Last night, we gathered at a local restaurant to celebrate birthdays for my wife, my son Dave and my daughter Holly. With input from all of us, my wife made a framed collage for David entitled, “100 things we love about David.” It featured over 100 words and phrases that remind us of Dave and endear him to us.

Being the Identity guy that I am, it occured to me that each of these words or phrases was an element of his Identity and could be categorized within the Identity Map. Some items were pet names, others referred to his characteristics, relationships, roles, experiences and certainly, his reputation.

By the way, Rosa’s Mexican Grill serves the best green corn tamales I have ever tasted!

Tags: Identity
Digital Identity
Identity Management
Identity Map

Aldo Casteneda interviewed me yesterday about my work with Identity Management at Sun Microsystems and about my blog, particularly discussing the Identity Map and Identity Relationships. He posted the interview today.

Thanks, Aldo for allowing me this opportunity. This was my first experience on the speaking end of a podcast. I’m now listening to what I said. Kind of weird, actually – especially listening to my hoarse voice (recovering from bronchitis). I hope you find the chat worthwhile.

I just discovered that Eric Norlin mentiond the podcast. Thanks, Eric.

Tags: Identity
Digital Identity
Identity Management
Sun Microsystems
Aldo Casteneda
Eric Norlin

Earlier today, I griped a bit about the challenges of handling all the online accounts I have. I was speaking then from the perspective of a consumer of goods and services. Since then, I’ve tried to think from the perspective of an enterprise that provides goods and services to consumers. The motivations for enterprises to implement Universal Personal Identity as part of the infrastructure they use to serve consumers is really not much different – it is just seen from the other direction.

I think the objectives from an enterprise point of view are these:

1. Simplify. Make it really easy for my customers to do business with me.
2. Protect. Make sure my customers feel safe. Make sure my information is secure.
3. Grow. Scale up very big, very fast.
4. Reduce costs. Drive the cost per customer way down.

One of Dave Kearn’s New Year’s Resolutions for the Identity industry is “tying together these two seemingly disparate worlds of identity,” referring to the Enterprise View of Identity and the User-Centric View of Identity. Perhaps a good start in meeting Dave’s challenge is to understand how convergent the objectives are. Then we can work on the technology to make it happen.

Dave has recommended that the Higgins Framework may “be the beginning of the system that ties together the world of top-down, enterprise-created-and-maintained identity systems with the bottom-up, user-centric identity systems that are springing up all over the place.”

By the way, Dave, I wish I could access your newsletter on the web as soon as it drops into my email box. Then I could do a better job of linking to you!

Tags: Identity
Digital Identity
Identity Management
Dave Kearns
Higgins

At last count, I have over 380 online accounts for some service or the other. Many of these were set up as I was investigating new concepts or services, but a large number are in various levels of active use. What a pain!

I’m not sure Universal Personal Identity (UPI) is the right term for a solution to this problem, but it describes the concept.

Several organizations are trying to solve the problem – with popular focus on User-Centric Identity. For example, SixApart calls their TypeKey a “central identity.” An i-name is described as a one form of an eXtensible Resource Identifier (XRI). NetMesh calls their Light-Weight Identity (LID) a “personal digital identity.” Kim Cameron’s Laws of Identity describe a “Universal Identity System” that uses “digital identities.” Sxip Identity uses the term Globally Unique Persona Identifier (GUPI), which is a unique identifier issued by the Sxip Network Rootsite that identifies a persona.

Whatever we call it, I think at least three criteria must be satisfied for a UPI to work for me:

It needs to be:

1. Easy to use. It must simplify my life, not complicate it.
2. Secure. It must protect my private information, making me less vulnerable to identity theft or other exploitation of my personal information.
3. Ubiquitous. It needs to be adopted by enough online sites to be meaningful – analogous to use of a Visa card for financial transactions. I can use my Visa card almost every place I want to buy something. Use of a standardized UPI needs to be that widespread.

As our industry seeks answers, I’ll hobble along like the rest of you.

Tags: Identity
Digital Identity
Identity Management
TypeKey
SixApart
i-name
NetMesh
LID
Laws of Identity
Sxip

Dennis Brewer made some insightful statements in his article “Making the most of the extended SOX deadline” on SearchSecurity.com. He said:

“In their haste to become compliant, organizations often apply bandage solutions to their IT infrastructure. Unfortunately, this approach may leave your organization supporting costly legacy hardware and older software applications that do not provide competitive advantages and may need to be replaced as compliance requirements increase.”

” … Essentially all compliance criteria points to a principle of IT control granularity that is capable of linking any one person or digital identity to any single piece of data; or the converse, to deny access rights to all others. Group and role access control models still present value, but only for data access where fixing individual responsibility is irrelevant.” (my italics)

” …Replacing dated programs and using modern database applications that interact well with LDAP directories and interface with identity management and identity provisioning technology may be the only path to compliance over the long run.”

Tags: Identity
Digital Identity
Identity Management
SOX
Compliance

Yesterday, I attended a kickoff meeting for another Sun Identity Manager implementation project. Such events are always exciting to me – a new start, lots of enthusiasm and optimism, great expectations.

Eighteen people attended the kickoff meeting – ten gathered around a big conference table and another eight via telephone. Of the eighteen, only three will put fingers on keyboards to configure the Identity Manager software. The rest held other roles – information security, network engineering, facilities, systems administration, project management – the list goes on. And these were just IT people, not representatives of the user community.

This illustrates a fact of life in the Identity Management world – it takes more than software to implement an effective Identity Management system. These systems are not conveniently isolated islands of functionality. They have many touch points in many parts of an organization. Skillful coordination of many disciplines is necessary for successful deployment.

Lessons learned? May I suggest two:

1. Accept the fact that Identity Management projects are inherently complex. This is not because the software to be implemented is complex, but that Identity is at the core of how a business is operated. Many people will use the system. Many disciplines must be involved in making it work.

2. Don’t skimp on dynamic project leadership. Projects like this, with many stakeholders and inter-disciplinary coordination, demand strong communications skills and relentless, proactive attention to detail.

Tags: Identity
Digital Identity
Identity Management
Project Management

People who think more deeply than I have made many predictions about Identity Management in the coming year. I offer but one prediction.

I believe that 2006 will bring new methods for more easily implementing Identity Management solutions. Why?

1. Customers demand it.
2. Vendors need it
3. Both are giving it attention.

Identity Management solutions are inherently complex, primarily because they touch so many people and systems. However, best practices for Identity Management solutions beg for enterprises to bite off Identity solutions in small chunks, rather than trying to eat the proverbial elephant in one big gulp. Concentrating on small, standardized solutions will help simplify and streamline deployment. As both vendors and customers focus on that reality, new methods for implementation will emerge.

Tags: Identity
Digital Identity
Identity Management

I enjoyed reading Radovan Semancik’s Identity Predictions for 2006 and beyond.

In addressing the topic of strong authentication, Radovan predicted broad acceptance: “we will eventually buy SecurID tokens in hypermarkets.”

It will be interesting to see how prophetic he really is!

Tags: Identity
Digital Identity
Identity Management

Interesting article about an integrated Identity RFID Smart Card used at the Veltins Arena in Germany. The Smart Card is used for parking, admissions and concessions: “You drive to the stadium and scan your card to open the parking gate. You park your car and walk to the gate closest to your seats. You scan yourself in. Before you go to your seat, you buy a couple hot dogs and a beer. To pay for the food, you scan your card again. Money is deducted from your debit account.”

Tags: Identity
Digital Identity
Identity Management
SmartCard
RFID
Veltins Arena

According to a CNN news clip yesterday, “2005 saw the most computer security breaches ever, subjecting millions of Americans to potential identity fraud … The Treasury Department says that cyber crime has now outgrown illegal drug sales in annual proceeds, netting an estimated $105 billion in 2004.”

This underscores the need for strong, effective, Identity Management as part of the overall battle against cyber crime..

Tags: Identity
Digital Identity
Identity Management