The IdEA - Identity, Entitlement and Access Management - commandments are billed as promoting a set of open and interoperable standards that IT professionals can used to build a user-centric security framework within their organisations.
Paul Simmonds, the co-founder and a board member of the Jericho Forum, told Infosecurity that the commandments have taken six months of hard work behind the scenes at the forum to develop.
"They've actually been in development ever since we took the wraps off our de-perimeterisation security principles several years ago," he said, adding that the central problem facing most IT security managers today is how do you encrypt the data - and secure that data - on systems which are outside your control", he said.
"This is where the IdEA commandments come in, as they can act as a benchmark by which identity, entitlement and access management concepts, solutions, standards and systems can be assessed and measured", he added.
The commandments are as follows:
1. All core identities must be protected to ensure their secrecy and integrity.
2. Identifiers must be able to be trusted
3. The authoritative source of identity will be the unique identifier or credentials offered by the persona representing that entity
4. An entity can have multiple, separate persona (identities) and related unique identifiers
5. Persona must, in specific use cases, be able to be seen as the same
6. The attribute owner is responsible for the protection and appropriate disclosure of the attribute
7. Connecting attributes to persona must be simple and verifiable
8. The source of the attribute should be as close to the authoritative source as possible
9. A resource owner must define entitlement
10. Access decisions must be relevant, valid and bi-directional
11. Users of an entity's attributes are accountable for protecting the attributes
12. Principals can delegate authority to another to act on behalf of a persona
13. Authorised principals may acquire access to (seize) another entity's persona
14. A persona may represent, or be represented by, more than one entity
Infosecurity asked Simmonds if the Jericho Forum plans to evolve the commandments to adapt to a changing security landscape.
"Will they be tweaked? Yes, but the important issue with the commandments is they will help people to develop a [security] relationship diagram so that everyone can understand how an IT system and its network works", he replied.
The problem with the words digital identity, he explained, is that the words used have multiple definitions, which makes life confusing for security practitioners when developing security rules for their organisations.
The forum's co-founder went on to say that the commandments represent a fundamental shift from the original premise of the Jericho Forum, that is, to secure a de-perimeterised IT environment.
"Digital identities and personas are a very important issue. They need to be secure. The LastPass security incident shows us why and this is the reason we have developed these security principles," he said.