Posted 8:18 AM (0) comments

more IDtbd

When I posted about the IDtbd group meeting last week (see YAUG - Yet Another Umbrella Group) I worried that perhaps I was the only one not seeing the benefit of this proposed organization. Now OpenID's David Recordon has posted his notes on the meeting which - looking at those parts of the meeting I attended - appear to very accurately reflect what was said. And it would appear that those present who are not members of the Liberty Alliance remained quite skeptical of the new group. The objections, as David notes, are fairly generally accepted:

• Autonomous projects
• Less funding
• Board has too much authority
• Plan for introducing a new organization should be more incremental

He also notes that Sun's (and Liberty Alliance secretary) Bill Smith raised a strong objection to what I'd written and was "...Asking for all future meetings to be private with no public notes so that people can speak more frankly. " Sadly, that's what I've come to expect from the Liberty Alliance - let's not discuss our differences, let's simply stifle them. That organization was born in darkness from a small group of invited participants which brooked no intrusions or comments from the outside and which reserved the chairs on its oard of Directors to only those first invited organizations for a very long time.

What's really fascinating is that IDtbd claims to want "To promote harmonization" but evidently needs to stifle dissent in order to do so!

Labels: DIDW, liberty alliance, umbrella

Posted 8:43 AM (0) comments

It's not a bug - it's a feature

Jeff Bohren, in commenting on my post about "Attention architects" thinks I've overlooked an element for our Digital ID World discussion:

Dave Kearns wants to get everyone together to talk it all out. Helpful, I suppose, but limited because of the absence of enterprise application vendors. Without application vendor buy in, identity management is going to continue to be a mess.

Not an oversight, Jeff, but planned that way. Too often the vendors dominate the conversation - and pay little attention to what the customer wants. True, they claim to listen and they claim that the next version includes those features "our customers have asked for," but we all know the real truth. The plan - and it isn't my plan, but was promulgated by Boeing's Marty Schleiff - is to develop sort of a consensus roadmap for how it should be done - what steps the enterprise identity architects think should happen and in what order. Vendors who can satisfy that roadmap will reap the reward. Vendors who ignore it will wind up in my "where are they now?" file.

Labels: architect, DIDW, enterprise

Posted 5:46 PM (0) comments

Attention architects - BYOB

Pam Dingle posts today ("We’re a little lost.") about her disappointment, nay her disillusionment with the hodge-podge of identity services available to the average enterprise and the decided lack of a roadmap for connecting them up. She notes, "In reality, however, I don’t see a patchwork of complimentary products - I see a whole bunch of products with a whole bunch of overlap and no obvious or well-stated way for an Enterprise to figure out how to knit it all into an actual solution for their original problem. "

She's right, of course. There does need to be a roadmap, a diagram, a "well-stated way" to hook up all of these services so that they are complimentary and they do interoperate rather than compete for attention and bandwidth. It's an issue that came up at last spring's Internet Identity Workshop when Boeing's Marty Schleiff introduced a session called "Enterprise Identity Roadmap for enterprise identity architects: a discussion," and which I wrote about in the newsletter. What I said was:

So why IIW? In a nutshell, precisely because it wasn’t Catalyst or DIDW. Those structured conferences, dominated as they are by slideware presented by a speaker on a stage don’t lend themselves to free-form discussion. Certainly there are “Birds of a Feather” sessions – usually after hours in inconvenient locations. There are also informal get-togethers (usually involving libations) that go into the wee hours while knotty issues are discussed. But there doesn’t seem to be a venue for those involved in planning and implementing enterprise identity systems and architectures to meet in a vendor-neutral environment to swap stories, sound warnings and point out new initiatives. Marty wants to change that.

This seems to be as good a place as any to announce that we have found a venue. At the upcoming Digital ID World (Sept. 8-10 in Anaheim), Program Chair Eric Norlin has convinced me to moderate just such a session - me, a few microphones and (hopefully) an audience of enterprise identity architects - ready to talk about where they are, where they've been, where they hope to go and how they want to get there. If you've an interest in enterprise ID architecture (Pam, are you listening?) then I hope to see you in that audience.

Labels: Catalyst, DIDW, enterprise, identity

Posted 1:10 PM (0) comments

The end of 'user-centric' identity?

In light of the last "tools" posting it's interesting to note that either Digital ID World's Eric Norlin recently posted their predictions for 2008 at CSO online and included this one:

"User-centric’ identity protocols will stop calling themselves ‘user-centric’: This is an adoption story. ‘User-centric’ protocols will gain some actual adoption in 2008 (yes, I'm implying that they haven't yet gotten any ‘real’ adoption). In so doing, the ‘folks in the know’ in that movement will *stop* prefacing everything they say with the words ‘user-centric,’ as they realize that their protocols may have been designed with that laudable goal in mind, but the terminology is just getting in the way. Instead of describing an ideal, they'll begin describing what they *do.*"

It is about time we stopped debating philosophy and started talking implementation, isn't it?

Labels: DIDW, user centric

Posted 12:47 PM (0) comments

DIDW 2007

Another Digital ID World has come and gone. This year was the first under the management of IDG, and it was a bit like visiting old friends in their new home - you knew the people, of course (although some of the neighbors seemed strange) and the furniture was the same - just arranged differently.

Fortunately, Phil Becker and Eric Norlin managed - despite the changes IDG introduced (such as hiding the registration area!) - to once again provide compelling, interesting content. Bravo!

We did miss a few folks who were in Brussels for the Directory Experts Conference and I hope that conflict doesn't recur next year.

Now I just need to decide if I'll go to the Gartner Identity Summit in November...

Labels: DEC, DIDW, Gartner, trade show

Posted 8:52 AM (1) comments

Sanity check for OpenID

Bob Blakley offers a wisp of sanity for the, often cantankerous, debate over the formats, uses, security and usefulness of OpenID. As it puts it, there are all sorts of answers flying about - but it might be best to first form the appropriate question! In his own words:

"What I’d really like to see, as a security guy, is a problem statement and a risk analysis. Specifically, before we start arguing about whether OpenID 2.0 is the answer, I’d like to know the following things about the question..."

In particular, Bob wants answers to these questions (and he goes on to elaborate on them):

1. What are the assets to be protected?
2. What are the services to be offered?
3. What quality of protection is claimed for these services?
4. What is the threat model?
5. What is the trust model?

Perhaps, before Digital ID World at the end of this month (and the accompanying Identity Open Space meeting), some folks will be prepared with cogent answers.

Labels: DIDW, digital identity, openid