1. Technical Field
The present teaching relates to methods, systems and programming for identity management. Particularly, the present teaching is directed to methods, systems, and programming for computing measures to be used to provide interoperable identity among various service providers and to provide interoperable credentials.
2. Discussion of Technical Background
In the healthcare environment, online identity solutions that provide secure and interoperable identities are essential. Identity management technology provides management of identities in the digital world. In order to manage the growing number of online identities of a person or an entity, identity federation technology is developed so that different web-sites can reuse a single online identity.
A federated identity service provider provides user management and authentication services to a plurality of systems of different entities or web-sites, which are also called relying parties. A relying party, typically an application service provider, delegates to the identity service provider to authenticate an end user who is requesting access to the application service provider. As such, the relying party needs to trust the identity service provider to have correctly authenticated the requesting end user's identity.
An authentication process typically includes the process of verifying a credential the end user presents. In an electronic information system, a digital credential is issued to a legitimate user and will be used subsequently to authenticate the legitimate user. A classic example of a digital credential is a secret password, a passphrase or a pin number. Now, there is an increasing number of uses of other forms of digital credentials, such as, for example, biometrics (finger prints, voice recognition, retinal scans etc.), hard tokens, security devices, public key certificates, etc.
To objectively assess the quality of an authentication result, NIST document 800-63-1 defines the a number of levels of assurance (LOAs) which describe the degree to which a relying party can be assured that the credential being presented actually represents the entity named in it and that it is the represented entity who is actually interacting with the relying party.
LOAs are based on two factors: (1) how much can a digital credential be trusted to actually belong to a person. This factor is generally handled by identity proofing; (2) how much the digital credential can be trusted to be a proxy for the entity named in it and not someone else, i.e. identity binding. This factor is directly related to the trustworthiness of the credential technology, the processes by which the digital credential is secured to a token, the trustworthiness of the system that manages the credential and token, and the system available to validate the credential or the token.