Author: Mark Dixon
Saturday, October 8, 2011
I recently participated in an Identity and Access Management architecture session where I was asked a direct question, “Do you consider user attributes not stored in the main directory a part of user Identity?” When I said yes, a few people seemed somewhat perplexed. Please let me explain my point of view.
I think there is a propensity to think that “Identity attributes” are strictly limited to those stored in a directory user object. That focus is too narrow. While it may be that the “Identity Management System” only knows about those attributes, the sum total of real Identity information can be much broader. This broader view of Identity is essential if we hope to leverage Identity Management to enable innovative business models.
For example, if I am an online vendor hoping to leverage user Identities to provide a highly personalized user experience for my customers, I must not rely only on the user object in the authentication directory. A more rich set of Identity data comprising history, preferences and real-time context must be considered. This information may reside in multiple repositories.
Just my thoughts. What do you think?