A universal client-based identity management tool?

Royal Holloway has announced that their Information Systems Security Group (ISSG, as it is widely known) has launched new technology to protect against password theft and phishing attacks. The technology is dubbed Uni-IDM but the only real information about it is provided through a link to a paper on one of the author's personal web site. However, the paper, by Chris Mitchell and Haitham Al-Sinani, does seem to have been peer reviewed, having been published at EuroPKI 2011. In an interview on slashdot, "Digital IDs Designed to be More Secure Than Passwords", Professor Mitchell is reported to be aiming to develop an open source prototype, though he offered no schedule for when that might happen.

Let's hope it's soon. The rationale for the work looks spot on - it does not involve proposing any new cryptographic protocols or inrastructures, but wants to make existing systems resistant to phishing, as well as privacy-enhancing through an explicit user consent procedure. They propose 'IDSpace' as an architecture for a client-based ID management tool that operates in conjunction with a client web browser. The paper is worth a read if you are interested in ID management.