On a recent trip out of town, while waiting in the Phoenix airport to board my flight, I suddenly become aware that I had really used a lot of apps on my iPhone that morning. So I counted the ones I had used – all 15 of them – before 10am.

1. Mail
2. Phone
3. iPod
4. Safari
5. Messages
6. Calendar
7. Toodledo
8. Evernote
9. Tweetie
10. Facebook
11. Brightkite
12. Livestrong
13. AP Mobile
14. Weather Channel
15. Tripit

I went on to use some more apps later in the day, but this all goes to prove that the iPhone has become an indispensible part of my life – helping me be more productive, connected and responsive to the people in my life.

What apps are a critical part of your everyday life?

When he learned I would be re-joining Oracle after my time at Sun Microsystems, my son suggested that I take a drive down Oracle Street in Mesa, Arizona, to celebrate.  It is a small street with a big name, located about a mile from my house.  Here is evidence that I took the trip.

To support recent discussions about Identity Management and Cloud computing, I divided the types of Identity Services that might be needed to support Application services into three major categories as shown in the following diagram and explained in a bit more detail below:

The specific services provided in each category could include:

Identity Administration Services

• Create, update, delete identities
• Password/credential management
• Entitlement definition/management
• Provision/de-provision access privileges
• Role engineering/management
• Policy definition/management

Identity Enforcement Services

• Authentication
• Authorization
• Access control
• Federation
• Web services security

Identity Audit Services

• Reporting
• Evaluation
• Attestation
• Validation
• Remediation

Did I miss any services that you think should be present?  Any input on the categories or types of services?  Any input or criticism would be most welcome.

The following chart may be helpful as we consider the different types of users that should be addressed by Identity and Access Management (IAM) technology and processes in cloud computing.

At the Platform as a Service (PaaS) and Infrastructure as a Service (IaaS) layers, the only users are administrators of the platform or infrastructure services, respectively.  However, these administrative users may be either on the provider side or on the recipient or enterprise side.  End users, whether within the enterprise (employees or contractors) or external to the enterprise (customers and partners), only exist at the application layer or Software as as Service (SaaS) layer.

This illustrates how cloud computing introduces increased complexity into IAM. Not only do the different layers (PaaS, IaaS and SaaS) have unique requirements, but multiple organizations (e.g. provider and enterprise) need to be considered.

For example, the nature of PaaS services will require provider administrators to have root access to the operating system, while enterprise administrators at the SaaS level may only need access to application configuration functions and external SaaS users only need to access to selected application functions.

Hopefully, this provides food for thought as we explore IAM in cloud computing.  I’d be grateful to hear your comments.

Boomerang:

• noun, “a bent or curved piece of tough wood used by the Australian Aborigines as a throwing club, one form of which can be thrown so as to return to the thrower.”
• verb, “to come back or return, as a boomerang”

I first joined Oracle in 1997, as a pre-sales consultant on the Oracle Telecommunications sales team, and then spent an intense three years literally travelling around the world in support of Oracle sales activities to many telecommunications companies.  I learned much, worked with outstanding people, had great experiences, and then was lured away to a Silicon Valley startup just before the .com bubble burst. A series of interesting experiences with small companies led me to Sun.  It turns out that the executive who initially hired me at Oracle was the same one who referred me into Sun.

So now, after nearly a decade,  I will be leaping back into the Oracle fold with my Sun colleagues, eager with anticipation, looking forward to many more exciting years.

As Sun transitions into Oracle, the bright expectations of new opportunities have been accompanied with the gut-wrenching impact of learning which friends were not invited to make the leap.  Thursday and Friday were difficult for me, as I heard from outstanding people I have learned to admire and trust that they were opening new doors in their lives.

As a tribute to them and all other friends I have come to know and respect during my sojourn at Sun, I offer a few lines I penned several years ago …

A Tapestry Of Miracles

Like brilliant golden strands
Woven delicately yet boldly
Among more dreary threads
To create a magnificent tapestry,
Our lives converge
In brief but sparkling brightness,
And then intertwine into
Radiant relationships
Borne of common hopes and dreams.

Countless encounters
Of human souls,
Guided by an unseen hand,
Link our lives together,
Creating cascading
Miracles of light,
Illuminating our hearts and minds
Amidst the harshness and the gloom
Of mortal life,
Ever weaving and preparing
The glorious, eternal tapestry
Of humankind.

Mark G. Dixon
November 15, 1996

Photo credit: A quilt entitled “The Woodpeckers” by Kathy Swartz, based on a tapestry of the same name by William Morris.

Last Thursday, January 21st, I gave a presentation at the Sun Horizons conference, “Healthcare Integration Through a New Perspective.”  The title of my talk was “Identity Management: Securing Information in the HIPAA Environment.”  I explored how the complementary functionality of Identity Management and Master Patient Index technologies can enable effective Patient Consent Management, a vital requirement for online health information networks.

A copy of my presentation deck is available for download here.

At the heart of my the presentation was the following diagram, which illustrates major components required in a Patient Consent Management system:

A brief explanation of key components follows:

Identity and Role Repository

IAM technology and methods provide the foundation for an effective patient consent management system.  An Identity and Role Repository contains Identities, roles and access control credentials necessary to support the consent system.  This repository includes:

• Patients
• Providers
• Access Rights
• Roles (map business responsibilities to access rights)
• Override Rights (Only users with specific roles can perform override without consent)

Consent Registry

A consent registry is required to specify what permissions have been granted by patients, within the allowable limits specified by each applicable jurisdiction.   Some of the key attributes include:

• Consent Permissions for
• Patients
• Organizations
• Users
• System-wide mask (everyone)
• Fine gained access
• Include or exclude attributes
• Accommodation for multiple jurisdictions

Master Patient Index

A Master Patient Index enables correlation of patient data across multiple repositories.  This is essential because patient records are typically help in multiple locations.  In other cases, if patient records exist in the same physical data warehouse, they are often logically separated. 

Federated Data Access

If patient data is located in physically or logically separate locations, Federated data access controlled allows access across domain boundaries without compromising the privacy or integrity of individual patient record repositories.

Data Access Services

By providing a set of centralized data access services governed by IAM, the Consent Registry and the Master Patient Index, a secure method of patient data access is possible.

I recently replaced the wheels on my roll-aboard suitcase with inline skate wheels.  So much for a run-of-the-mill black-on-black look for my luggage!  I hope the fact that I chose orange rather than red doesn’t get in the way of success with Oracle.

In August, 2007, the Sun National Sales Conference featured Oracle/Sun luggage tags for all attendees, which was terribly ironic for those of us in the software business, which competed head to head with Oracle.  Little did we realize at that time how prophetic those luggage tags would be!

Thanks to my colleague Patie McCracken for sharing this nostalgic song … to the tune of the old favorite “American Pie” by Don McLean. Patie isn’t the author, but she received it from colleagues in Europe.

A long, long time ago….
I can still remember when
Unix used to make them smile.
And we knew that if we had a chance
Sun could make those networks dance
And, maybe, they’d be happy for a while.

But DEC and Apollo make us shiver
With every workstation they’d deliver.
Competition camped out on doorsteps
We had to fight for each step.

I remember how hard we tried
To win each system that they buy
Yes, something touched me deep inside
The day Sun Microsystems died.

So bye-bye, dear ‘ole S–M–I
We drove those networks to the limit
And made applications fly!!
Them corporate boys have kissed Sun good-bye,
Singing, “Time to give Oracle a try.
Time to give Oracle a try!!”

Have you heard of Solaris OS?
And do you believe in Open Source?
If the European Union tells you so…..
Do you have faith in MySQL?
Can Java save your mortal soul?
And, can you keep data from moving slow….

Well, I know that Larry’s in the groove
`cause I saw his keynote on You-Tube.
Oracle and Sun have hit the news!!
Man, I dig them targeting Big Blue.

I was a great Sun Sales Rep kicking butt
With a SPARC based server and tons of spunk
But I knew I was out of luck
The day the Sun Microsystems died.

So bye-bye, dear ‘ole S–M–I
We drove those networks to the limit
And made applications fly!!
Them corporate boys have kissed Sun good-bye,
Singing,  “Time to give Oracle a try.
Time to give Oracle a try!!”

For nearly 27 years we’ve been on our own
Now our revenue’s gone down and confidence is blown.
But, that’s not how it used to be.
When Scott ruled with Ed and Joe,
And installed systems around the globe
With a OS that came from BSD….

Oh, and while Scott was flying around,
The jester grabbed his SMI crown.
The stock-holders were concerned;
The SUNW brand was over turned.

While Johnathan played his agenda in the dark,
IBIS ran in stops and starts,
We just kept selling Solaris and Sparc
The day Sun Microystems died.

We were singing,
Bye-bye, dear ‘ole S–M–I
We drove those networks to the limit
And made applications fly
Them corporate boys have kissed Sun good-bye.
Singing, “Time to give Oracle a try.
Time to give Oracle a try!!”

Re-orgs and RIFs in a March disaster.
The IBM bid fell upon us in a news flash after
Analysts screamed high and then fell fast……
IBM’s bid landed foul on the grass.
The players tried for an Oracle pass,
With the European Union looking on aghast.

This acquisition news was sweet perfume.
The industry spun up many tunes.
The Stock holders all lined up to dance,
But…they never got the chance!
`cause when Oracle tried to take the field;
The European Union refused to yield.
Do you recall what was revealed
The day the day Sun Microsystems died?

They started singing,
Bye-bye, dear ‘ole S–M–I
You drove those networks to the limit
And made applications fly!!
Them corporate boys have kissed Sun good-bye.
Singing,  “Time to give Oracle a try.
Time to give Oracle a try!!”

So, now we are all here in one place,
An acquisition stuck in space
With no time left to start again.
So, Larry be nimble, Larry be quick!
Use your brains and might and wit,
‘Cause profit is the market’s only friend.

As this plays out on the world stage
My hands are clenched in fists of rage.
Can this angel born in hell
Break those devils’ spell?
Our company falls deeper every night
And crumbles under this burdensome rite,
I saw the competition laughing with delight
The day Sun Microsystems died.

They were singing,
Bye-bye, dear ‘ole S–M–I
You drove those networks to the limit
And made applications fly!!
Them corporate boys have kissed Sun good-bye,
Singing, “Time to give Oracle a try.
Time to give Oracle a try.”

I met a guy who wrote some code
And I asked him what the future bodes,
But he just smiled and typed away.
So, I went on to the Inter Net
Where I’d played with Sun years before,
But the sites there said that Sun had gone away.

And in the streets: the customers screamed,
The partners cried, and the programmers dreamed.
But not a word was spoken;
The systems all were broken.
And those groups I admire most:
The Engineers, Sales Reps and Service folks,
They caught the last train for the coast
The day Sun Microsytems died.

They were singing,
Bye-bye, dear ‘ole S–M–I
We drove those networks to the limit
And made applications fly!!
Them corporate boys have kissed Sun good-bye,
Singing, “Time to give Oracle a try.
Time to give Oracle a try.”

So…….
Bye-bye, dear ‘ole S–M–I
We drove those networks to the limit
And made applications fly!!
Them corporate boys have kissed Sun good-bye,
Singing, “Time to give Oracle a try.
Time to give Oracle a try.”