[Log In] []

Exploring the science and magic of Identity and Access Management

Never let a problem to be solved, become more important than a person to be loved. — Thomas S. Monson

Friday, April 18, 2014

Diagram: Identity is the New Perimeter

Identity, Information Security
Author: Mark Dixon
Wednesday, May 22, 2013
7:39 am

Buffer

I like the diagram Mark O’Neill of Vordel put in a recent post, “Identity is the New Perimeter.” That phrase has been floating around for some time, but I think this diagram illustrates the concept in the simplest, clearest way I have seen:

IdentityIsTheNewPerimeter

The article does a good job of describing this new way of looking at security.  As Mark mentioned in the post, Bill Gates once said, “security should be based on policy, not topology.”

 

#IoT, Big Data and Authenticity

Identity, Information Security, Internet of Things
Author: Mark Dixon
Tuesday, May 21, 2013
8:41 pm

Buffer

Today, I read an interesting white paper, “Big Data in M2M: Tipping Points and Subnets of Things,” published by Machina Research. From the introduction:

This White Paper focuses on three hot topics in the TMT space currently: Big Data and the ‘Internet of Things’, both examined through the prism of machine-to-machine communications. We have grouped these concepts together, since Big Data analytics within M2M really only exists within the context of heterogeneous information sources which can be combined for analysis. And, in many ways, the Internet of Things can be defined in those exact same terms: as a network of heterogeneous devices.

The white paper does a good job of exploring the emerging trends of the Internet of Things, potential business opportunities and challenges faced.

As one could expect, “authenticity and security of different kinds of data,” was identified as a big challenge:

Big Data is about “mashing up” data from multiple sources, and delivering significant insights from the data. It is the combination of data from within the enterprise, from openly available data (for example, data made available by government agencies), from data communities, and from social media. And with every different source of data arises the issues of authenticity and security. Machina Research predicts that as a result of the need for data verification, enterprises will have a greater inclination to process internal and open (government) data prior to mashing-up with social media.

The following diagram shows the increase security risk as more data from external sources is collected and analyzed.

Machina

This yet another indicator of how Identity and Access Management will be critical in the successful evolution of the Internet of Things.

 

Enabling Collaboration by with Social BPM

Identity
Author: Mark Dixon
Thursday, May 16, 2013
10:15 am

Buffer

Collaborate

This morning, I was read a recent Oracle White Paper entitled, “Transforming Customer Experience: The Convergence of Social, Mobile and   Business Process Management.”  It gave interesting perspective on the blending of emerging paradigms – mobile and social – with the older discipline of Business Process Management.

To stay ahead in today’s rapidly changing business environment, organizations need agile business processes that allow them to adapt quickly to evolving markets, customer needs, policies, regulations, and business models. … Social and mobile business models have already contributed important new frameworks for collaboration and information sharing in the enterprise. While these technologies are still in a nascent state, BPM and service oriented architecture (SOA) solutions are well established, providing a history of clear and complementary benefits.

The key is effectively leveraging the strengths of existing, proven architectures while taking advantage of new opportunities:

The term “Social BPM” is sometimes used to describe the use of social tools and techniques in business process improvement efforts. Social BPM helps eliminate barriers between decision makers and the people affected by their decisions. These tools facilitate communication that companies can leverage to improve business processes. Social BPM enables collaboration in the context of BPM and adds the richness of modern social communication tools.

… Social BPM increases business value by extracting information from enterprise systems and using it within social networks. Meanwhile, social technologies permit employees to utilize feedback from social networks to improve business processes.

I found one use case presented in the paper to be particularly instructive. As illustrated in the following diagram,

A claims management system assigns a task to an individual claims worker with the expectation that the user will complete the task to advance the process. Of course, to accomplish this type of knowledge-based task, the individual must often engage other people within the business .

Bpm1

However, Social BPM enables the use of social networking tools to extend collaboration beyond the traditional enterprise boundaries, as shown in the following diagram:

Bpm2

Not only can internal knowledge workers use social networking tools to find each other and share information, but also customers can interact with the process at specific steps, using mobile devices, to supply their own information into a business process. For example, a customer involved in an auto accident might upload photos taken with a cell phone into the process via a claims management app provided by the insurance company.

In order to make this all work, participants will need to use both enterprise and social identity credentials. Because they are using mobile devices, the IAM system must accommodate  mobile, social and cloud infrastructures in order to effectively use information.  This is very much in line with the principles set forth in the Gartner Nexus I addressed yesterday.

 

Gartner: The Nexus of Forces – Social, Mobile, Cloud and Information

Identity
Author: Mark Dixon
Wednesday, May 15, 2013
3:58 pm

Buffer

GartnerNexus

Today I read a year-old document published by Gartner, entitled, “The Nexus of Forces: Social, Mobile, Cloud and Information.”  It explains the interaction among these market forces better than any single document I have read:

Research over the past several years has identified the independent evolution of four powerful forces: social, mobile, cloud and information. As a result of consumerization and the ubiquity of connected smart devices, people’s behavior has caused a convergence of these forces.

In the Nexus of Forces, information is the context for delivering enhanced social and mobile experiences. Mobile devices are a platform for effective social networking and new ways of work. Social links people to their work and each other in new and unexpected ways. Cloud enables delivery of information and functionality to users and systems. The forces of the Nexus are intertwined to create a user-driven ecosystem of modern computing. (my emphasis added)

Excerpts from Gartner’s treatment of each of these areas include:

Social

Social is one of the most compelling examples of how consumerization drives enterprise IT practices. It’s hard to think of an activity that is more personal than sharing comments, links and recommendations with friends. Nonetheless, enterprises were quick to see the potential benefits. Comments and recommendations don’t have to be among friends about last night’s game or which shoes to buy; they can also be among colleagues about progress of a project or which supplier provides good value. Consumer vendors were even quicker to see the influence — for good or ill — of friends sharing recommendations on what to buy.

Mobile

Mobile computing is forcing the biggest change to the way people live since the automobile. And like the automotive revolution, there are many secondary impacts. It changes where people can work. It changes how they spend their day. Mass adoption forces new infrastructure. It spawns new businesses. And it threatens the status quo.

Cloud

Cloud computing represents the glue for all the forces of the Nexus. It is the model for delivery of whatever computing resources are needed and for activities that grow out of such delivery. Without cloud computing, social interactions would have no place to happen at scale, mobile access would fail to be able to connect to a wide variety of data and functions, and information would be still stuck inside internal systems.

Information

Developing a discipline of innovation through information enables organizations to respond to environmental, customer, employee or product changes as they occur. It will enable companies to leap ahead of their competition in operational or business performance.

Gartner’s conclusion offers this challenge:

The combination of pervasive mobility, near-ubiquitous connectivity, industrial compute services, and information access decreases the gap between idea and action. To take advantage of the Nexus of Forces and respond effectively, organizations must face the challenges of modernizing their systems, skills and mind-sets. Organizations that ignore the Nexus of Forces will be displaced by those that can move into the opportunity space more quickly — and the pace is accelerating.

So, what does this mean for Identity and Access Management?  Just a few thoughts:

  1. While “Social Identity” and “Enterprise Identity” are often now considered separately, I expect that there will be a convergence, or at least a close interoperation of, the two areas. The boundaries between work and personal life are being eroded, with work becoming more of an activity and less of a place.  The challenge of enabling and protecting the convergence of social and enterprise identities has huge security and privacy implications. 
  2. We cannot just focus on solving the IAM challenges of premised-based systems.  IAM strategies must accommodate cloud-based and premise-based systems as an integrated whole.  Addressing one without the other ignores the reality of the modern information landscape.
  3. Mobile devices, not desktop systems, comprise the new majority of user information tools. IAM systems must address the fact that a person may have multiple devices and provide uniform means for addressing things like authentication, authorization, entitlement provisioning, etc. for use across a wide variety of devices.
  4. We must improve our abilities to leverage the use of the huge amounts of information generated by mobile/social/cloud platforms, while protecting the privacy of users and the intellectual property rights of enterprises.
  5. Emerging new computing paradigms designed to accommodate these converging forces, such as personal clouds, will require built-in, scalable, secure IAM infrastructure.
  6. The Gartner Nexus doesn’t explicitly address the emergence of the Internet of Things, but IoT fits well within this overall structure.  The scope of IAM must expand to not only address the rapid growth of mobile computing devices, but the bigger virtual explosion of connected devices.

We live in an interesting time. The pace of technological and social change is accelerating. Wrestling with and resolving IAM challenges across this rapidly changing landscape is critical to efforts to not only cope with but leverage new opportunities caused by these transformative forces.

 

Humanoid Robot in Space

Identity, Space Travel
Author: Mark Dixon
Friday, May 10, 2013
9:22 am

Buffer

In the NASA photo below, Expedition 35 Flight Engineer Chris Cassidy has a few light moments with the Robonaut 2 in the Destiny Laboratory onboard the Earth-orbiting International Space Station.

Robonaut 2, or R2, is a dexterous humanoid robot built and designed at NASA Johnson Space Center in Houston, Texas. Sent to the International Space Station in 2011 with the intention of aiding astronauts on dangerous tasks and freeing them from some the more mundane work, upgrades to the R2 system continue to produce novel advances in the field of robotics. 

IronMan he isn’t, but it’s fun to see advances in robotic technology. And even robots have identity.

NASArobot

 

Connected Personal Clouds – Relationships Matter

Identity, Personal Cloud
Author: Mark Dixon
Thursday, May 9, 2013
9:49 pm

Buffer

 

Network effect

To me, one of the most compelling parts in Phil Windley’s recent white paper, “Introducing Forever: Personal Cloud Application Architectures,” was the emphasis placed on relationships between personal clouds.  A few statements that intrigued me (emphasis added):

One of the most important features of the Kynetx CloudOS is its built-in support for personal channels. …

Even more so than personal computers, personal clouds are only interesting when they are connected. The connection between two personal clouds—or between a personal cloud and anything else it is connected to is called a personal channel. The network of people and organizations linked via personal channels is called a relationship network. …

Personal channels on an open-standard relationship web can be dramatically more useful to individuals and businesses than ordinary email or Web connections. Forever makes use of personal channels by using them as the conduits over which permissioned access to profile information for the user’s contacts occurs.

I expect that relationships between personal clouds, not the personal clouds themselves, will provide the fuel to ignite and accelerate substantive growth in the use of personal clouds. The “network effect” emerging as an expanding social graph is instantiated in a personal cloud architecture could create a bandwagon of growing adoption.

The question remains … what “killer application” or set of applications built on a personal cloud architecture will trigger such a crescendo?

 

“Visicalc” of Personal Clouds?

Identity, Personal Cloud
Author: Mark Dixon
Wednesday, May 8, 2013
7:47 am

Buffer

Visicalc

This morning I read a tweet from Marc Davis that quoted a profound statement from Johannes Ernst:

@Johannes_Ernst: “We do not know yet what will be the ‘VisiCalc’ of Personal Clouds” #IIW #pcloud #personaldata.

I think Johannes hit the nail squarely on its head.  The concept of Personal Clouds is very intriguing, but still in the hobbyist stage.

If I recall correctly, the first time I saw Visicalc demonstrated was on a TRS- 80 machine.  It was crude by today’s standards, but revolutionary in what we could do with it.

Wikipedia quotes Thomas Hormby, who stated: 

VisiCalc … is often considered the application that turned the microcomputer from a hobby for computer enthusiasts into a serious business tool.

What will be the application that turns Personal Clouds into a serious tool and triggers rapid growth? I would hope that universally accepted, personally managed Identity credentials and mobile payments will be early winners, but who knows?

 

SquareTag Project Report

Identity
Author: Mark Dixon
Tuesday, May 7, 2013
10:07 am

Buffer

About two months ago, I started a small project to see how SquareTags would work on virtual objects like web pages. Subsequent posts are hereherehere and here.  This post summarized what I learned.  Thanks to Phil Windley and his team for encouragement and support.

One by one, I tagged a few web pages I control with a Square Tag and defined an object in my SquareTag personal cloud as illustrated below.

SquareTagReport

 

I invited people to scan the tags and send me a Twitter ID or email address so I could respond. I received about 40 responses from nine states in the US, plus four other nations.  Not bad for a little blog way out on the long tail of online information.

Here are some things I learned:

Tagging virtual objects works as well as physical objects (I tagged some physical stuff, too.)

I was able to easily link information in my personal cloud to the virtual objects.  The personal cloud could potentially be a comprehensive repository for all my physical and virtual possessions.

In the cases of Facebook, About.me and Paper.li (the Discovering Identity Paper), the tags are embedded in a .jpg image, so the host site probably doesn’t even know the links exist.

Orange works just as good as black for SquareTags.  I started by using photos of the adhesive SquareTags I purchased, but then created orange tags which encoded the SquareTag URL and code for each tag.

I don’t think QR Codes are broadly used by most people.  I had to explain to several people I know what the codes were and explain what they needed to do to scan a SquareTag.

The user experience presented when someone scanned a SquareTag wasn’t optimized for this experiment.  Only one field was available, so having people uniformly offer both a contact point (Twitter ID or email address) and location didn’t always work.  Sometimes I would receive geo coordinates, but that required that a person opted in to use them.

All in all, it was an enjoyable experiment.  I think I’ll leave the tags in place for awhile, just to see if anyone else responds.  After all, I got one out of the blue yesterday.

 

Core Identities and Personal Data Stores

Identity, Privacy
Author: Mark Dixon
Friday, May 3, 2013
12:23 pm

Buffer

MIT

I just finished reading an intriguing white paper, “Towards a Trustworthy Digital Infrastructure for Core Identities and Personal Data Stores,” written by Thomas HardjonoDazza Greenwood, and Alex (Sandy) Pentland, all associated with MIT.  I was particularly interested to see how much detail has been built around this concept of Core Identities since Dazza Greenwood and I discussed it several years ago, while I was employed by Sun Microsystems.

The paper proposes …

At the heart of digital identities is the concept of the core identity of an individual, which inalienably belongs to that individual. The core identity serves as the root from which emerge other forms of digital derived identities (called personas) that are practically useful and are legally enforced in digital transactions.

… and goes on to explore:

potential business models for Core Identity service providers and Persona providers (specializing in personalization, privacy and preferences services for a unified user experience across many sites and systems)

The paper then ties the concept of Core Identities and Personas to the MIT Open Personal Data Store (Open PDS) initiative:

The OpenPDS is an open-source Personal Data Store (PDS) enabling the user to collect, store, and give access to their data while protecting their privacy. Users can install and operate their own PDS, or alternatively users can operate an OpenPDS instance in a hosted environment.

We use the term “dynamic” here to denote that fact that the PDS does not only contain static data but also incorporates the ability to perform computations based on policy and is user-managed or user-driven. In a sense, the OpenPDS can be considered a small and portable Trusted Compute Unit belonging to an individual.

The paper concludes by emphasizing these four concepts:

  1. An infrastructure to support the establishment and use of core identities and personas is needed in order to provide equitable access to data and resources on the Internet.
  2. Personas are needed which are legally bound to core identifiers belonging to the individual. We see personas as a means to achieve individual privacy through the use of derived identifiers.
  3. the privacy preserving features of core identities and personas fully satisfy the data privacy requirements of Personal Data Stores as defined by the MIT OpenPDS project. The ability for an individual to own and control his or her personal data through deployment of a PDS represents a key requirement for the future of the digital commerce on Internet.
  4. We believe the MIT OpenPDS design allows for a new breed of providers to emerge who will support consumer privacy, while at the same time allow the consumer to optionally partake in various data mining and exploration schemes in a privacy-preserving manner.

This sounds like OpenPDS is very much in line with the Personal Cloud concept.  Perhaps the MIT work with Core Identities, Personas and Open Personal Data Systems will help shorten the time before we can take advantage of real, working Personal Clouds. 

 

Hobbyist Computing and Personal Clouds

Cloud Computing, Identity
Author: Mark Dixon
Thursday, May 2, 2013
7:50 am

Buffer

Telephonedial

One of the benefits of growing old is the historical perspective offered by advancing age. I have been privileged to be an active participant as the computer industry has literally unfolded before my eyes.  

The first computer I saw demonstrated, back in 1970, was built by a hobbyist, using flip flops constructed out of discrete transistors and a numeric  Nixie tube display. The input device?  A rotary phone dial.  As an electronics hobbyist myself, I was fascinated by the blinking lights, even though the contraption really wasn’t very useful as an end user device.

Fast forward a few years … As part of my first engineering job, I built my first personal computer in 1978, predating the IBM PC by three years.  It was based on the Texas Instruments 9900 microprocessor, one of the first 16-bit microprocessors. I designed and built the color graphics display board and modified a Sony Trinitron TV to be the color monitor. I had to design and debug the circuitry, work with others to design the chassis and circuit boards and solder in all the chips.  I used an original Soroc terminal and Epson TX-80 dot matrix printer.  The computer had a rudimentary operating system and simple text editor.  I thought I was in heaven!  For a geek like me, I had both the joy of experimentation and emerging productivity for my work.

My next big step forward was getting one of the original Compaq luggable PCs - complete with two 256k 5-1/4 inch floppy drives (no hard drive). It was a great step forward in packaging, but the real benefit was the software - WordPerfect word processor and Lotus123 spreadsheet.  My productivity really accelerated.  And I didn’t have to build anything. (By the way, I still have that computer!)

Of course, the MacBook Air I use now is almost infinitely more capable than the those old relics.  We have come a long way.

What does this have to do with Personal Clouds? I somehow get the feeling we are still in the hobbyist phase.  A lot of blinking lights and personal tinkering and vision of the future, but not a lot of real utility and tangible benefits.

Don’t get me wrong – I really like the concept of personal clouds.  I like the promise of  better privacy, better personal control over my information, easier to use Identity and payments infrastructure and unifying functionality in a virtual container in the cloud. I salute those who are working to transform vision into reality.

But at this time in my life, I tend to be impatient. I want my MacBook Air when all that is available is Nixie tubes and rotary phone dials.   I’d like to see the next Apple emerge or some stodgy old IBM-like company leverage their market presence and offer Personal Cloud infrastructure that is really easy to use and really useful to old fogies like me.

Who will it be?

 

 
 
 
 
 
Copyright © 2005-2013, Mark G. Dixon. All Rights Reserved.
Powered by WordPress.