennies-per-minute long distance—identity and trust could be established over a period of time based upon a series of personal interactions. Before computerization and business automation, well-run businesses developed policies to guide identity and trust decision makers at various levels in the organization.

Today, electronic documents often replace paper documents. Electronic signatures and biometrics replace the physical signatures, approval stamps and ink thumbprints of an earlier day. Electronic systems make decisions and engage in transactions internal and external to the organization, based upon rules and policies coded into programs and maintained in databases.

Web-based services make it possible for companies of practically any size to engage in large-scale business, so it’s vital to have an automated means of identifying transaction participants and securely managing employee and customer access to critical business systems and data. Little wonder that terminology like “identity management” and “circles of trust” shows up regularly in IT industry magazines and on IT vendor Web sites.

Ten years ago, the term identity management would generally have been applied to ID badge management and physical access control systems. Today it relates not just to identification of people but of companies, information systems, documents, and physical objects.

So what is identity management today, and what does it have to do with corporate security management and with our ID badging and access control systems?

Vocabulary Quiz
The white paper “Biometric Identity Management in Large-Scale Enterprises” by Daon, a biometric identity management software provider, defines identity management as the secure, efficient and cost-effective registration, storage, protection, issuance and assurance of a user’s personal identifiers and privileges in an electronic environment.