When dealing with identity management, one really appreciate having unique identifiers for describing individual identities. Having a common unique identifier available accross a whole information system is a terrific asset for the management of IT security. The problem is that information systems usually don’t have such a global naming convention or these naming conventions are too weak to ensure uniqueness and permanence of these identities. The usual solution is to define a more clever naming convention, to invent a new unique identifier and to associate any individual data with it so that people identities get managed.
But then the deployment of this unique identifiers raises a new problem : how to guarantee that a given data record describing a person is really related to that person you already know with a unique identifier. You have to decide matches and non-matches accross your data.
The art of doing such decisions was called « record linkage » by the biomedical community because this is a common issue in health information systems for example for epidemiological studies.
Therefore this community developped several approaches (deterministic or probabilistic) to record linkage that can also be applied to field of identity management. Febrl is a very nice open source package that implement state-of-the-art methods for record linkage and that may be applied to the deployment of unique identifiers in IT security systems.