[Log In] []

Exploring the science and magic of Identity and Access Management
Friday, November 1, 2024
 

Catalyst Conference 2006 – Day 1

Identity
Author: Mark Dixon
Wednesday, June 14, 2006
11:31 pm

Today was the first full day of the Burton Group Catalyst Conference. I missed the opening reception last night because I flew in late from a customer meeting in the Midwest. This blog entry summarizes the highlights of the sessions I attended in the Identity Management Track.

Jamie Lewis (Burton) – Identity in Context: The Evolving Business and Social Infrastructure

  • We must challenge our assumptions about Identity Management and explore the consequences of what we build.
  • Strong authentication only succeeds when it is backed up by an assurnance process.
  • Provisioning products have matured; provisioning is going mainstream.
  • Role are not a silver bullet. They are one tool among many.
  • “Trust” is one of the problems that plagued PKI and now plagues federation.
  • Are we too fixated on Identity when it’s relationships that matter?

Mike Neuenschwander (Burton) – Identity Management Market Landscape 2006: Finding a Space in Everyone’s Market Place

  • Identity Management is not a winner-take-all market – customers use multiple vendors.
  • Identity is not a one time purchase; it is a life style choice.
  • IdM has so far resisted centralization of rewards. There are many vendors, in spite of recent acquisitions.
  • Some suite vendors (e.g. CA, IBM, HP) are attempting to sell broad suites that encompass Systems Management and Identity Management.
  • “Managization” was his coined word of the day – a spoof of just about everything.

Hans Gyllststrom, Steven Roach (Citigroup) – The Architecture of Change

  • Citigroup used formal modelling languages and methods to prepare Identity Management deployment and building Identity Services into a SOA infrastructure.
  • Formal modelling was used to construct a reference architecture that enabled change.

Mark Diodati (Burton) – Identity Assurance: A Requirement for Identity Management

  • The best access management policies are worthless without Identity Assurance.
  • Identity Assurance provides a level of confidence that the authenticating user is legitimate.
  • Identity proofing methods such as IVR and out-of-band single use passwords have proven effective.
  • Identity assurance seeks to bring risk down to a leve we can quantify and manage.

Panel Discussion: Bill Gebhart (UBS), Gerry Gebel (Burton), Mark Diodati (Burton) – Challenges and Lessons Learned in Deploying Authentication

  • Consumers want simple, easy and secure – and expect vendors/institutions to provide those qualities.
  • Usability is a big consumer issue.
  • Employ risk analytics to detect fraud patterns.
  • Smart cards are gaining momentum because support is maturing in Windows and contact-less smart cards are emerging.

Martin Vant Erve (TransCanada) – Implementing Enterprise Single Sign-On with Two-Factor Authentication

  • Problem: too many digital identities and user authentication systems.
  • Implemented Passlogix V-Go for E-SSO and RSA SecurID for Windows for two-factor authentication.
  • Deployed to all 3,000 end users in nine months.

Lori Rowland (Burton) – Provisioning: The Vortex of Identity Management

  • Identity Management has “crossed the chasm.” We are now selliong to the pragmatists.
  • Compliance is the #1 driver, but we overselling Compliance?
  • Compliance is how provisioning is sold to uppermanagement, but that is not necessarily how it is actually used. The biggest benefit may be operational efficiency.
  • We can now begin do document best practices, based on experience implementing Identity Management.

Kevin Kampman (Burton) – Role Management: Bridging Business and Technology

  • Compliance and audit are the primary drivers for roles
  • Role Goals: Simplify adminstration and improve match of privileges to responsibilities.
  • The real challenge is managing access across multiple environments over some period of time.
  • Organizational structures beyond hierarchies, including teams, matrix organizations, and networks should be considered in creating a role framework.
  • Focus on simplicity and flexibility.
  • Increased role granularity often has diminishing returns.

Q&A: Lori Rowland, Kevin Kampman, Gerry Gebel, Mark Diodati

  • Don’t put roles on the critical path.
  • Learn to say know when users want more role complexity.
  • The size of an organization may not be as important as the complexity of an organization in role definition
  • There has been a definite spike in interest in SPML.
  • Will SPML V2 become the “esperanto” of the provisioning world?

Case Study – Mike Drazan, Steve Watne (Toro Company) – Provisioningand the Road to Role Refinement

  • Used Prodigen Contouring Engine to discover roles.
  • Used Sun Identity Manager System to provision privileges
  • Reduced roles from 2,000 to 400, primarily by analyzing who really used applications.
  • This analysis also sharply reduced the number of people who actually needed access privileges.
  • One job type typically included multiple roles (permission sets).

Jamie Lewis (Burton) – Identity Frameworks, Tools and the Emerging Meta System

  • Lack of suitable development frameworks and tools for Identity is a substantial obstable to further growth of the Identity Industry
  • “It’s the Applications, Stupid.” The real issue is making it easier for developers to create Identity-enabled applications without having to re-create Identity infrastructure.
  • Current frameworks, tools and IDEs lack Identity services
  • Microsoft has a tradition of strong development tools, but they don’t currently include Identity
  • Where is Identity in LAMP?
  • Web 2.0 – lots of protocols, no frameworks.
  • Liberty Alliance and SAML – no development framework.
  • Java Community Process (JCP) – currently at too low level of abstraction.
  • Will Higgins emerge as the “Java Rebel Framework?”

The following are remarks by the named persons in an interview session led by Jamie Nelson:

Paul Trevithick (Higgins Project)

  • Higgins, an open source project, will produce a framework for developers.
  • User centricism implies that a user is in the protocol.
  • The reference implementation is in Java. There is pressure from the open source community to implement in C.
  • Version 1.0 is expected in mid 2007.
  • The project has substantial support from IBM and Novell.
  • Shibboleth is an Identity System, not a development framework like Higgins.

Tony Nadali (IBM)

  • IBM is involved with the Higgins project because customers are interested in multiple Identity systems.
  • IBM is contributing WS* components, context provider components for IBM Directory Services and Lotus Notes directory, Firefox browser extension and IDE components.
  • Is the browser a secure placeto have an Identity Selector?
  • Some of the browser pieces are being developed in C. Other existing code is Java.
  • User-centric applications should provide a 360-degree view of your life without compromising privacy.

Dale Olds (Novell)

  • Bandit is an open source project.
  • It is collection of software components, not a developer framework.
  • Some components are also present in Higgins.
  • Internal Novell developers are beginning to consume open source components as part of the normal product-development process.
  • Novell expects to leverage Bandit technology in its own Identity projects.
  • If developers include Bandit components in their applications, those apps will be more easily managed by Novell’s Identity Management products.

John Shewchuk (Microsoft)

  • InfoCard is the concept. Windows CardSpace is a specific selector, using the InfoCard concept.
  • Security Token Service (STS) is a new way to access database from the Active Directory repository.
  • The Declarative Programming model used in the Windows Communications Framework is designed to free developers from underlying details, hopefully leading to higher development productivity and higher code quality.
  • Microsoft’s motivation is to enable interoperability, which will allow them to sell more products into the enterprise space.
  • SSO needs to merge with User-centric Identity – allowing user partcipation in federation.

Technorati Tags: ,
,
,
,

 

One Response to “Catalyst Conference 2006 – Day 1”

    [Trackback] The last couple of weeks have seen a lot of activity in identity management land. Last week saw Burton Group’s Catalyst Conference, which is always one of the key events in the identity management calendar. The conference also saw a meeting of the Id…

    Comment by On IT-business alignment on June 20, 2006 at 6:57 am

Copyright © 2005-2016, Mark G. Dixon. All Rights Reserved.
Powered by WordPress.