Last Friday, I began experimenting with publishing a  Discovering Identity “paper” via the paper.li service.  It was enlightening to learn how to specify sources of information and then see how paper.li drew from those sources to lay out a paper fit for publication.  

I don’t pretend to understand the algorithms they use to select from the hundreds of articles and tweets in the sources I specified, but I will continue to experiment with sources and priorities as I move forward.

I decided to upgrade to the Pro version, which allowed me to tweak the branding a bit.  I decided to use the new Discovering Identity logo that appears on this blog, and the same background color.

You can view the paper at  paper.discoveringidentity.com.  I hope this proves to be a useful addition to my online presence as I try to reignite my personal social media efforts.

In a bit of frustration recently, I thought about how much information I plow through each day and posted this tweet:

After thinking about that conundrum some more, I drew a graph like the one on the right on my whiteboard.  

As the available information in the world continues to expand geometrically, we are constrained by an absolutely finite resource – time.  To my knowledge, nobody’s days have grown longer recently.  Yet the amount of information we have at our disposal continues to tend towards infinity.

Big data analytics certainly attempts to deal with this challenge.  Ever more sophisticated tools sift through larger and larger piles of data, attempting to discover “Subtle Patterns and Relationships” that may have importance in our lives.

It as if we are attempting to grasp and understand the infinite from a finite frame of reference.

It reminded me of a profound statement from a very wise man: David O. McKay

Spirituality, our true aim, is the consciousness of victory over self and of communion with the Infinite. 

I doubt that the Infinite of which he spoke will be found in the near infinite pile of data in Facebook or Twitter, but it is food for thought.

An interesting new report came to my attention today, “ Unlocking the Value of Personal Datra: From Collection to Usage,” published by the  World Economic Forum, prepared in collaboration with  The Boston Consulting Group.

Some statements from the executive summary that I like include:

Our world is changing. It is complex, hyperconnected, and increasingly driven by insights derived from big data. And the rate of change shows no sign of slowing.

… the economic and social value of big data does not come just from its quantity. It also comes from its quality – the ways in which individual bits of data can be interconnected to reveal new insights with the potential to transform business and society.

… fully tapping that potential holds much promise, and much risk.

… It is up to the individuals and institutions of various societies to govern and decide how to unlock the value – both economic and social – and ensure suitable protections

The report is organized as follows

• Chapter 1: The World Is Changing
• Chapter 2: The Need for a New Approach
• Chapter 3: Principles for the Trusted Flow of Personal Data
• Chapter 4: Principles into Practice
• Appendix – Relevant Use Cases

It is particularly interesting to me that although there are numerous examples about the potential benefits of big data, there are huge challenges, and no easy fixes.  But the report is well written and provocative.  Well worth the time to read.

Plus as an added bonus, the report has some great pictures and graphics – a treat seldom seen in a report like this.  Here is my favorite – it seems to capture the spirit of the crazy world of privacy and security we are in right now.

 

Back in November 2009, I wrote a post entitled, Best Practices for the IAM/Compliance Journey that outlined 13 recommended practices to improve the probability of success in implementing IAM systems.  One of the recommended practices was “Establish a Governance Process”:

Compliance efforts affect a broad spectrum of an enterprise. Stakeholders from many organizations, often with conflicting priorities, have vested interests in the outcomes of a compliance strategy. The governance process must provide representation from the impacted functional areas of the organization. A governance board should have appropriate representation from IT, security, audit, application owners, human resources, business process owners and applicable business associates. The board should be accountable for the project objectives and be vested with authority to make program decisions. The board should be empowered to 1) establish a statement of purpose for the program, 2) promote and give visibility to the program throughout the larger organization, 3) act as a mechanism for quickly making decisions regarding program scope, issues, and risks, and 4) monitor the program health on an ongoing basis.

This recommendation certainly still holds true.  It refers to the type of Strategic Governance that should be an integral part of a company’s IAM strategy, ensuring that IAM technology is aligned with and supports a company’s business objectives and strategy.

However, in the past few months in my work with Oracle, I have begun to crystalize my thoughts about a more tactical kind of governance, which I call IAM Project Governance.  This process is focused on how to make sure a specific project within the IAM journey stays on track and meets specific tactical objectives under the umbrella of the company’s IAM strategy.

IAM Project Governance is based on four distinct, but interrelated principles in a spirit of Cooperative Execution:

Alignment

The three major participants in an implementation process – Customer, Software Vendor and Systems Integration Partner – must be aligned in project objectives,  understanding of the project plan and the project schedule.  This alignment must include executive sponsors, director and management levels, and project levels from all three parties.

Commitment

The three major participants must be uniformly committed to the project success, and be willing to work together to make it so.  This is real commitment, of focused attention, time, effort and resources that will lead to mutual success.

Communication

Communication must be regular, articulate, candid and open.  A regular cadence of interaction at all levels of the project leadership, from executives down throughout day-to-day project team members, must be organized executed.  It is this type of regular communication that can nip problems in the bud by giving proper attention and allocating appropriate resources before problems fester and grow out of control.

Consistency

Implementing an IAM system takes focus, hardware and consistent effort.  The mechanisms for ensuring a successful project must be consistent and thorough.  Don’t let up or get com placement.  Hold each other accountable for commitments and assigned responsibilities.  

Time and time again, we have seen how these principles, if followed, can lead to success.  Yet all too often, we also see where companies try to take shortcuts in the name of tactical expediency, and fall short in their expectations for project success.

I’ll discuss more on this topic in the near future. Stay tuned.  In the mean time, Cooperatively Execute!

This blog is, if anything, a place of personal experimentation.  Tonight I finally signed up to create a paper.li newsletter, named, you guessed it,  Discovering Identity. Yeah, I know there are already several such newsletters serving the Identity community.  The big question I have, is “How will the paper.li algorithms select articles from sources I specify any differently than for others similar papers?”  

It will be interesting to experience with sources and priorities to see if I can forge something worthwhile.

It’s nice to know that there are folks out there (at least in Dilbert comic strips) who are farther out on the social media long tail than I am.

The big question is … how to strike the right balance?

Within the past week, two commentaries on email popped up on my screen. The Dilbert strip set the stage …

 

… Drummond Reed offered the solution:  “Please Send Wicked Simple Email.”

After a wickedly clear setup …

After 20 years of averaging a third of every working day doing email, I realized I could save hundreds of hours a year—and collectively we could save hundreds of millions of hours a year—by just writing wicked simple email.

… Drummond offered five wickedly practical recommendations

1. Treat the Subject Line as a Tweet
2. No Sigs
3. Reply Inline Whenever Possible
4. Hold Deeply Threaded Conversations Elsewhere
5. One Screen Max

Reading the details is well worth your time. Thanks, Drummond, for excellent suggestions. 

In the Oracle Information InDepth newsletter I just received, a new white paper, “Privacy and Security by Design: A Convergence of Paradigms,” was announced. The paper is a collaboration of Ann Cavoukian, Ph.D., Information and Privacy Commissioner, Ontario, Canada, and Marc Chanliau, Director, Product Management, Oracle Corporation.

The forward by Ms. Cavoukian includes this statement:

My hope is that privacy and security – by design, will continue to evolve into an essential component of information technologies and operational practices of organizations, as well as becoming an integral part of entire systems of data governance and privacy protection.

The paper further explains the value of these converging topics:

This paper highlights the convergence of these two paradigms. In the first part, the concept of security by design as understood in the technical community is introduced. In the second, the concept of Privacy by Design (PbD) as understood in the privacy community is discussed. The third and final part explores how these two concepts share notable similarities and how they may complement and mutually reinforce each other.

The paper provides a good overview of Security by Design …

… we address three aspects of security by design: i) software security assurance (designing software systems that are secure from the ground up and minimizing the impact of system breach when a security vulnerability is discovered) ; ii) preserving privacy in the enterprise environment and; iii) ensuring identity across heterogeneous vendors.

… and Privacy by Design.

Privacy by Design … is aimed at preventing privacy violations from arising in the first place. PbD is based on seven (7) Foundational Principles. It emphasizes respect for user privacy and the need to embed privacy as a default condition. It also preserves a commitment to functionality in a doubly-enabling ‘win-win, ’ or positive-sum strategy. This approach transforms consumer privacy issues from a pure policy or compliance issue into a business imperative.

The paper concludes:

It is becoming widely recognized that privacy and security must both be embedded, by default, into the architecture, design and construction of information processes. This is a central motivation for PbD, which is aimed at reducing the risk of a privacy harm from arising in the first place. By taking a proactive approach, it is possible to demonstrate that it is indeed possible (and far more desirable) to have privacy and security! Why settle for one when you can have both?

I found the paper to be thoughtful and timely. By coincidence, this morning I committed to an event next week where I will meet Ms. Cavoukian. I look forward to it!

This evening, I stepped through the process of having my identity verified by miiCard. The process of establishing an account, verifying my identity, linking to my online accounts and posting a badge on my blog took about 30 minutes. Not too bad. You can click on my badge on the right to check the extent of my verification.

It will be interesting to learn how I can leverage this in the future.

Combining my thoughts about my SquareTag Blogtagging experiment and Identity Relationship Diagrams, I created the following diagram, which illustrates my understanding of how the SquareTag system works:

 

The basic Identities and Relationships are:

1. I am a person.  It starts with me.
2. I own a Thing – this blog. It belongs to me.
3. I control my Personal Cloud, which is a service hosted by SquareTag.  It responds to my inputs and sends me messages.
4. The Personal Cloud contains a SqareTag code for my blog.
5. A person named John visits my blog and scans the SquareTag – a very temporary relationship.
6. The action of scanning connects John to my personal cloud and is prompted to send a message to me.
7. The Personal Cloud sends a message to me via SMS – including the GPS coordinates of where the scan was made and a text message, which includes John’s Twitter handle.
8. I post a message to John on Twitter – another service to which I subscribe.
9. John receives my message in the Tweet stream and responds to me.

As I made this diagram, I become aware of a few things I need to refine in the Identity Relationship model.

The graph edges (arrows) are relationships, but I think I have labelled some of them as data flows, rather than relationships.  I need to come up with a way to differentiate between the relationship and information or messages that are exchanged because of the relationship.

How should fairly static relationship (like blog ownership) be differentiated from transitory relationships (e.g. visiting a blog, scanning a SquareTag)?

Should a Personal Cloud be divided into a Subject and a Service?  Johannes Ernst’s recent post would perhaps infer that.  Perhaps the Subject is “what it is” or “what is does”; the Service is “how I access and control it.” 

The diagramming software I use, Graphvis, has some decided advantages and disadvantages.  Because it is data driven, I don’t have to keep re-drawing the diagram by hand.  However, I don’t have much control over the esthetics of the diagram.

If anyone has any feedback, I’d be happy to hear it.