Commentary by Mark Wahl, CISA
Organizing principles for identity systems:
Digital ID World and an EAP-SIM PoC (20070925)
At the DIDW conference (DIDW2007) Conor Cahill of Intel presented the Intel system technology lab project "Identity Capable Platform" (ICP), which could participate in one or more identity metasystem protocol models.
According to a 2005 presentation, the ICP is a trusted environment adjoining the desktop/device operating system, comprising an identity manager and one or more managable identities (iMIDs). Multiple iMIDs, for biometric, smartcard, username/password etc, could be 'stacked' to provide multi-factor authentication. The identity manager could provide identity sources to an InfoCard identity selector, by enumerating the iMIDs on the platform which meet the requirements for WS-Trust.
He mentioned a BT/HP/Intel joint Proof-of-Concept exercise in which the trusted module was a soft-SIM. In this PoC, a laptop automatically authenticates to wireless access points using EAP-SIM, without needing user interaction (although the user could be involved if required, eg., by stacking an iMID which involves entering a PIN).