[Log In] []

Exploring the science and magic of Identity and Access Management
Saturday, May 25, 2024

Catalyst: Day 3 – June 27

Author: Mark Dixon
Tuesday, July 1, 2008
9:36 pm

My summary of the salient points addressed in each Burton Group Catalyst Conference session I attended on Friday, June 27, 2008, are
included below:

Anne Thomas Manes – The Business Value of Reusable Infrastructure Services

  • The Infrastructure Services Model applies SOA principles to infrastructure (security, resource allocation, etc.). This model will yield consistency across traditional boundaries in an enterprise.
  • The service model virtualizes infrastructure functions so developers can focus on writing business code and security functions can be separated externally from business functions within applications
  • This model will allow infrastructure to become as pervasive and easy to use as the network, allowing policies to be defined centrally and propagated outward to multiple application environments.
  • A lack of standards and conventions is impeding industry progress.
  • Implementing an Infrastructure Services Model is currently technically difficult, but standards may emerge and vendors may eventually deliver solutions that ease the process.

Russ Reopell (The MITRE Corporation) – Security and Information Sharing in a SOA Environment: Using Policy Decisioning to Protect your Data

  • Attribute-Based Access Control (ABAC) is being used rather than RBAC because the DoD is an enterprise of enterprises and agreement on role definition can’t be reached across organizations.
  • ABAC allows access to services based on policy rules which determine whether a subject can access resource.
  • ABAC involves choosing attributes that can be used for authorization and defining rules on how to grant access based on those attributes.
  • ABAC accommodates “unanticipated” users (e.g. no user accounts)
  • Current pilot ABAC projects in the DoD address authorization, directory, credential validation services across multiple military service boundaries.

Barney Sene (Corporate VP & CTO, Ingram Micro) – Case Study: Infrastructure Services in an SOA Environment

  • The major driver for this program was to enhance business agility to rapidly adjusts to changing markets.
  • The biggest pain point was how application changes had broad effects because of the use of point to point interfaces between applications.
  • The most challenging aspect of the program was getting people on board and supportive.
  • They began by capturing business requirements and building services around a baseline set of highest priority requirements (e.g. address validation, credit card validation).
  • An infrastructure services program is a journey over time. Ingram Micro is in the third year of the program.

Kevin Kampton – Making the Case of Interoperable Identity Services: A Community Perspective

  • The Identity Services Working Group (ISWG) includes global organizations which investment in internal and external solutions.
  • The objective of the group is to move the industry toward Service Oriented Identity (SOI).
  • The Identity Services matrix produced by the working group shows that no one vendor covers all areas.
  • Vendors are providing individually focused services, but lack of interoperability puts burden of integration on customers.
  • Burton calls for vendors and standards groups to participate in the ISWG dialog.

Identity Services Roundtable: Customer Perspectives from the Identity Services Working Group
Panel participants:

  • Gavin Illingworth (Bank of Montreal)
  • Susan Staples-Holt (MassMutual Financial Group)
  • Andrew Cameron (GM)
  • Kevin Kampton (Burton Group)
  • Chris Harvison (Scotiabank)


  • Identity suites are not the complete answer. Vendors need to get out of a silo mentality. Just having identity services is not sufficient – they need to be the same across multiple vendors. Interoperability standards are needed.
  • The real value of Identity Services is process optimization. Optimizing the process through Identity services also gives benefits of compliance.
  • Federation is one area where technology has gone ahead of business. Federation is currently less of technology challenge and more of a business issue.
  • A federated hub model with a third party broker introduces complexity because trust is no longer point to point and new trust relationships must be established.
  • Banks have a chance to be Identity providers in larger network. They already have a good face to face registration process


Technorati Tags: ,

Comments Off on Catalyst: Day 3 – June 27 . Permalink . Trackback URL

Comments are closed.

Copyright © 2005-2016, Mark G. Dixon. All Rights Reserved.
Powered by WordPress.