As vice president of innovation and emerging technology at identity relationship management vendor ForgeRock, Eve Maler (pictured) is well aware of the importance of identity management.
"Identity is at the centre of everything," she told iTWire. "Without identity you can't authorise, personalise or transact."
While some previous attempts at identity management have focussed largely on people using web browsers, the environment is changing.
Unlike some people in the IT industry, Maler appears to have a genuine interest in privacy.
As part of her responsibility for directing ForgeRock's involvement in relevant industry standards, she leads the User Managed Access (UMA) and Health Relationship Trust (HEART) standards efforts.
The idea of UMA - which is just coming to fruition, she told iTWire - is to provide an API-based mechanism for "selective sharing" so users can allow or revoke access to their data as they wish, much as they can with Google Docs.
Even though open-source code from the OpenUMA community project has yet to be published (the public review period for the UMA V1.0 candidate specifications closes today), UMA "is getting a lot of interest" in various areas including healthcare, Maler said.
It's one thing for the user to say that certain individuals or classes of individuals may access particular pieces of data, but that can only be effective if the person seeking access can prove who they are.
Attribute-based access control - e.g., permitting access by any registered medical practitioner or some other licensed professional - is hard to do unless there is agreement about the attributes, but role-based identity providers already operate in many countries.
And UMA isn't just about people. There are some "really interesting Internet of Things implementations" that may be revealed around April this year, she said.
ForgeRock is involved because it realises that almost all consumer-facing companies have multiple apps and multiple logins, resulting in a poor user experience and poor security - though this is not simply a single-sign-on issue, Maler stressed.
Globally, customers of ForgeRock's identity and access products include Toyota Europe (for connected cars), US insurance company GEICO, and AOL.
Closer to home, the list includes Perpetual (investment services), NSW Department of Education, Vodafone NZ, Spark New Zealand (formerly Telecom New Zealand), and NZ Department of Internal Affairs.