Catalyst: Day 3 – June 27
My summary of the salient points addressed in each Burton Group Catalyst Conference session I attended on Friday, June 27, 2008, are
included below:
Anne Thomas Manes – The Business Value of Reusable Infrastructure Services
- The Infrastructure Services Model applies SOA principles to infrastructure (security, resource allocation, etc.). This model will yield consistency across traditional boundaries in an enterprise.
- The service model virtualizes infrastructure functions so developers can focus on writing business code and security functions can be separated externally from business functions within applications
- This model will allow infrastructure to become as pervasive and easy to use as the network, allowing policies to be defined centrally and propagated outward to multiple application environments.
- A lack of standards and conventions is impeding industry progress.
- Implementing an Infrastructure Services Model is currently technically difficult, but standards may emerge and vendors may eventually deliver solutions that ease the process.
Russ Reopell (The MITRE Corporation) – Security and Information Sharing in a SOA Environment: Using Policy Decisioning to Protect your Data
- Attribute-Based Access Control (ABAC) is being used rather than RBAC because the DoD is an enterprise of enterprises and agreement on role definition can’t be reached across organizations.
- ABAC allows access to services based on policy rules which determine whether a subject can access resource.
- ABAC involves choosing attributes that can be used for authorization and defining rules on how to grant access based on those attributes.
- ABAC accommodates “unanticipated” users (e.g. no user accounts)
- Current pilot ABAC projects in the DoD address authorization, directory, credential validation services across multiple military service boundaries.
Barney Sene (Corporate VP & CTO, Ingram Micro) – Case Study: Infrastructure Services in an SOA Environment
- The major driver for this program was to enhance business agility to rapidly adjusts to changing markets.
- The biggest pain point was how application changes had broad effects because of the use of point to point interfaces between applications.
- The most challenging aspect of the program was getting people on board and supportive.
- They began by capturing business requirements and building services around a baseline set of highest priority requirements (e.g. address validation, credit card validation).
- An infrastructure services program is a journey over time. Ingram Micro is in the third year of the program.
Kevin Kampton – Making the Case of Interoperable Identity Services: A Community Perspective
- The Identity Services Working Group (ISWG) includes global organizations which investment in internal and external solutions.
- The objective of the group is to move the industry toward Service Oriented Identity (SOI).
- The Identity Services matrix produced by the working group shows that no one vendor covers all areas.
- Vendors are providing individually focused services, but lack of interoperability puts burden of integration on customers.
- Burton calls for vendors and standards groups to participate in the ISWG dialog.
Identity Services Roundtable: Customer Perspectives from the Identity Services Working Group
Panel participants:
- Gavin Illingworth (Bank of Montreal)
- Susan Staples-Holt (MassMutual Financial Group)
- Andrew Cameron (GM)
- Kevin Kampton (Burton Group)
- Chris Harvison (Scotiabank)
Discussion:
- Identity suites are not the complete answer. Vendors need to get out of a silo mentality. Just having identity services is not sufficient – they need to be the same across multiple vendors. Interoperability standards are needed.
- The real value of Identity Services is process optimization. Optimizing the process through Identity services also gives benefits of compliance.
- Federation is one area where technology has gone ahead of business. Federation is currently less of technology challenge and more of a business issue.
- A federated hub model with a third party broker introduces complexity because trust is no longer point to point and new trust relationships must be established.
- Banks have a chance to be Identity providers in larger network. They already have a good face to face registration process
.
Technorati Tags: Identity,
Digital Identity,
Identity Management,
Catalyst Conference,
BurtonGroupCatalyst08