[Log In] []

Exploring the science and magic of Identity and Access Management
Tuesday, July 23, 2024

Catalyst 2005 – Day Two

Author: Mark Dixon
Thursday, July 14, 2005
8:00 pm

Day Two at the Catalyst Conference also provided a wealth of insight from a
number of interesting speakers. Several of the sessions today had more depth
than the ones we heard yesterday.


Associate Research Director, Burton Group –
III, Identity Management Markets and Architecture: Evolution and Innovation

  • Identity management is the set of business processes, and a supporting infrastructure,
    for the creation, maintenance, and use of digital identities in online spaces
  • “Relation” is a core ingredient to distributed systems. Identity
    isn’t about the end points—it’s about the relationship
  • "Identarati" – those involved with Identity
  • Cross-domain sign-on is a big winner this year.
  • Service-oriented architecture (SOA) a better approach than suites

, Analyst, Burton Group – Identity Services and the Identity
Access Layer

  • Growing IdM requirements are straining current capabilities, requiring multiple
    and dynamic views of identity information and more complex relationships between
    identities and other objects
  • Distributed identity services becomes the new goal
  • Identity services are the set of services that enable applications and other
    services to fully leverage identity information

Ken Weiss, Charles Schwab & Co., Using Web Services
to Manage Identity and Access

  • The perimeter has vanished
  • Every resource, every application, must be identity-enabled
  • No substitute for a consistently applied opaque unique identifier
  • Really, really know your requirements
  • Policies define how Identities are permitted to access resources

, Principal Consultant, Burton Group – Provisioning
Implementation: Setting Realistic Expectations

  • Deployment strategy will be influenced as much by regulatory issues as return-on-investment
  • Help end users become productive immediately. Focus on Day 1 productivity.
  • Establish a three-year architecture. Implement in bite-sized chunks.

, Senior Analyst, Burton Group – The Big Challenge: Standardizing
Policy While Maintaining Semantic Intent

  • Focusing on policy for security enforcement in IdM systems, including authorization,
    privacy enforcement, and personalization
  • Momentum is growing for the adoption of XACML among broad vendor base
  • WSPolicy framework is maturing slowly, but is starting to appear in products
  • "Entitlement engine" products are emerging to manage policy

, Senior VP, Group Research Director, Burton Group – Federation
in the Identity Infrastructure

  • Federated identity management solves real problems today, enables Web services,
    and constitutes the future of the identity management market
  • Business interoperability issues are lagging technology interoperability
  • On the standards front, Liberty/SAML is making most progress now, but Microsoft
    and IBM (WS*) are slowly progressing. Beware of the tortoise overtaking the

Dave Temoshok, Director, Identity Policy and Management GSA
Office of Governmentwide Policy – Government Adoption of Federated Identity

  • The Government needs the capability to authenticate millions of citizens,
    businesses, and governmental entities without issuing a standard, national
  • GSA is directed to provide common authentication infrastructure for all
    Federal E-Gov business applications and E-access control.
  • IDM Federation Core Infrastructure addresses Trust, Interoperable Technology
    and Business Relationships/Governance
  • If there is to be no central registry of personal information, attributes,
    or authorization privileges – a decentralized approach means federation.

, CEO, Burton Group – User-Centrism Meets Polycentrism:
Creating Identity Infrastructure for the Internet

  • The Internet lacks sufficient identity, security infrastructure
  • Customer awareness of privacy, identity is rising
  • "Its the relationships, stupid." ID services facilitate, coordinate
    relationships, interaction
  • Identity systems that work for a financial services company will not work
    for social software and vice versa
  • Ultimately, systems will mesh, creating a fabric that will allow systems
    user-centric, enterprise, government systems to interact using common standards

John Shewchuk, CTO Distributed Systems, Microsoft, Microsoft’s
Digital Identity Strategy

  • Users should be in control.
  • Each user should make decisions about relationships he or she has.
  • Kim Cameron’s 7 Laws of Identity provide a set of axioms to describe how
    Identity systems should work
  • InfoCard is Microsoft’s proposal for an Identity infrastructure that complies
    with the 7 Laws to replace the ill-fated Passport
  • WS* is a comprehensive framework of "Identity standards" to enable
    web services.

Dick Hardt, CEO, Sxip
Identity 2.0

  • The Identity industry is currently at version 1.0, requiring centralized
    Identity Management.
  • Federated Identity will be provide Identity version 1.5
  • User Centric Identity, properly implemented, will be Identity 2.0.
  • Trusted third parties are required to validate Identities

Bob Blakley
, Chief Scientist, Security and Privacy, IBM, The
Logic of Identity

  • Identity and privacy are not technical problems
  • Security and Privacy are naturally at odds with each other

Roundtable Discussion: User-Centric Identity Management:
Federating the Individual
? (ParticipantsStefan
, President, Credentica; Kim
, Identity Architect, Microsoft; Paul Trevithick,
Co-Founder, SocialPhysics.org.;

Bob Blakley
, Chief Scientist, Security and Privacy,
IBM; moderated, sort of, by Jamie
, CEO, Burton Group.)

  • I was disappointed in this roundtable discussion. What could have been an
    enlightening discussion about the real life issues facing user-centric identity
    was little more than a very high level conversation of esoteric issues that
    may apply in the distant future. I was able to get more insight into the real
    issues facing user-centric identity management by spending 5 minutes with
    Dick Hart in the Sxip hospitality suite than by listening to 30 minutes of
    this group.

Note: A computer malfunction that occured during the
conference prevented me from posting this blog entry until Tuesday, July 19th.


Comments Off on Catalyst 2005 – Day Two . Permalink . Trackback URL

Comments are closed.

Copyright © 2005-2016, Mark G. Dixon. All Rights Reserved.
Powered by WordPress.