Thursday, July 09, 2009
CALL FOR PAPERSLast chance (deadline is July 11) to submit for Net-ID '09 coming in October in Berlin.
The European Conference on Digital Identities “Net-ID – Identity, Trust, Privacy and Security“ will come back to Berlin, Germany, in the fifth year of its history. It will take place on October 1-2, 2009, in the Steigenberger Hotel Berlin. Net-ID 2009 contains 4 tracks with the following
- Please submit to: firstname.lastname@example.org
or by fax to: +49-221-5907480
Thursday, January 22, 2009
Isn't that cute?It never ceases to amaze me that the younger generations always think they invented everything (social unrest, "relevant" music - even sex) and that we "old folks" just don't understand. So I wasn't really that surprised when the usually knowledgeable Eric Norlin wrote:
"Identity's first wave (roughly 2001-2008) was all about building the noun that is 'identity.' Identity's second wave (projected - 2009 to 2016) will be all about building the verbs that live on top of identity."Identity's "first wave" was 20-25 years ago when we were building authentication & authorization systems using NIS, StreetTalk or NetWare's Bindery. The second wave came in the early nineties with the release of Novell Directory Services, iPlanet, OID and other x.500-derived services.
What started in 1998 was actually the 3rd wave - workflow added to the directory services, authorization and authentication begat Electronic Provisioning which lead inexorably to today's plethora of identity-based services.
Still in its infancy is the fourth wave - when "identity-based" gives way to "identity-enabled" providing us with a rich fabric of services which know who we are, where we are, where we want to go, what we want to do and how we want to do it. But it has taken 30 years to get here - not 10.
Tuesday, September 16, 2008
Identity-centricPam Dingle has a bit of a rant today about the term "user-centric." Well, not about the term itself but about people's desire (e.g., the entire Burton Group) to get away from it.
"Sure, there are a few blind worshippers of the cult of user-centric out there, but I firmly believe that common sense has to win out in deployment scenarios, and that various technologies should and will be used where applicable to solve problems. "
I think it's about more than just a term, more than just a feel-good quality, Pam. The "User-centric" term was coined, initially, to try to differentiate internet-based individual identity protocols from those used within the enterprise. But it's really all identity, and there doesn't need to be a distinction. That's why I wrote, last month, "Why there's no 'user-centric' or 'enterprise-centric' identity," where I said:
"Enterprise-centric identity management, we postulated, is really all about tying together all the activities and attributes of a single entity into a readily accessible (and reportable and auditable) form; while user-centric identity is about keeping various parts of your online life totally separated so that they aren't accessible and no report can be drawn.
Tuesday, August 12, 2008
Identity [finally] HappensI wrote about Boeing's Marty Schlieff in the newsletter last spring after the Internet Identity Workshop. Marty's a "deep thinker" about identity issues, and wants to foster more rigorous thinking among enterprise identity architects. His idea for a blueprint/roadmap for enterprise identity inspired a session we're doing at the upcoming Digital ID World and now Marty's taken it into his own hands to do something by launching his own weblog "Identity Happens". Pay attention to it.
Marty is making a stab at creating an OSI-like model for identity. Like OSI, though, I think his model is a better illustration of the concepts than it is a blueprint for constructing anything. He posits 8 "layers":
But there's considerable overlap, if not actual equality, of some: "Persona", the two different "Roles", etc. Still, it's a start, a beginning to the discussion - and that's not a bad thing at all.
Tuesday, July 15, 2008
Attention architects - BYOBPam Dingle posts today ("We’re a little lost.") about her disappointment, nay her disillusionment with the hodge-podge of identity services available to the average enterprise and the decided lack of a roadmap for connecting them up. She notes, "In reality, however, I don’t see a patchwork of complimentary products - I see a whole bunch of products with a whole bunch of overlap and no obvious or well-stated way for an Enterprise to figure out how to knit it all into an actual solution for their original problem. "
She's right, of course. There does need to be a roadmap, a diagram, a "well-stated way" to hook up all of these services so that they are complimentary and they do interoperate rather than compete for attention and bandwidth. It's an issue that came up at last spring's Internet Identity Workshop when Boeing's Marty Schleiff introduced a session called "Enterprise Identity Roadmap for enterprise identity architects: a discussion," and which I wrote about in the newsletter. What I said was:
So why IIW? In a nutshell, precisely because it wasn’t Catalyst or DIDW. Those structured conferences, dominated as they are by slideware presented by a speaker on a stage don’t lend themselves to free-form discussion. Certainly there are “Birds of a Feather” sessions – usually after hours in inconvenient locations. There are also informal get-togethers (usually involving libations) that go into the wee hours while knotty issues are discussed. But there doesn’t seem to be a venue for those involved in planning and implementing enterprise identity systems and architectures to meet in a vendor-neutral environment to swap stories, sound warnings and point out new initiatives. Marty wants to change that.This seems to be as good a place as any to announce that we have found a venue. At the upcoming Digital ID World (Sept. 8-10 in Anaheim), Program Chair Eric Norlin has convinced me to moderate just such a session - me, a few microphones and (hopefully) an audience of enterprise identity architects - ready to talk about where they are, where they've been, where they hope to go and how they want to get there. If you've an interest in enterprise ID architecture (Pam, are you listening?) then I hope to see you in that audience.
Monday, April 07, 2008
The blind philosophes of IdentityKim has now responded ("Through the looking glass") to my Humpty Dumpty post, and we're beginning to sound like a couple of old philosophes arguing about whether or not to include "le weekend" and "hamburguer" and other Franglais in the French dictionary.
We really aren't that far apart.
In his post, Kim recalls launching the name "metadirectory" back in '95 with Craig Burton and I certainly don't dispute that. In fact, up until 1999, I even agreed somewhat with his definition:
"In my world, a metadirectory is one that holds metadata - not actual objects, but descriptions of objects and their locations in other physical directories."
But as I continued in that Network World column:
"Unfortunately, vendors such as Zoomit took the term 'metadirectory' and redefined it so it could be used to describe what I'd call an überdirectory - a directory that gathers and holds all the data from all your other directories."
Since no one took up my use of "uberdirectory," we started using "metadirectory" to describe the situations which required a new identity store and "virtual directory" for those that didn't.
So perhaps we're just another couple of blind men trying to describe an elephant.
Friday, September 21, 2007
More on ownershipDavid Recordon has now further developed the ideas ("We Are Opening the Social Graph") first presented in the "Thoughts on the Social Graph" manifesto he wrote along with Brad Fitzpatrick. It's an important work, but begins with a flaw which may, ultimately, prove fatal.
"Your lists of friends and connections on the social websites that you use, sometimes called your social graph, belongs to you. No one company should own who you know and how you know them."
This is a strawman argument, though, as no company claims to own this data. And, in fact, there can be no ownership of what amounts to, simply, a group of facts. What companies do own, however, are the tools for constructing the graph. And, I fear, too many will see the tools - and their output - and claim it as their own.
But consider this analogy:
You take your dirty clothes to the laundromat. You wash them in the washers there, then dry them in the dryers. The laundromat doesn't claim 'ownership' of your clothing (either dirty or clean), but neither can you claim 'ownership' of the cleaning process nor of the equipment (the 'tools') used to do the cleaning. You pay the laundromat for the use of their tools and processes and , in return, you're presented with clean clothes. The "cleanliness" was always present in the clothes, it simply needed some processing to bring it out.
So, too, your friends and relationships need processing in order to form a rational 'social graph'. You can pay some company (either in cash or in kind) to do that for you (like the laundromat) or you can buy or "roll your own" tools to do so (just as you can buy your own washer and dryer).
The sooner we can get away from the disastrous "ownership" meme, the sooner we can get to the fun and interesting parts of identity.
Thursday, September 13, 2007
Nobody "owns" my identity dataMary Hodder, Doc Searls and Drummond Reed have all weighed in over the last day or so on the issue of ownership of identity data. Mary originally quibbled (as did I) over the use of the word "ownership" but now writes:
I've decided that it makes more sense for users to:
I can't agree. Very little identifying data, in fact, do I actually "own" in the sense that I can do what I please with it. I don't, for example, "own" my social security number, my credit card accounts, my mailing address, my wife (that's a co-owned relationship), etc. At best, I might be thought to be able to control the distribution of the identity data within certain very well defined parameters. But in many cases there are also other parties who also control distribution within "certain very well defined parameters" (e.g., the bank can distribute information about my credit card accounts to certain third parties).
"Ownership" is the wrong word, the wrong paradigm, the wrong meme.
Drummond, in his post, talks about Identity Rights Management (IRM), a much more interesting concept which deals with the distribution and use of identity data. Done right, IRM is neutral on the "ownership" issue but deals with the entities who have rights to distribute and use identity data, how those rights can be licensed or assigned and how the licensing can be enforced through the use of Identity Rights Agreements (IRA). Like Reed, I also urge you to dive in to IRM and IRA by subscribing to the new mailing list.
Wednesday, January 03, 2007
Identity principalScott Wilson introduced me to the term "principal" for the human entity to which a digital identity is attached. He sums it up as " 'the person for whom a broker executes an order', that is, the entity outside the system that asserts an identity." He references Stephen Downes, Andy Powell and, especially, a long treatise by Dave Snowden which talks about the five characteristics of an identity -
"1. An identity is not the same thing as a role.I might not agree with all that Professor Snowden says, but it is a good starting point for discussion.
© 2003-2006 The Virtual Quill, All Rights Reserved Home