Wednesday’s fourth Identity Management session in the Burton Group Catalyst Conference featured Bob Blakley, Vice President and Research Director of the Burton Group. Key points include:

• We know our own Identities and expect others to be perfectly reasonable – like we are.
• In order to predict others’ behavior we build identities for others, based on our interactions with them.
• Businesses build Identities in relationships, too.
• In the expanding Identity universe, more distant relationships produce less accurate Identities.
• Long tail commerce means less frequent interaction with people who are not closely associated with the business.
• In order for a business to build accurate Identities of customers, it needs to find a way to make frequent, accurate observations of people.
• If information collection systems are overt, people resist them. Relationships give an atmosphere for better data collection that results in stronger Identity models.
• Two good relationships are much better than one bad one. Intermediaries who have relationships with two parties are frequently helpful.
• Relationship Is the context which protects the security and privacy of Identity information.
• Burton has proposed a relationship object to define relationships in a way that can be used by online systems.
• Types of relationships in that model include
• Custodial – interaction tends to be close. Each party acts in the best interest of each other.
• Contextual – primary interaction is through an intermediary. Both parties agree to abide by a commonly agreed upon set of restrictions
• Transactional – interaction is through an intermediary IDP to facilitate a transaction. A person may not reveal who he is.
• Relationships like the credit card model where the card issuer assigns very little fraud liablity to the card holder tend to build trust.
• Companies that succeed online will have close billing relationship with customers. Telcos are there now. Startups are seeking to build such relationships.

Technorati Tags: Identity,
Digital Identity,
Identity Management,
Relationship,
Catalyst Conference,
BurtonGroupCatalyst08

Wednesday’s third Identity Management session in the Burton Group Catalyst Conference featured George Sherman – Managing Director, Morgan Stanley. His presentation was entitled, “Discovering the Iceberg of Identity Management in a Large Integrated Financial Services Firm” Key points include:

• Beware of the hidden cost and complexity of Identity Management.
• Morgan Stanley background:
• In business since 1935.
• 46,000+ employees in 600 offices around the world.
• Conducts business in 33 countries and over 70 regulatory jurisdictions.
• They have a complex technology stack in a highly changing environment.
• In identity management and regulatory compliance, Morgan Stanley must frequently seek a common denominator, which may be the most stringent requirement.
• Historical reference to Identities is essential, even after employees leave the company. A unique identifier is used. Once a person touches the firm, he or she is assigned a unique identifier that is never deleted.
• They have a complex technology stack in a highly changing environment.
• Main drivers for Identity Management were regulatory compliance and security
• A company should not focus on outside challenges until internal challenges are well in hand.
• Identity management needs to be foundational – people must trust it.
• Referential data integrity is needed.
• Two critical success factors include:
• Program Sponsorship Committed sponsors will “Pave the Road” through corporate baloney.
• Program manager needs to be good program manager, but highly technical
• Funding and cost justification takes more than spreadsheets an calculators it requires the trust and confidence of program champions
• Break overall plan into point releases.
• Be realistic about timeframes and the evolutionary nature of the process.
• Areas where the industry needs to imrove include:
• More maturity in security of provisioning engine
• More expert developers
• Integration of certification and provisioning tools
• Rules management
• Better understanding of roles and consequences

Technorati Tags: Identity,
Digital Identity,
Identity Management,
Catalyst Conference,
BurtonGroupCatalyst08

The second Identity Management session in the Burton Group Catalyst Conference was led by Lori Rowland, Senior Analyst, Burton Group Identity and Privacy Strategies. Lori offered leading remarks, followed by remarks by other members of the Identity and Privacy Strategy team:

Lori Rowland: Identity Management Overview

• The Identity universe is expanding in three dimensions:
• Scale – expanding downward from large enterprises to small and medium business and upward to Internet scale
• Control – expanding from central control by enterprise administrators beyond traditional enterprise boundaries
• Focus – expanding from protecting businesses to protect the rights of people (e.g. employees, customers)
• Although compliance is still main driver, there is a shift toward risk management
• We need to move toward Relationship Model
• The industry is moving toward a services based model. “Identity as a Service” is a trademark held by Fischer International. Burton has encouraged Fischer to “give back” the “Identity as a Service” term to the industry.
• Customers should seek to really understand vendor roadmaps.
• The vendor with most momentum in the market is Oracle because of aggressive acquisition. Other vendors with market momentum are Sun, CA and Novell. Others are stagnant or retreating.
• What will happen if Google tries to enter the Identity market offering Identity as a Service (sorry Fischer)?

Gary Goebel: Federation and Distributed Control

• Product advancements in federation include Sun’s Fedlet and Ping’s Autoconnect.
• We should think of federation in business terms. Technology is just a building block.
• OpenSSO is an example of open source federation advancement.
• Federation services and hosted models such as offered by FuGen and others will help accelerate broader consumption.

Gerry Goebel: Entitlement Management

• IBM, Oracle, and Cisco have expanded entitlement management functionality through acquistion, but demand hasn’t grown as much
• A recent meeting hosted by Concordia entitlement management brought up many questions, including
• Is XACML protocol adequate?
• Are other standards needed?
• What performance is required?
• When will a conformance program be offered?
• Who will provide interoperability testing?
• Could Liberty Alliance help with standard way to test?

Mark Diodati: Authentication

• Although the authentication field is very broad, some things missing, including general customization flexibility and strong provisioning capabilities.
• Privileged account management is not owned by anyone and often falls through the crack. We need new products in this area.
• Personal and portable security devices are emerging, including USB devices that couple smart card and flash memory technology, and consumer tokens in the form of wallet cards.

Kevin Kampman: Roles and Provisioning

• The provisioning market is reaching maturity. Many projects have gone through multiple iterations. Success predominates – primarily as a result of realistic expectations.
• Role Management advancements through acquistion include Oracle + Bridgestream and Sun + Vaau
• Role discovery is improving. For example, Oracle is combing data warehouse analytics with Bridgestream discovery capability.
• Provisioning and roles may not converge into a single product. These are parallel, complementary endeavors.
• In the provisioning market, IBM, Sun and Oracle lead. The European market is different than the US market. Microsoft Identity Life Cycle Management may be dark horse.

Kevin Kampman: Identity 2.0

• Although the Identity 2.0 market is maturing very rapidly, technologies like OpenID and InfoCard have more Identity Providers than consumers.
• Trust hierarchies are needed.
• How will industry pay for identity? What is the business model?

Technorati Tags: Identity,
Digital Identity,
Identity Management,
BurtonGroupCatalyst08