Monday, March 08, 2010

(0) comments

European Identity Conference 2010

Less than two months to go until the 4th annual European Identity Conference, and registration is now open! Once again, as last year, I'll be delivering an opening keynote as well as hosting two session tracks.

On Tuesday (5/4/10), I'll keynote on "Convergence: Better Control, Lower Cost". Since it's the keynote between a break and Kim Cameron, I should at least get those who want to come early to get a good seat for Kim!

On Wednesday (5/5/10), I'll continue the "convergence" theme with a track called "Value Through Convergence - Consolidate for Better Value, Efficiency and Security".This will feature a conversation with Martin Kuppinger ("5 Quick-Wins to Leverage your Existing Identity Infrastructure through Convergence"), a conversation with Kim Cameron ("Converging User-centric & Enterprise-centric IDs") and two panel discussions: "Converging Data Governance and Access Governance," and "Establishing an Advanced Level of Enterprise Identity Maturity."

Then, on Thursday (5/6/10) I'll tackle "Cloud Platforms & Data Portability". This track will feature an intro talk ("Data Statelessness and the Continuum of Individuals' Data Portability on the Web") by XMLgrrl herself, Eve Maler. We'll follow this up with two great panels: "Social Data Portability," and "Business/Cloud portability."

There'll be other great sessions, also - there always are. Plus, the Deutsches Museum in Munich is a fabulous venue. I hope to see you there.

Labels: , ,

Tuesday, September 16, 2008

(0) comments


Pam Dingle has a bit of a rant today about the term "user-centric." Well, not about the term itself but about people's desire (e.g., the entire Burton Group) to get away from it.

"Sure, there are a few blind worshippers of the cult of user-centric out there, but I firmly believe that common sense has to win out in deployment scenarios, and that various technologies should and will be used where applicable to solve problems. "

"If, on the other hand, all this is about is finding a positive, all-encompassing touchy-feely name to give to the systems-formerly-known-as-user-centric so that isn’t all about conflict, fine — pick a new name already. I only ask that if you’re going to diss the current buzzword, can you please at least supply an alternative suggestion. Otherwise we end up in limbo where nobody wants to use the old term, but nobody has a new term either, making us all look like indecisive idiots."

I think it's about more than just a term, more than just a feel-good quality, Pam. The "User-centric" term was coined, initially, to try to differentiate internet-based individual identity protocols from those used within the enterprise. But it's really all identity, and there doesn't need to be a distinction. That's why I wrote, last month, "Why there's no 'user-centric' or 'enterprise-centric' identity," where I said:

"Enterprise-centric identity management, we postulated, is really all about tying together all the activities and attributes of a single entity into a readily accessible (and reportable and auditable) form; while user-centric identity is about keeping various parts of your online life totally separated so that they aren't accessible and no report can be drawn.
So how do we have a framework that allows for both tying together all of a user’s activities (enterprise-centric) while at the same time allowing distinct separation of activities as decided by the user?
We start by defining identity as a group of “personas” (see 'Defining identity, persona, role'). Any persona can be made up of a group of personas or roles. Each of those personas can be linked, or separated, as the entity identified by them wishes. One of those personas is (or, rather, could be) an 'enterprise persona.' That one brings together '…all the activities and attributes of a single entity' performed for or related to that enterprise '...into a readily accessible (and reportable and auditable) form.'
So there is no 'user-centric' or 'enterprise-centric' identity. There is just an entity with AN identity made up of various personas some of which may be controlled or limited in some way by an outside organization – not only by the enterprise but also by governments, social organizations, etc. The ability to keep these personas separate, where legally able to do so, must be a given. Each persona will have different identity needs and requirements, of course, but that’s what will drive the 'identity economy' as vendors seek to satisfy those needs and requirements in accordance with the laws. The government’s laws, the enterprise’s 'laws', the fraternal and social organization’s 'laws' and the Laws of Identity as laid down by [Kim] Cameron. "

Labels: , , , , , , ,

Wednesday, July 23, 2008

(0) comments

It's not a bug - it's a feature

Jeff Bohren, in commenting on my post about "Attention architects" thinks I've overlooked an element for our Digital ID World discussion:

Dave Kearns wants to get everyone together to talk it all out. Helpful, I suppose, but limited because of the absence of enterprise application vendors. Without application vendor buy in, identity management is going to continue to be a mess.
Not an oversight, Jeff, but planned that way. Too often the vendors dominate the conversation - and pay little attention to what the customer wants. True, they claim to listen and they claim that the next version includes those features "our customers have asked for," but we all know the real truth. The plan - and it isn't my plan, but was promulgated by Boeing's Marty Schleiff - is to develop sort of a consensus roadmap for how it should be done - what steps the enterprise identity architects think should happen and in what order. Vendors who can satisfy that roadmap will reap the reward. Vendors who ignore it will wind up in my "where are they now?" file.

Labels: , ,

Tuesday, July 15, 2008

(0) comments

Attention architects - BYOB

Pam Dingle posts today ("We’re a little lost.") about her disappointment, nay her disillusionment with the hodge-podge of identity services available to the average enterprise and the decided lack of a roadmap for connecting them up. She notes, "In reality, however, I don’t see a patchwork of complimentary products - I see a whole bunch of products with a whole bunch of overlap and no obvious or well-stated way for an Enterprise to figure out how to knit it all into an actual solution for their original problem. "

She's right, of course. There does need to be a roadmap, a diagram, a "well-stated way" to hook up all of these services so that they are complimentary and they do interoperate rather than compete for attention and bandwidth. It's an issue that came up at last spring's Internet Identity Workshop when Boeing's Marty Schleiff introduced a session called "Enterprise Identity Roadmap for enterprise identity architects: a discussion," and which I wrote about in the newsletter. What I said was:

So why IIW? In a nutshell, precisely because it wasn’t Catalyst or DIDW. Those structured conferences, dominated as they are by slideware presented by a speaker on a stage don’t lend themselves to free-form discussion. Certainly there are “Birds of a Feather” sessions – usually after hours in inconvenient locations. There are also informal get-togethers (usually involving libations) that go into the wee hours while knotty issues are discussed. But there doesn’t seem to be a venue for those involved in planning and implementing enterprise identity systems and architectures to meet in a vendor-neutral environment to swap stories, sound warnings and point out new initiatives. Marty wants to change that.
This seems to be as good a place as any to announce that we have found a venue. At the upcoming Digital ID World (Sept. 8-10 in Anaheim), Program Chair Eric Norlin has convinced me to moderate just such a session - me, a few microphones and (hopefully) an audience of enterprise identity architects - ready to talk about where they are, where they've been, where they hope to go and how they want to get there. If you've an interest in enterprise ID architecture (Pam, are you listening?) then I hope to see you in that audience.

Labels: , , ,

Friday, April 11, 2008

(1) comments

A herring of a different color

You almost had me, Kim. I read your latest entry and was ready to share that olive branch. Right up to the last paragraphs when you say (about me):

"...He keeps saying I propose 'a directory that gathers and holds ALL the data from ALL your other directories.' Dave, this is just untrue and unhelpful. “ALL” was never the goal - or the practice - of metadirectory, and you know it. The goal was to represent the 'object core' - the attributes shared across many applications and that need therefore to be kept consistent and synchronized if stored in multiple places. Our other goal was to maintain the knowledge about what objects 'were called' in different directories and databases (thus the existence of 'connector space').

Basically, the ”ALL” argument is a red herring..."

Not at all. Let's step back a pace or two, or a posting or two, and think about the reasons for having this meta/virtual directory. Yes, it helps to normalize the data and keep it in sync. But if that were all, than a couple of keyboard monkeys could handle the chore and, at least in the case of normalization, could do it more quickly than a semi-automated process.

But the real reason we want to do this is so that identity data is available to applications. Available to them using a single vocabulary and a single protocol. Not that there can't be multiple vocabularies and protocols, but any one application would only need to use one of each - each application programmer would only need to use the vocabulary and protocol she was most familiar with.

But for this to be effective, the programmer needs to know that any identity data they need is available through this mechanism. And the only way any data can be available is if all data is available. The identity data must be pervasive and ubiquitous - available whenever and wherever you need it.

From the application's point of view, it should appear to be a single silo but in reality, the data will be distributed throughout the fabric of the network both within and without the enterprise, the identity provider or other data store.

The promise of the meta/virtual directory is that it can serve up the current, correct data on demand from wherever it resides. And to do that, it has to aim to provide all identity data.

Now, to forestall some people, let me add that the security of this system is a given- there need to be strict and fine-grained access controls for the data. There need to be well designed mechanisms allowing for whoever controls a bit of data to authorize its release. Without these things the system is useless because no one would use it.

But this systems needs to aim to have available all identity data, every conceivable bit of it. Because without that, the application programmer can't be sure that the bit he needs is there and so will set up alternative storage for the bits that that application needs.

We're not there yet, but we need to go that way.

Labels: , , ,

Monday, April 07, 2008

(0) comments

Another one bites the dust

Well, that might be too strong, but another veteran independent Identity vendor has been acquired. M-Tech announced today that Hitachi had acquired a majority interest in the Calgary, Alberta firm.

M-Tech owns a large segment of the provisioning business in Canada, especially government (federal and provincial) provisioning. But beyond provisioning, M-Tech (now officially called Hitachi-ID) offered the full panoply of the Identity suite - password management, authentication and authorization, role management, audit and entitlement, etc. It'll be interesting to see how long it takes Hitachi to digest the acquisition (I don't think it will be very long) as well as how this will change the playing field (especially in Asia) for Sun, IBM and the others in this space. It could get very interesting.

Labels: ,

Friday, March 28, 2008

(0) comments

Cardspace context UPDATE

Good post today ("No User Context Decisions in your Enterprise?") from Pam Dingle summarizing her panel at Brainshare (which I'm now sorry I missed). Cardspace and other user-centric ID schemes have a definite place in the enterprise, if only for the context-switching that Pamela outlines.

UPDATE: A video of the session ( with Pam Dingle, Patrick Harding, Kim Cameron and Dale Olds) has now been posted at the Bandit Project site.

We'll be exploring this same topic at the European Identity Conference when I host a panel of Dale olds (Bandit Project), Johannes Ernst (OpenID) and Robin Wilton (Liberty Alliance) called "Putting Context in Identity: User-Centric Context." It's an area that will heat up in the near future...

Labels: , , , , ,

Thursday, August 16, 2007

(0) comments

Identity as a service

An interesting post today, from Jonathan Penn at Forrester. For the most part he's quoting his fellow analyst, Andras Cser, but does through in his own two cents worth in agreeing with Cser's definition of Identity as a Service (IDaaS):

"...implementing identity and access management functionality predominantly as Web services in a service oriented architecture within the enterprise. Various line of business applications, policy management applications, and other services then call these IM Web services either autonomously or in an choreographed manner."

I also would like to jump in with a big "+1" for this definition. It's what I was thinking of when I said about Microsoft's CardSpace: "I'm addressing the enterprise market, which needs to pay attention to CardSpace right now. Many of your in-house developers are already using the .Net framework and Microsoft's Visual Studio to create and maintain your in-house apps and services. Handling authentication, though, has been difficult at best. Now a hero has ridden forth."

Software as a service (SaaS) is going to come first to the enterprise, and IDaaS is going to be a major enabler of that technology. And CardSpace (and the associated iCard open source technology) will be the major building block of that foundation.

Labels: , , ,

© 2003-2006 The Virtual Quill, All Rights Reserved


[Powered by Blogger]