[Log In] []

Exploring the science and magic of Identity and Access Management

To cease to think creatively is but little different from ceasing to live. — Benjamin Franklin

Sunday, November 23, 2014

Google Mobile Backend Starter: AuthN and AuthZ in the Cloud

Author: Mark Dixon
Monday, June 3, 2013
6:39 pm


Of the many articles I read today, which one piqued my interest the most? “Google Launches Mobile Backend Starter, A One-Click Deployable Cloud Backend For Android Apps.”

Mobile Backend Starter provides developers with a one-click deployable mobile backend and a client-side framework for Android that provides them with storage services, access to Google Cloud Messaging, continuous queries and Google’s authentication and authorization features. (emphasis mine)


Google mobile backend arch

Why is this important?  I can think of at least 4 reasons:

  1. If this is the easiest way for developers to embed authentication and authorization functionality into their apps, guess which method they will choose?
  2. If it is easy to exploit back end services from mobile apps, emerging apps will ail be richer in functionality and content, because app developers will focus on real application innovation, rather than re-inventing the AuthN/AuthZ wheel.
  3. Google’s quest to become Identity Provider for the world just took a big step forward.  If app developers can easily rely on Google AuthN/AuthZ, other companies that aspire to be IDPs will be playing catch up.
  4. This pattern of easy-to-use backend infrastructure available to developers could revolutionize application development as we know it – not just mobile apps.

The obvious question is “where are you, Apple?”  But a bigger question is for all of us engaged in enterprise IAM, “how will we quickly adapt to this model?”


Siloed Apps and the Internet of Things

Identity, Internet of Things
Author: Mark Dixon
Friday, May 24, 2013
11:16 am



Paul Madsen posted an excellent article today, “Identity, Application Models and the Internet of Things,” recommending that the prevailing application development model move back to the browser and away from native apps.  He references another excellent article by Scott Jenson, “Mobile Apps Must Die,” which holds that because we use so many native mobile apps, they are “becoming too much trouble to organize and maintain,” and that the native app model, “just can’t take advantage of new opportunities.”

Paul observed how, with the prevailing native app model, the “Internet of things would push us to have 1000s of native applications on our devices, but that would place a completely unrealistic management burden on the User.”

I agree that managing large numbers of apps is becoming very burdensome and counterproductive. Each airline I fly has its own app. Each store I frequent has its own app.  I have apps upon apps upon apps.

I propose, however, that just focusing back on browser apps doesn’t completely solve the problem, particularly with the Internet of Things.  A big problem is the narrow siloed focus of so many apps.

I recently bought a Fitbit device to track all the steps I take and stairs I climb.  It is a nice little device that syncs automatically with an app on my iPhone.  I can also use that app to record food I eat and water I drink along with the automatic recording of steps and stairs.  

However, the app covers only a fairly narrow silo of functionality.  If I want to record other vital statistics (e.g blood pressure or blood glucose), it takes another app.  If I want to record my workout at the gym with any degree of granularity, it takes another app.  Of course, every app has a different concept of my identity. Not good.

Paul’s discussion of a an app to monitor his toaster begs the question – why should I have an app (either web or otherwise) for every device in my house?  Doesn’t it make more sense to have a “home management” app that accommodates toasters, fridges, thermostats, smoke alarms or whatever other Internet connected things may be available?

I propose that we need a new app paradigm that retains the great user interface characteristics of native apps, the “just in time” model of discovery and use that Paul and Scott recommend, coupled with a more integrated approach to solving real life, but more complex use cases.



Diagram: Identity is the New Perimeter

Identity, Information Security
Author: Mark Dixon
Wednesday, May 22, 2013
7:39 am


I like the diagram Mark O’Neill of Vordel put in a recent post, “Identity is the New Perimeter.” That phrase has been floating around for some time, but I think this diagram illustrates the concept in the simplest, clearest way I have seen:


The article does a good job of describing this new way of looking at security.  As Mark mentioned in the post, Bill Gates once said, “security should be based on policy, not topology.”


#IoT, Big Data and Authenticity

Identity, Information Security, Internet of Things
Author: Mark Dixon
Tuesday, May 21, 2013
8:41 pm


Today, I read an interesting white paper, “Big Data in M2M: Tipping Points and Subnets of Things,” published by Machina Research. From the introduction:

This White Paper focuses on three hot topics in the TMT space currently: Big Data and the ‘Internet of Things’, both examined through the prism of machine-to-machine communications. We have grouped these concepts together, since Big Data analytics within M2M really only exists within the context of heterogeneous information sources which can be combined for analysis. And, in many ways, the Internet of Things can be defined in those exact same terms: as a network of heterogeneous devices.

The white paper does a good job of exploring the emerging trends of the Internet of Things, potential business opportunities and challenges faced.

As one could expect, “authenticity and security of different kinds of data,” was identified as a big challenge:

Big Data is about “mashing up” data from multiple sources, and delivering significant insights from the data. It is the combination of data from within the enterprise, from openly available data (for example, data made available by government agencies), from data communities, and from social media. And with every different source of data arises the issues of authenticity and security. Machina Research predicts that as a result of the need for data verification, enterprises will have a greater inclination to process internal and open (government) data prior to mashing-up with social media.

The following diagram shows the increase security risk as more data from external sources is collected and analyzed.


This yet another indicator of how Identity and Access Management will be critical in the successful evolution of the Internet of Things.


Enabling Collaboration by with Social BPM

Author: Mark Dixon
Thursday, May 16, 2013
10:15 am



This morning, I was read a recent Oracle White Paper entitled, “Transforming Customer Experience: The Convergence of Social, Mobile and   Business Process Management.”  It gave interesting perspective on the blending of emerging paradigms – mobile and social – with the older discipline of Business Process Management.

To stay ahead in today’s rapidly changing business environment, organizations need agile business processes that allow them to adapt quickly to evolving markets, customer needs, policies, regulations, and business models. … Social and mobile business models have already contributed important new frameworks for collaboration and information sharing in the enterprise. While these technologies are still in a nascent state, BPM and service oriented architecture (SOA) solutions are well established, providing a history of clear and complementary benefits.

The key is effectively leveraging the strengths of existing, proven architectures while taking advantage of new opportunities:

The term “Social BPM” is sometimes used to describe the use of social tools and techniques in business process improvement efforts. Social BPM helps eliminate barriers between decision makers and the people affected by their decisions. These tools facilitate communication that companies can leverage to improve business processes. Social BPM enables collaboration in the context of BPM and adds the richness of modern social communication tools.

… Social BPM increases business value by extracting information from enterprise systems and using it within social networks. Meanwhile, social technologies permit employees to utilize feedback from social networks to improve business processes.

I found one use case presented in the paper to be particularly instructive. As illustrated in the following diagram,

A claims management system assigns a task to an individual claims worker with the expectation that the user will complete the task to advance the process. Of course, to accomplish this type of knowledge-based task, the individual must often engage other people within the business .


However, Social BPM enables the use of social networking tools to extend collaboration beyond the traditional enterprise boundaries, as shown in the following diagram:


Not only can internal knowledge workers use social networking tools to find each other and share information, but also customers can interact with the process at specific steps, using mobile devices, to supply their own information into a business process. For example, a customer involved in an auto accident might upload photos taken with a cell phone into the process via a claims management app provided by the insurance company.

In order to make this all work, participants will need to use both enterprise and social identity credentials. Because they are using mobile devices, the IAM system must accommodate  mobile, social and cloud infrastructures in order to effectively use information.  This is very much in line with the principles set forth in the Gartner Nexus I addressed yesterday.


Gartner: The Nexus of Forces – Social, Mobile, Cloud and Information

Author: Mark Dixon
Wednesday, May 15, 2013
3:58 pm



Today I read a year-old document published by Gartner, entitled, “The Nexus of Forces: Social, Mobile, Cloud and Information.”  It explains the interaction among these market forces better than any single document I have read:

Research over the past several years has identified the independent evolution of four powerful forces: social, mobile, cloud and information. As a result of consumerization and the ubiquity of connected smart devices, people’s behavior has caused a convergence of these forces.

In the Nexus of Forces, information is the context for delivering enhanced social and mobile experiences. Mobile devices are a platform for effective social networking and new ways of work. Social links people to their work and each other in new and unexpected ways. Cloud enables delivery of information and functionality to users and systems. The forces of the Nexus are intertwined to create a user-driven ecosystem of modern computing. (my emphasis added)

Excerpts from Gartner’s treatment of each of these areas include:


Social is one of the most compelling examples of how consumerization drives enterprise IT practices. It’s hard to think of an activity that is more personal than sharing comments, links and recommendations with friends. Nonetheless, enterprises were quick to see the potential benefits. Comments and recommendations don’t have to be among friends about last night’s game or which shoes to buy; they can also be among colleagues about progress of a project or which supplier provides good value. Consumer vendors were even quicker to see the influence — for good or ill — of friends sharing recommendations on what to buy.


Mobile computing is forcing the biggest change to the way people live since the automobile. And like the automotive revolution, there are many secondary impacts. It changes where people can work. It changes how they spend their day. Mass adoption forces new infrastructure. It spawns new businesses. And it threatens the status quo.


Cloud computing represents the glue for all the forces of the Nexus. It is the model for delivery of whatever computing resources are needed and for activities that grow out of such delivery. Without cloud computing, social interactions would have no place to happen at scale, mobile access would fail to be able to connect to a wide variety of data and functions, and information would be still stuck inside internal systems.


Developing a discipline of innovation through information enables organizations to respond to environmental, customer, employee or product changes as they occur. It will enable companies to leap ahead of their competition in operational or business performance.

Gartner’s conclusion offers this challenge:

The combination of pervasive mobility, near-ubiquitous connectivity, industrial compute services, and information access decreases the gap between idea and action. To take advantage of the Nexus of Forces and respond effectively, organizations must face the challenges of modernizing their systems, skills and mind-sets. Organizations that ignore the Nexus of Forces will be displaced by those that can move into the opportunity space more quickly — and the pace is accelerating.

So, what does this mean for Identity and Access Management?  Just a few thoughts:

  1. While “Social Identity” and “Enterprise Identity” are often now considered separately, I expect that there will be a convergence, or at least a close interoperation of, the two areas. The boundaries between work and personal life are being eroded, with work becoming more of an activity and less of a place.  The challenge of enabling and protecting the convergence of social and enterprise identities has huge security and privacy implications. 
  2. We cannot just focus on solving the IAM challenges of premised-based systems.  IAM strategies must accommodate cloud-based and premise-based systems as an integrated whole.  Addressing one without the other ignores the reality of the modern information landscape.
  3. Mobile devices, not desktop systems, comprise the new majority of user information tools. IAM systems must address the fact that a person may have multiple devices and provide uniform means for addressing things like authentication, authorization, entitlement provisioning, etc. for use across a wide variety of devices.
  4. We must improve our abilities to leverage the use of the huge amounts of information generated by mobile/social/cloud platforms, while protecting the privacy of users and the intellectual property rights of enterprises.
  5. Emerging new computing paradigms designed to accommodate these converging forces, such as personal clouds, will require built-in, scalable, secure IAM infrastructure.
  6. The Gartner Nexus doesn’t explicitly address the emergence of the Internet of Things, but IoT fits well within this overall structure.  The scope of IAM must expand to not only address the rapid growth of mobile computing devices, but the bigger virtual explosion of connected devices.

We live in an interesting time. The pace of technological and social change is accelerating. Wrestling with and resolving IAM challenges across this rapidly changing landscape is critical to efforts to not only cope with but leverage new opportunities caused by these transformative forces.


Humanoid Robot in Space

Identity, Space Travel
Author: Mark Dixon
Friday, May 10, 2013
9:22 am


In the NASA photo below, Expedition 35 Flight Engineer Chris Cassidy has a few light moments with the Robonaut 2 in the Destiny Laboratory onboard the Earth-orbiting International Space Station.

Robonaut 2, or R2, is a dexterous humanoid robot built and designed at NASA Johnson Space Center in Houston, Texas. Sent to the International Space Station in 2011 with the intention of aiding astronauts on dangerous tasks and freeing them from some the more mundane work, upgrades to the R2 system continue to produce novel advances in the field of robotics. 

IronMan he isn’t, but it’s fun to see advances in robotic technology. And even robots have identity.



Connected Personal Clouds – Relationships Matter

Identity, Personal Cloud
Author: Mark Dixon
Thursday, May 9, 2013
9:49 pm



Network effect

To me, one of the most compelling parts in Phil Windley’s recent white paper, “Introducing Forever: Personal Cloud Application Architectures,” was the emphasis placed on relationships between personal clouds.  A few statements that intrigued me (emphasis added):

One of the most important features of the Kynetx CloudOS is its built-in support for personal channels. …

Even more so than personal computers, personal clouds are only interesting when they are connected. The connection between two personal clouds—or between a personal cloud and anything else it is connected to is called a personal channel. The network of people and organizations linked via personal channels is called a relationship network. …

Personal channels on an open-standard relationship web can be dramatically more useful to individuals and businesses than ordinary email or Web connections. Forever makes use of personal channels by using them as the conduits over which permissioned access to profile information for the user’s contacts occurs.

I expect that relationships between personal clouds, not the personal clouds themselves, will provide the fuel to ignite and accelerate substantive growth in the use of personal clouds. The “network effect” emerging as an expanding social graph is instantiated in a personal cloud architecture could create a bandwagon of growing adoption.

The question remains … what “killer application” or set of applications built on a personal cloud architecture will trigger such a crescendo?


“Visicalc” of Personal Clouds?

Identity, Personal Cloud
Author: Mark Dixon
Wednesday, May 8, 2013
7:47 am



This morning I read a tweet from Marc Davis that quoted a profound statement from Johannes Ernst:

@Johannes_Ernst: “We do not know yet what will be the ‘VisiCalc’ of Personal Clouds” #IIW #pcloud #personaldata.

I think Johannes hit the nail squarely on its head.  The concept of Personal Clouds is very intriguing, but still in the hobbyist stage.

If I recall correctly, the first time I saw Visicalc demonstrated was on a TRS- 80 machine.  It was crude by today’s standards, but revolutionary in what we could do with it.

Wikipedia quotes Thomas Hormby, who stated: 

VisiCalc … is often considered the application that turned the microcomputer from a hobby for computer enthusiasts into a serious business tool.

What will be the application that turns Personal Clouds into a serious tool and triggers rapid growth? I would hope that universally accepted, personally managed Identity credentials and mobile payments will be early winners, but who knows?


SquareTag Project Report

Author: Mark Dixon
Tuesday, May 7, 2013
10:07 am


About two months ago, I started a small project to see how SquareTags would work on virtual objects like web pages. Subsequent posts are hereherehere and here.  This post summarized what I learned.  Thanks to Phil Windley and his team for encouragement and support.

One by one, I tagged a few web pages I control with a Square Tag and defined an object in my SquareTag personal cloud as illustrated below.



I invited people to scan the tags and send me a Twitter ID or email address so I could respond. I received about 40 responses from nine states in the US, plus four other nations.  Not bad for a little blog way out on the long tail of online information.

Here are some things I learned:

Tagging virtual objects works as well as physical objects (I tagged some physical stuff, too.)

I was able to easily link information in my personal cloud to the virtual objects.  The personal cloud could potentially be a comprehensive repository for all my physical and virtual possessions.

In the cases of Facebook, About.me and Paper.li (the Discovering Identity Paper), the tags are embedded in a .jpg image, so the host site probably doesn’t even know the links exist.

Orange works just as good as black for SquareTags.  I started by using photos of the adhesive SquareTags I purchased, but then created orange tags which encoded the SquareTag URL and code for each tag.

I don’t think QR Codes are broadly used by most people.  I had to explain to several people I know what the codes were and explain what they needed to do to scan a SquareTag.

The user experience presented when someone scanned a SquareTag wasn’t optimized for this experiment.  Only one field was available, so having people uniformly offer both a contact point (Twitter ID or email address) and location didn’t always work.  Sometimes I would receive geo coordinates, but that required that a person opted in to use them.

All in all, it was an enjoyable experiment.  I think I’ll leave the tags in place for awhile, just to see if anyone else responds.  After all, I got one out of the blue yesterday.

Copyright © 2005-2013, Mark G. Dixon. All Rights Reserved.
Powered by WordPress.