Today was really the first “official” day of the Digital ID World conference, but for me – Day 2.  So, here are some short highlights of the sessions I attended.

Cops and Robbers, Las Vegas Style – Jeff Jonas, Chief Scientist, IBM Entity Analytic Solutions

• Las Vegas is his “laboratory” for identity analytics – resorts typically have 100+ systems and 20,000+ sensors
• Context engines close the gap between the rapidly increasing amount of digital data and the less rapid growth of “sense-making” algorithms
• Mobile operators are accumulating 600 billion cellphone transaction records annually and are selling this data to third parties who use advanced analytics to identify space/time/travel characteristics of individual people

Context Automation – Phil Windley, CTO, Kyntetx

• Current focus in web marketing is focused on servers, using the metaphor of “location”
• Focus on “purpose” from the client’s perspective, using an intelligent, adaptable browser, will bridge between server-based silos to give users a richer, more purposeful experience

The Implications of Privacy on IDM – Larry Ponemon, Founder and Chairman, Ponemon Institute

• Many cultural differences are evident between nations and areas of the world with regard to privacy, security and identity management expectations.
• Companies doing business internationally will need to be sensitive to cultural and legal issues in the nations where they do business.
• People are growing tired of fact-based identity
• Perceptions of privacy are inextricably linked to identity and authentication

Business Process and Legal Issues in Cross-Org Secure Collaboration – Peter McLaughlin, Foley & Lardner

• Regulatory language should be treated as a floor, rather than a ceiling
• Normal industry practices may represent minimum requirements but may not guarantee compliance
• Make sure your business partners abide by same laws your company is subject to
• Reputational risk will always stay with your company, but you may seek to share financial risk with partners

Identity Governance Frameworks – Marc Lindsey, Levine, Blazak, Block & Bootby

• Legal agreements seek to apportion liability – who is responsible for what?
• Comprehensive frameworks for governing such agreements are emerging
• Modern federation agreements need to be better than the old EDI agreements

Dealing with International Privacy Laws – Discussion led by Larry Ponemon, Founder and Chairman, Ponemon Institute

• Complex international privacy laws affecting data transport hamper organizations’ ability to do their legitimate work.
• Will it be easier or harder to deal with international differences in privacy laws in five years?  (majority of audience said no)

Federation is Dead: Long Live the Federation Fabric – Symplified

• Federation must move to utility model to overcome issues of costs and complexity associated with one-to-one integration.

Building Good Practices into Your Processes – Edward Higgins, Vice President of Security Services, Digital Discovery Corporation

• Education of employees on good security practices is critical part of getting value from your IDM investment

On Monday and Tuesday this week, I attended the Digital ID World (DIDW) conference held at the Rio Hotel in Las Vegas.  It has been enjoyable to take the pulse of the industry from yet another vantage point and connect with fellow Identity Management practitioners from diverse locations.  Of course, the first question nearly everyone asked  me had something to do with Oracle, but, of course, I can’t talk about that.  So, here are very brief highlights of each session I attended the first day (Authentication and Virtual Directory “Summit Sessions”):

The State of Authentication and its Impact on IDM – Jim Reno, CTO, Arcot

• “Risk Based Authentication” is a fourth factor of authentication, augmenting traditional factors (what you have, know, and are)
• Authentication should consider context when assessing risk

Authentication Case Study – Naomi Shibata, former GM/COO, MLSListings

• Communications with users is essential prior to authentication system rollout

The Future of Authentication – panel including Jim Reno and Naomi Shibata, moderated by Bill Brenner, Sr. Editor of CSO Magazine

• Business, legal, regulatory and liability issues are more onerous than technical issues when considering an authentication system
• Authentication technology advances usually occur in response to advances in threats
• Enterprises should periodically re-verify appropriateness of installed authentication systems in light of advances in technology and threats
• Identity assurance is increasing in importance

Identity Service Virtualization and Context Management – Michel Prompt, CEO/Founder, Radiant Logic

• It is difficult to define Identity without understanding the context in which it is used
• Understanding relationships between identity objects enables a global model that links identities together to enable contextual views
• Such Identity linking can occur in a virtualization layer between diverse identity repositories and applications which consume those identities

Case Study: Identity Services and Virtualization – Bill Brenner, CSO Magazine and Mohammad Khattak, Booz Allen Hamilton

• Dynamic Access Control requires consolidate identity repository with many sources of identity information
• When aggregating data sources, we need to understand the trust level in each source repository

Impact of Oracle/Sun Acquisition – David Rusting, Unisys and Todd Clayton, CoreBlox

Note: I am restricted from commenting on product roadmaps or anything related to the Oracle acquisition of Sun.  The following comments are views expressed by the panelists.

• The primary discussion focused on how customers should plan for potential changes in either Sun or Oracle directory roadmaps
• A virtualization layer between director and applications may provide a layer of abstraction to shield customers from changes in vendor roadmaps and reduce tie to single vendor
• This may be a time to re-evaluate application needs and determine which direction to go with regards to directory technology

Stay tuned for Day 2!