Wednesday’s fourth Identity Management session in the Burton Group Catalyst Conference featured Bob Blakley, Vice President and Research Director of the Burton Group. Key points include:

• We know our own Identities and expect others to be perfectly reasonable – like we are.
• In order to predict others’ behavior we build identities for others, based on our interactions with them.
• Businesses build Identities in relationships, too.
• In the expanding Identity universe, more distant relationships produce less accurate Identities.
• Long tail commerce means less frequent interaction with people who are not closely associated with the business.
• In order for a business to build accurate Identities of customers, it needs to find a way to make frequent, accurate observations of people.
• If information collection systems are overt, people resist them. Relationships give an atmosphere for better data collection that results in stronger Identity models.
• Two good relationships are much better than one bad one. Intermediaries who have relationships with two parties are frequently helpful.
• Relationship Is the context which protects the security and privacy of Identity information.
• Burton has proposed a relationship object to define relationships in a way that can be used by online systems.
• Types of relationships in that model include
• Custodial – interaction tends to be close. Each party acts in the best interest of each other.
• Contextual – primary interaction is through an intermediary. Both parties agree to abide by a commonly agreed upon set of restrictions
• Transactional – interaction is through an intermediary IDP to facilitate a transaction. A person may not reveal who he is.
• Relationships like the credit card model where the card issuer assigns very little fraud liablity to the card holder tend to build trust.
• Companies that succeed online will have close billing relationship with customers. Telcos are there now. Startups are seeking to build such relationships.

Technorati Tags: Identity,
Digital Identity,
Identity Management,
Relationship,
Catalyst Conference,
BurtonGroupCatalyst08

Wednesday’s third Identity Management session in the Burton Group Catalyst Conference featured George Sherman – Managing Director, Morgan Stanley. His presentation was entitled, “Discovering the Iceberg of Identity Management in a Large Integrated Financial Services Firm” Key points include:

• Beware of the hidden cost and complexity of Identity Management.
• Morgan Stanley background:
• In business since 1935.
• 46,000+ employees in 600 offices around the world.
• Conducts business in 33 countries and over 70 regulatory jurisdictions.
• They have a complex technology stack in a highly changing environment.
• In identity management and regulatory compliance, Morgan Stanley must frequently seek a common denominator, which may be the most stringent requirement.
• Historical reference to Identities is essential, even after employees leave the company. A unique identifier is used. Once a person touches the firm, he or she is assigned a unique identifier that is never deleted.
• They have a complex technology stack in a highly changing environment.
• Main drivers for Identity Management were regulatory compliance and security
• A company should not focus on outside challenges until internal challenges are well in hand.
• Identity management needs to be foundational – people must trust it.
• Referential data integrity is needed.
• Two critical success factors include:
• Program Sponsorship Committed sponsors will “Pave the Road” through corporate baloney.
• Program manager needs to be good program manager, but highly technical
• Funding and cost justification takes more than spreadsheets an calculators it requires the trust and confidence of program champions
• Break overall plan into point releases.
• Be realistic about timeframes and the evolutionary nature of the process.
• Areas where the industry needs to imrove include:
• More maturity in security of provisioning engine
• More expert developers
• Integration of certification and provisioning tools
• Rules management
• Better understanding of roles and consequences

Technorati Tags: Identity,
Digital Identity,
Identity Management,
Catalyst Conference,
BurtonGroupCatalyst08

The second Identity Management session in the Burton Group Catalyst Conference was led by Lori Rowland, Senior Analyst, Burton Group Identity and Privacy Strategies. Lori offered leading remarks, followed by remarks by other members of the Identity and Privacy Strategy team:

Lori Rowland: Identity Management Overview

• The Identity universe is expanding in three dimensions:
• Scale – expanding downward from large enterprises to small and medium business and upward to Internet scale
• Control – expanding from central control by enterprise administrators beyond traditional enterprise boundaries
• Focus – expanding from protecting businesses to protect the rights of people (e.g. employees, customers)
• Although compliance is still main driver, there is a shift toward risk management
• We need to move toward Relationship Model
• The industry is moving toward a services based model. “Identity as a Service” is a trademark held by Fischer International. Burton has encouraged Fischer to “give back” the “Identity as a Service” term to the industry.
• Customers should seek to really understand vendor roadmaps.
• The vendor with most momentum in the market is Oracle because of aggressive acquisition. Other vendors with market momentum are Sun, CA and Novell. Others are stagnant or retreating.
• What will happen if Google tries to enter the Identity market offering Identity as a Service (sorry Fischer)?

Gary Goebel: Federation and Distributed Control

• Product advancements in federation include Sun’s Fedlet and Ping’s Autoconnect.
• We should think of federation in business terms. Technology is just a building block.
• OpenSSO is an example of open source federation advancement.
• Federation services and hosted models such as offered by FuGen and others will help accelerate broader consumption.

Gerry Goebel: Entitlement Management

• IBM, Oracle, and Cisco have expanded entitlement management functionality through acquistion, but demand hasn’t grown as much
• A recent meeting hosted by Concordia entitlement management brought up many questions, including
• Is XACML protocol adequate?
• Are other standards needed?
• What performance is required?
• When will a conformance program be offered?
• Who will provide interoperability testing?
• Could Liberty Alliance help with standard way to test?

Mark Diodati: Authentication

• Although the authentication field is very broad, some things missing, including general customization flexibility and strong provisioning capabilities.
• Privileged account management is not owned by anyone and often falls through the crack. We need new products in this area.
• Personal and portable security devices are emerging, including USB devices that couple smart card and flash memory technology, and consumer tokens in the form of wallet cards.

Kevin Kampman: Roles and Provisioning

• The provisioning market is reaching maturity. Many projects have gone through multiple iterations. Success predominates – primarily as a result of realistic expectations.
• Role Management advancements through acquistion include Oracle + Bridgestream and Sun + Vaau
• Role discovery is improving. For example, Oracle is combing data warehouse analytics with Bridgestream discovery capability.
• Provisioning and roles may not converge into a single product. These are parallel, complementary endeavors.
• In the provisioning market, IBM, Sun and Oracle lead. The European market is different than the US market. Microsoft Identity Life Cycle Management may be dark horse.

Kevin Kampman: Identity 2.0

• Although the Identity 2.0 market is maturing very rapidly, technologies like OpenID and InfoCard have more Identity Providers than consumers.
• Trust hierarchies are needed.
• How will industry pay for identity? What is the business model?

Technorati Tags: Identity,
Digital Identity,
Identity Management,
BurtonGroupCatalyst08

The leadoff session in the Burton Group Catalyst Conference featured Jamie Lewis, Chief Executive Officer and Research Chair of the Burton Group. Key points include:

• The need for business transformation often collides with IT transformation. Both sides struggle. We need a more unified approach that address the needs of business and IT.
• Federation isn’t magic, but it’s still valuable. Customers really to see the need for it.
• Recommendations for enterprise Identity Management implementations
• Have an architecture
• Every project is an installment on the overall architecture
• Do what makes sense for your organization
• Relationships provide context for Identity. We must seek to understand relationships and relationship management.
• On the subject of Internet or User-centric Identity, the industry is suspended over a chasm between Enterprise Identity Management and consumer-oriented ideas of Identity. Extreme asymetries will not solve the problem. Solutions will not be pure enterprise IdM, nor pure user centrism.

Technorati Tags: Identity,
Digital Identity,
Identity Management,
Catalyst Conference,
BurtonGroupCatalyst08

I arrived in San Diego this afternoon to attend the Burton Group Catalyst Conference, held at the Manchester Grand Hyatt Hotel. At the opening reception, my friend Mark MacAuley was the only guy man enough to wear a dress!

I’ll post to this blog each day to give my perspective of the sessions I attend – primarily in the Identity Management track. I will also post photos I take at on Flickr in my photo set entitled “Catalyst Conference – San Diego 2008.”

Technorati Tags: Identity,
Digital Identity,
Identity Management,
Catalyst Conference

Today, coinciding with the commencement of the Burton Group Catalyst Conference, Sun Microsystems announced the release of Sun Identity Manager 8.0, the latest version of Sun’s flagship provisioning software product. It is great to see the eighth generation of Sun Identity Management technology becoming formally available. It is particularly heartening to see the complementary strengths of Sun Identity Manager and Sun Role Manager products enabling comprehensive Access Control Compliance from both preventative and detective perspectives.

Technorati Tags: Identity,
Digital Identity,
Identity Management,
Sun Microsystems

Are you attending the Burton Group Catalyst Conference next week in sunny San Diego? If so, please let me know by commenting on this post or sending me a tweet @mgd. It would be great to connect in person there.

Technorati Tags: Identity,
Digital Identity,
Identity Management,
Catalyst Conference

As I was writing yesterday’s post about Identity Dialtone, I thought of another telephony metaphor that may apply to trends within the Identity industry.

In the early expansion of telephony in the United States, someone predicted that if such heady growth continued, the Bell System would need to employ every woman in the nation to work as a telephone operator – all sitting at desks, plugging wires to connect people together over the telephone network.

In a way, that old prediction came true. Every woman (and man) became a telephone operator. This function was progressively pushed to the edge of the network. Each of us dial (now there is an antiquated word) telephones ourselves. We all sit at virtual switchboards to select people with whom we want to talk.

Perhaps this metaphor can help us understand the demand for and utility of User-centric Identity. Why shouldn’t I select how and when to use my identity information rather than relying on Ma Bell to handle it for me? Why shouldn’t this function be pushed to the edge? Gossipy Cousin Mabel at switchboard central doesn’t need to be in the loop for all the calls I make. Why should a virtual “Cousin Mabel” need to know about all my Identity information?

If history repeats itself, and it often does, we’ll figure out the balance between user-centric and enterprise-centric Identity Management, which I predict will eliminate Cousin Mabel and vest most responsibility in individuals at the edge. Then we’ll figure out something else to blame on Cousin Mabel and Ma Bell – so to speak.

Technorati Tags: Identity,
Digital Identity,
Identity Management,
User-centric Identity

At Sun’s recent New York City Identity Management Roadshow, Jonathan Penn of Forrester Research mentioned the concept of “Identity Dialtone” in the context of Identity as a Service (IDaaS). I find this concept intriguing. We can learn much by comparing the emerging concepts of Identity Services with a tried and true, well-worn system.

For those of us who still use POTS (or Plain Old Telephone Service – what my kids would call “old school” phone service), dialtone is:

• Highly available
• Highly reliable
• Highly standard
• Easily recognized
• Simple to use
• Usable
• Ubiqutous
• Critical to our daily activities
• So commonplace we take it for granted

These characteristics make telephone dialtone an attractive metaphor for describing the ideal state of Identity Services. Shouldn’t services such as authentication, authorization, adminstration and auditing exhibit the same characteristics both for access by humans and other software programs?

• Highly available. These services are always available – at our virtual fingertips, as it were.
• Highly reliable. These services simply always work, all of the time. Downtime is highly unlikely. We are startled if failure occurs and feel naked without it.
• Highly standard. We agree broadly on accepted ways of doing things – even on competing networks.
• Easily recognized. As familiar as an old pair of jeans. No mysteries here.
• Simple to use. Any complexity to multiple “standards” is masked by service protocols that are simple to implement and use.
• Usable. Not just easy to use, but “use-able” – really beneficial to my daily activities. This makes life simpler and more productive.
• Ubiqutous. So broadly implemented and used that alternate methods seem illogical.
• Critical to our daily activities. We can’t get along without it. We go home and don’t work if it’s not there.
• So commonplace we take it for granted. We just use it and don’t give it a second thought.

OK. I’ll admit my sights are set pretty high. But if we are so bold as to compare Identity Services to dialtone, we must accept the high standard of performance we embrace. Telephony dialtone has served us well for many years, and is such an integral part of our lives that we seldom think about what it is and does. Yet it is critical to our personal and professional lives. Identity Services should become the same.

Technorati Tags: Identity,
Digital Identity,
Identity Management,
Identity as a Service,
Identity Services

“Kids say the darndest things” – Art Linkletter

“Is your dad still a flight attendant?” Michelle asked my son Ryan recently.

An innocent question, but I had to chuckle. I have never been and never want to be a flight attendant. So where in the world did that question come from?

It turns out that when Ryan and Michelle were in first or second grade together, Ryan thought I was a flight attendant and told his classmates as much. Ryan knew I flew extensively, and somehow, in his little boy brain, he conjured up the picture of his dad taking care of people on airplanes.

Apparently I reinforced the myth when later I taught Michelle and Ryan and several of their friends in a Sunday School class. I would sometimes send members of that little class postcards from the more exotic locations I visited. She actually kept those cards, bless her heart!

So now, many years later, Michelle is a beatuful young woman who for years had held onto the mistaken notion of Ryan’s dad serving folks drinks in the air.

I hadn’t known of Ryan’s misception about my career until he told me this story a few days ago. Do you want to know what some of my other kids thought I did for a living?

David thought I just stayed on an airplane all week. He had seen me get on an airplane early in the week and get off the airplane at the end of the week – in those pre 9/11 days when families could accompany fliers to the gate. He just assumed that is where I stayed all week. The concept of getting off the airplane at my destination was a foreign concept.

For Holly, it was simpler. She just thought I went on a lot of vacations. She had only flown somewhere when the family went on a vacation. She just figured Dad got to go on a lot of them.

But perhaps it was Eric who pegged it best. “I want to be a computer guy like my dad,” he told his first grade class. “All he does is fly all over the place and to go meetings!”

Technorati Tags: Flight Attendant,
Travel