May I ask for your assistance, please? I am working to compile a prioritized list of the most important trends in the Digital Identity marketplace. Would you please review the following list (purposely not in priority order) and offer your comments about which ones you believe will have the greatest economic or social impact in the next 3-5 years? Please feel free to add your own, cross some off the list or otherwise critique what I have posted. Any input would be appreciated.

1. User centric identity is growing in prominence for both consumer and enterprise applications
2. Customer-focused commerce models including VRM are growing in prominence
3. Identity functionality is increasingly delivered as sets of services, rather than monolithic applications
4. Autonomous organizations offering Identity services, both within and outside the enterprise, are becoming more prominent
5. More template-driven rapid implementation methods are being used to reduce Identity Management implementation time
6. Identity federation is increasingly implemented on a broad scale
7. Business processes are increasingly engineered to integrate Identity from the start, rather than attaching Identity after the fact
8. The scope of Identity Management strategies will increasingly expand beyond operating systems, applications, directories and databases to integrate network access control and physical access control
9. Digital Identity methods will increasingly be used by governments to track citizens and enable e-government applications
10. Customers will increasingly demand strong integration among various components in Identity product and service suites
11. Standards-based interoperability among multiple products from different will be increasingly demanded by customers
12. Physical or virtual consolidation of customer Identities will increasingly enable vendors to have a single view of their customers

Thanks for your help. I’ll publish an analysis of what I receive in a future article

Technorati Tags: Identity,
Digital Identity,
Identity Management

My colleague Terry Sigle is preparing what should be a very interesting article that “looks at the technical and social issues around privacy … not just electronic privacy or privacy on the Internet.”

Privacy — that is one loaded word! For example …I just read in USA Today that “The Bush Administration said Wednesday that it will allow an independent court to oversee its controversial surveillance program in which the National Security Agency has electronically eavesdropped on Americans and other without obtaining court warrants.”

Well, Duh! I thought that was what the Constitution stipulated in the first place – controls and balances that protect our rights. (And I’m a Republican!)

Here’s my challenge: Please support Terry’s effort to prepare this article by posting your comments on his blog. If we all cooperate to get a broad sampling of insight and thought, Terry’s article could be a pivotal participatory work. Please reach out and ask your friends … and their friends …

I’m off now to post my privacy thoughts on Terry’s blog. See you there!

Technorati Tags: Identity,
Privacy

I recently got a glimpse into how a major e-commerce company considers Identity to be a core competency essential to the success of its business. Recognizing Identity to be a critical success factor for its business has caused this company to create a fairly autonomous organization named Identity Services which is responsible for providing “secure, scalable, low-latency Identity Services” to enable buyers, merchants and developers to implement innovative business models. The organization has been challenged to push its envelope of capability to be “faster, more globally distributed and more flexible,” matching the business objectives of the company.

This is significant in a number of ways:

1. Identity is an essential, core enabler of online business. Identity must not be an afterthought, a necessary evil, or a function forced by government regulation. It is more properly recognized as a key business enabler. The modern business paradigm of delivering highly personalized service to individual consumers demands that Identity is at the core of the business process.
2. Identity can provide a competitive advantage. Properly delivered Identity services can enable enhanced user experience while securely protecting confidential data, thus increasing feelings of trust and customer satisfaction. Companies that leverage these factors will have a competitive edge in the online marketplace.
3. Identity strategy must be tightly aligned with business strategy. As a critical enabler of business sucess, Identity services must evolve in harmony with business objectives. For example, global business initiatives will demand global Identity infrastructure. New business models may demand new Identity services. Large business scale will require commensurate Identity services scale.
4. Identity should be delivered as an integrated set of web services. When Identity is a core business function, services such as authentication, authorization, personal preference and federated relationships should be services accessible to every business application, whether such applications are provided by the enterprise or by its business partners.
5. Identity services must be highly available with very low latency. Identity services in an online environment are mission critical. Like we depend on five-nines availability for telephone dialtone and very low latency for telephone call connection, we should expect Identity services to be virtually always available with mimimal impact on the duration of a business transaction.

This is just one example of how modern enterprises are seeking to leverage Identity to enable business success. But I think this company’s model will succeed. It recognizes Identity as a fundamental business asset and Identity Management as an enabler of success. That rings true to me.

PS. How do you represent e-commerce in a picture? I really don’t know, but liked the photo from the Penn State website.

Technorati Tags: Identity,
Digital Identity,
Identity Management

My post about VRM elicited an interesting response that demonstrates how vendors must respond quickly to customers in this new “Customer Centric” paradigm.

James McGovern challenged, “OK, if customers should manage vendors, what should this customer be doing to get the folks at Sun to start not just embracing open standards but to implement them in their products. This customer would like to see Sun do something with OpenID and XACML.”

We at Sun like this kind of input from customers. So, I immediately forewarded James’ request to our director of Identity product management, who responded, “Always good to hear from the customer. So what does he want us to do with OpenID and XACML? Does he have real use cases that he thinks would be solved by us embracing these standards?”

James, the ball is in your court. Could you please share with us the use cases where you want to leverage those standards?

Isn’t this Participation Age interchange great?

Technorati Tags: Identity,
Digital Identity,
Identity Management,
VRM,
OpenID,
XACML

No. I didn’t coin that phrase. Neither did Scott McNealy or Jonathan Schwartz. This phrase is a subtitle on an interesting blog, The Social Customer Manifesto, authored by Christopher Carfi, co-founder of Cerado, Inc.

I was intrigued first by Christopher’s commentary here and here on the emerging VRM movement. Then I was caught by the title and subtitle of his blog.

First, the main title: “The Social Customer Manifesto.” This sounds a bit militant, but rings true. Consumers in the participation age have the access to information that puts them in control. We individually can choose what we buy – when, where and how. Declaring independence from the chains of big, bad, oppressive vendors seems like a logical conclusion when consumers are armed with information and the means to exploit it.

Second, the subtitle: “There are no spectators anymore. Participate.” This is more a challenge than a current reality. Some may choose not to participate, but they will be doomed to languish on the sidelines of a changing world.

Technorati Tags: Identity,
Digital Identity,
Identity Management,
Participation Age,
VRM

I learned about a new term / new movement this week – Vendor Relationship Management. Think of it as the polar opposite of Customer Relationship Management.

I always questioned the CRM term. How could a company think they managed their relationship with me? Certainly they could influence, or cajole, or offer, or goad, or even threaten – but manage?

VRM seems to recognize that reality, and proposes that customers should manage vendors, not the other way around.

I first learned about this by reading Doc Searls‘ blog. Doc is leading Project VRM within the Berkman Center for Internet and Society at Harvard University. The VRM concept grew out of work by Doc and many others around the topic of “user-centric identity”.

Technorati Tags: Identity,
Digital Identity,
Identity Management,
VRM

I often joke that my colleague Rakesh Radhakrishnan believes in “Identity-enabled Everything” because of his passionate, prolific treatment of how to leverage Identity Management for the benefit of the communications industry. But yesterday, I heard Jonathan Schwartz propose Identity enabling something I had not thought of and Rakesh hasn’t yet written about.

Jonathan was discussing how the intersection of Sun’s Server, Storage, Software and Services business units produces remarkable opportunities. To illustrate, he recalled Sun’s recent announcement of Device-Level Encryption on the Sun StorageTek T10000 Tape Drive.

If data on a tape is encrypted, it must be decrypted to be used. Decryption implies authentication and authorization, which should be part of a cohesive Identity Management system.

This is yet another example of how Identity Management is not only an essential function whenever we consider secure, personalized information services, but is an enabler to new, innovative business opportunities.

Technorati Tags: Identity,
Digital Identity,
Identity Management,
Sun Microsystems,
Encryption

Today I had two distinct Participation Age Epiphanies (PAE) – three if you count me coining that term as I thought about these interesting experiences today.

PAE #2 happened when Jonathan Schwartz, king of Sun’s bloggers, was addressing a group of about 40 people – mostly Accenture employees gathered for training within the context of the Sun/Accenture Identity-enabled SOA initiative. Before he discussed one topic, he warned us, “I don’t want any of you to discuss this outside this room, or blog about it. Then, pointing to me on the front row, he said, “And I know you blog.”

Think about it — I have never met Jonathan Schwartz personally. We have never spoken on the telephone, or exchanged email. I am about five rungs beneath him on the Sun organization chart. But he knew I blogged, and recognized me from the photo on my blog!

PAE #1 had happened an hour earlier, but I didn’t think much about it until Jonathan recognized me. When I first entered the conference room, I sat next to an Accenture employee and introduced myself. “I know you,” he exclaimed, “We connected on LinkedIn yesterday!”

Sure enough! Brian Hoffman and I had participated on a few conference calls together several months ago, while he was an employee of a different company, but we only really connected when he read my blog and invited me connect via LinkedIn.

The Participation Age really is about people participating in cyberspace, collapsing distance and organization charts in the process.

Technorati Tags:
Identity
Digital Identity
Identity Management
Participation Age,
Blog,
Accenture,
Sun Microsystems,
Jonathan Schwartz,
Brian Hoffman

On November 29, 2006, Oracle announced “an open initiative, the Identity Governance Framework (IGF), designed to help organizations better govern and protect sensitive identity-related employee, customer and partner information as it flows across heterogeneous applications. Leading identity vendors including CA, Layer 7 Technologies, Novell, Ping Identity, Securent and Sun Microsystems, Inc. have reviewed a draft of the Framework and plan to work with Oracle to develop full specifications.”

Don Bowen, Director of Identity Integration at Sun Microsystems, commented “The direction which the Identity Governance Framework is heading is positive, Sun supports its submission to a standards body and thinks the Liberty Alliance may be best, as it is a natural and essential evolution of the work already done within that organization.”

Being able to leverage open standards to share Identity information across a heterogenous IT environment should be positive for our customers. It’s good to see major players in the Identity Management market cooperate in this initiative.

Technorati Tags: Identity,
Digital Identity,
Identity Management,
Sun Microsystems,
Oracle

Almost a year ago, on December 22, 2005, I reported that Sun’s CTO Greg Papadopoulos proposed a strong authentication method using a mobile phone as a physical security token.

I recently learned that an application using a mobile phone equipped with a SIM card for strong authentication won the SESAMES IT Security award at the CARTES exhibition in Paris last month.

“SIM Strong Authentication, winner of the SESAMES IT Security category, leverages the ubiquity of SIM-equipped mobile devices to provide secure access to online content and services. A user with a valid Identity Provider account and SIM-enabled mobile phone can easily and securely log on to a host of online services such as e-commerce, online banking, corporate network access, or IP Telephony. The service can also provide SIM authentication via SMS messages, simplifying the end user experience and broadening the potential market.

“The architecture is based on a multi-vendor environment featuring SMS-enabled SIM cards from Gemalto. Authentication is performed through a Telenor Identity Provider (IDP) server based on Sun Microsystems Access Manager in collaboration with a Lucent Technologies VitalAAA server communicating with a Home Location Register (HLR) via an Ulticom Signalware SS7/IP MAP Authentication Gateway.”

The SIM Strong Authentication application was featured in the Gemalto booth at the CARTES 2006 exhibition in Paris, 7-9 November, 2006.

I don’t know if Greg influenced the Gemalto project, but Sun’s Access Manager product played a key role in making it all work. Isn’t it great to see creative ideas in action?

Technorati Tags: Identity,
Digital Identity,
Identity Management,
Sun Microsystems,
Access Manager,
SIM,
Gemalto,
SESAMES,
Telenor