Posted 10:58 AM (0) comments

European Identity Conference 2010

Less than two months to go until the 4th annual European Identity Conference, and registration is now open! Once again, as last year, I'll be delivering an opening keynote as well as hosting two session tracks.

On Tuesday (5/4/10), I'll keynote on "Convergence: Better Control, Lower Cost". Since it's the keynote between a break and Kim Cameron, I should at least get those who want to come early to get a good seat for Kim!

On Wednesday (5/5/10), I'll continue the "convergence" theme with a track called "Value Through Convergence - Consolidate for Better Value, Efficiency and Security".This will feature a conversation with Martin Kuppinger ("5 Quick-Wins to Leverage your Existing Identity Infrastructure through Convergence"), a conversation with Kim Cameron ("Converging User-centric & Enterprise-centric IDs") and two panel discussions: "Converging Data Governance and Access Governance," and "Establishing an Advanced Level of Enterprise Identity Maturity."

Then, on Thursday (5/6/10) I'll tackle "Cloud Platforms & Data Portability". This track will feature an intro talk ("Data Statelessness and the Continuum of Individuals' Data Portability on the Web") by XMLgrrl herself, Eve Maler. We'll follow this up with two great panels: "Social Data Portability," and "Business/Cloud portability."

There'll be other great sessions, also - there always are. Plus, the Deutsches Museum in Munich is a fabulous venue. I hope to see you there.

Labels: cloud, EIC, enterprise

Posted 5:53 PM (0) comments

EIC 2009

Just back from another fine European ID Conference in Munich. The combination of the venue (the Forum at the Deutsches Museum), the speakers and our great hosts from Kuppinger-Cole + Partner (Martin, Tim, Joerg, Felix, Sebastian, Levent, Gabi, Bettina and all their cohorts) makes this an event ne plus ultra.

In particular, the panels I moderate at EIC always seem to sparkle a bit more, to have more content and to be just a bit more interesting than those in other venues. Maybe it's the panelists themselves but more likely its a combination of them and the very engaged audiences. Whatever the reason, this is a conference I can recommend to anyone in IdM whatever your skill level, specialty or location.

Labels: EIC

Posted 4:00 PM (0) comments

Get on the bus!

Everybody else is. Dale Olds has commented. So has Phil Hunt. Let's all get together at the European ID Conference in Munich later this month and talk about the Identity Hub, the Identity Bus, the death of the metadirectory and so much more. Suggestions for a suitable meeting place (i.e., biergarten) near the Deutsches Museum are welcome - post as comments to this post.

See you there!

Labels: EIC, Identity Bus, Identity Hub, metadirectory, virtual directory

Posted 3:57 PM (0) comments

Cardspace context UPDATE

Good post today ("No User Context Decisions in your Enterprise?") from Pam Dingle summarizing her panel at Brainshare (which I'm now sorry I missed). Cardspace and other user-centric ID schemes have a definite place in the enterprise, if only for the context-switching that Pamela outlines.

UPDATE: A video of the session ( with Pam Dingle, Patrick Harding, Kim Cameron and Dale Olds) has now been posted at the Bandit Project site.

We'll be exploring this same topic at the European Identity Conference when I host a panel of Dale olds (Bandit Project), Johannes Ernst (OpenID) and Robin Wilton (Liberty Alliance) called "Putting Context in Identity: User-Centric Context." It's an area that will heat up in the near future...

Labels: cardspace, context, EIC, enterprise, openid, user centric

Posted 8:14 AM (0) comments

It's unsanitary, Kim!

In a blog entry today, Kim Cameron both puts words in my mouth and twists the ones that come out to serve his "straw man" purpose.

In commenting on my recent post about the death of the metadirectory, he says: "Who would want to get in the way of Dave’s metaphors? He’s on a streak. But he’s making a fundamental mistake, taking an extreme position that is uncharacteristically naive."

What did I do? I advocated the virtual directory as the better vehicle for all of the ID data needed in the SaaS world.

Kim implies that, somehow, I called for the virtual directory to be authoritative. That's simply not so. the virtual directory is merely the conduit to the authoritative source, wherever it might be. The application developer doesn't even need to know the authoritative source of the data - or need to re-write code if that source changes.

But then he goes on to say: "Application developers like to use databases and tables. They have become expert at doing joins across tables and objects to produce quite magical results. As people and things become truly first class objects in our applications, developers will want even more to include them in their databases."

I couldn't agree more. As a developer, I always prefer to have a local cache of the data I need in a (for me) easily manipulated data structure. But that does not mitigate against the use of a virtual directory. Far from it. The application database (for those who cling to it like Linus and his blanket) now can serve two purposes - one to subscribe to virtual directory data and one to publish!

The application database is the authoritative source of the application-generated data, and should be linked to the virtual directory which will consume this data and make it available for other applications and services. At the same time, any data which the application consumes - but which it is not authoritative for - can be populated at run-time from the virtual directory. For the developer who thinks this is a performance hit (and for whom accuracy is less important than an extra millisecond), a "synchronization stored procedure" would handle data changes without stealing precious time from the user-application interaction. It really is win-win.

Now the argument could be made that a synchronization engine (such as in a provisioning system) could periodically update all of the various datastores with any new or changed identity data, but that simply takes the well-known synchronization problems of the metadirectory and magnifies them by the dozens, hundreds or thousands of application datastores within the organization. That's a recipe for disaster. If an individual developer, for an individual application, wishes to sacrifice accuracy and risk the potential of error caused by out-dated data, or data whose location has changed in the hope of a spurious speed improvement (almost immediately unnoticeable due to the fluctuating nature of network thruput), they'll quickly learn, I believe, that "haste makes waste."

The further error Kim makes, though, is to believe that a virtual directory can't look like a SQL database to the application (or an XML database for web services developers). The folks at Radiant Logic would certainly disagree. It's all about the context. I'd invite Kim, and other skeptics, to our sessions on Identity and Context (including one about context and user-centric identity, as well as context and virtual directories) at next month's European Identity Conference in Munich.

Labels: EIC, saas, virtual directory