As it happens we have some experience in the ePassport market where very strong identity guarantees are needed. However, for associations the necessary balance of convenience vs. control favours convenience.
The traditional way of authenticating users so that they can be granted access to intranets and extranets is based on user names passwords. In many cases we have recommended and implemented that type of approach.
As today's business solutions are increasingly built from multiple 3rd-party components there is a major problem with identity. All the elements of a system need to recognise a user as the same person. However, each has it's own name space, system of registration and place for storing passwords. This produces an inconvenient and less secure overall solution and it pushes users towards writing down their passwords, reusing them too widely and changing them too seldom.
We have therefore been tracking an open technology called OpenID which can have great advantages when used to control access to intranets and extranets, particularly members only areas. It's based on the concept that you have a single identity provider but you can choose that provider and easily switch should you need to. The industry support behind this is second to none.
Despite the readiness of this technology for the association market we have yet to see it rolled out as we envisage. However, we believe that this is the future and we are ready to demonstrate this and can implement in short order.