01:51 PM
LOMA Panel Advocates Federated ID Management
If architecture interoperability and trust concerns are ironed out, federated identity management (FIM) could provide security and productivity improvements for the insurance industry, according to an expert panel at the LOMA Emerging Technology Conference at the Gaylord Texan Resort & Convention Center in Dallas. FIM allows agents to use a single user name and password to sign on to the networks of more than one enterprise in order to conduct transactions. And it requires partners within an identity management federation doing business with the same individuals to trust each other's verification of those individuals' user status.
The panel consisting of Mark T. Chamberlain, systems officer information security from Nationwide Financial (Columbus, Ohio; $157 Billion in total assets), Doug Simmons, principal consultant from the Burton Group (Midvale, Utah), and Scott Lowry, president and CEO of Digital Signature Trust (Salt Lake City), argued that federated identity management is not a bleeding edge security solution but rather a reality insurers will have to pursue even though many are still leery of giving up old authentication processes. "Many insurers are still getting their feet wet or waiting for a clear business case, but now is the time to start looking at this as a serious solution," Burton Group's Simmons explains.
Security concerns require that every carrier have an authentication log-on process that an agent must use to gain access to its system. Keeping track of those passwords can be a problem for agents who deal with several carriers. To address that problem, many agents keep a sheet of paper with all their carrier pass codes written down at their desk, creating a security vulnerability, explained Nationwide's Chamberlain. "You are only as strong as your weakest link," he said. "There are also other issues such as the poor ease-of-use, customer frustration and redundant sign-ons."
Among available FIM technology platforms are OASIS's (Organization for Advancement of Structured Information Standards; Billerca, Mass.) Security Assertion Markup Language (SAML) 2.0; Microsoft's (Redmond, Wash.) Passport; IBM's (Armonk, NY) WS-Security; and Liberty Alliance's SAML 1.1.
The benefits of using a single sign on are that it protects security, enhances agent productivity and reduces calls to the help desk for lost passwords, according to Burton Group's Simmons. "Federated identity management solves security issues, enables Web services and constitutes the future of the identity management market."
However, that future will not be realized until challenges to initiating FIM have been faced, Simmons added. Insurers must build trust frameworks for business interoperability. "Because of competition and security concerns, it is a challenge for insurers to build those trust and partnerships they need to form federations," he asserted.
Another challenge is that implementing the technology often requires customization to integrate applications and develop user interfaces. "Insurers need to look for vendors that will enable interoperability across multi-platforms," Digital Signature Trust's Lowry remarked.
Currently, 400 enterprises in several industries use FIM. They include American Express (Ft. Lauderdale, Fla.), Boeing (Seattle), General Motors (Detroit, Mich.), and Nationwide Financial.