I bumped into this Flickr ID Badge recently. A humorous play on the whole ID Badge issue!
It’s an interesting example of a person choosing which Identity attributes
to publicly expose. By the way, you can click on Thomas’ badge to visit his Flickr page.
Tag: Identity
At
a customer meeting yesterday, we were joking that a distinct benefit of implementing
password synchronization was that many trees would be saved because fewer Post-It®
notes would be used to keep multiple user IDs and passwords handy around one’s
computer screen.
But then we thought of the flip side of the equation: Replacing multiple user
credentials with a single User ID and password could arm a devious person
with all he needed to easily wreak havoc on multiple on line systems!
We can only hope that if a person only has to remember one password and one
User ID, he or she will have enough good sense to give up Post-It® notes all together.
Tag: Identity
Today, I tip my hat to my Sun colleagues who made two great announcments possible
during the past week:
In his Information Week article "General
Motors Signs Biggest Java Deal Ever", Darrell Dunn commented that "For
Sun, the GM deal and another with General Electric are signs of a rebound."
Ashlee Vance of The Register wrote, "Sun
pimps GMC’s data center with JES," including a great Scott McNealy
quote, "I love Detroit iron."
In his SearchWebServices.com article "GM
tabs Sun for SOA development," Mike Meehan stated "… the new
agreement will see the automotive giant leverage Sun’s full development and
identity management tools for an SOA built on Java and running on Sun’s Solaris
10 operating system."
I’m relatively new at Sun, but I like what I see. It’s great to be with a company
that thrives on innovation and forges working partnerships with leading companies
to put those innovations to work.
Tag: Identity
I
chuckled at the Catalyst Conference when Mike
Neuenschwander spoke of Steve
Ballmer joining the ranks of the "Identarati" when he shared the
stage with Scott
McNealy to jointly announce a breakthrough in product
interoperability.
After Googling "Identarati"
and finding the only entry to be my blog, I pinged Mike to get his insight into
this new word.
Mike responded, "I think I claimed the identarati were those of us who
make our living in the identity industry–in other words, those of us who are
forced (or compelled) to get this stuff. I’ve thrown the term around BG for
a while. Dan
Blum named his blog after this term, although spelled slightly differently:
identerati.blogspot.com."
I really like the word. It has a bit of style and panache for this crazy industry
laden with all too much technical jargon.
It made me wonder, however — how does one qualify to bear such an exalted
title? Maybe to qualify for lower-case identarati status, one must just work
in the industry. But to attain the lofty status of upper-case Identarati, or
the Identarati Elite, perhaps there are other qualifications.
One might qualify by leading a company that produces a major Identity Conference
– like Jamie
Lewis.
Or speaking at such a conference (John
Loiacono, Nick
Nikols, …)
Or participating in a panel discussion (Sara
Gates, Bob
Blakley, …) Scroll down to see Sara’s bio.
Or leading a company that produces Identity products (Scott
McNealy, Dick Hardt, …)
Or leading a major Identity Management deployment (Phil Blank, Jarrod Jasper,
…) Sorry guys, I couldn’t find your bios.
Or authoring an industry newsletter (Dave
Kearns, …)
Or a blog (Pat Patterson,
The Identity Woman, Timothy
Grayson, …)
Or defining Identity Laws (Kim Cameron)
Or discussing Identity Flaws (Mike
Neuenschwander)
Or sharing a stage with Scott McNealy (Steve
Ballmer)
But I’d like to propose that to be really classified with the Identarati Elite,
one must be listed on the Wizard
of IdM’s LinkedIn
contact list, which reads like a virtual who’s who of the Identity Industry.
Thanks, Don
Bowen, for making it all possible.
p.s. I haven’t even met all these people – but I once shared a stage with Steve
Ballmer!
Tag: Identity
The Identity and Privacy debate reminds me of an old engineer-and-mathematician
joke.
It
seems that an engineer woke up to see a small fire burning in the corner of
his bedroom. He grabbed his fire extinguisher, emptied it on the base of the
flame, observed that the fire was out, breathed a sigh of relief, and went back
to sleep.
A mathematician awoke in a similar situation. Seeing the small fire in the
corner of his room, he carefully considered the fire, contemplated the fire
extinguisher, make some lengthy calculations and proofs, and proclaimed "Aha!"
Then, realizing that mathematics has no practical application, he went back
to sleep.
Most frequently in life and business, we settle for solutions that provide
comfortably practical answers — maybe not as academically pure as our mathematician,
but also not as brutally forceful as our engineer.
At the Catalyst Conference, Bob
Blakley, Chief Scientist for Security and Privacy at IBM, argued that Identity
and Privacy are incompatible. He reasoned that truth in identity information
requires that a measure of personal privacy be forfeited. Conversely, if one
wants to preserve his privacy, he must not be forced to reveal the truth about
his identity. Bob put it this way: "Privacy is the ability to lie about
yourself and get away with it."
So, what has this to do with fire, engineers and mathematicians?
If we take the purely mathematical approach (by the way, Bob’s presentation
was entitled "The Logic of Identity") , we may never built workable
systems. One could argue that since the ideal is unattainable, we shouldn’t
try.
If we take the brute force engineering approach, we would require all people
to forfeit Identity Privacy rights, issue National Identity Cards, tattoo personal
ID numbers on everyone’s foreheads
and proceed to implement secure, efficient online systems.
I fear that too often, politicians tend to favor brute-force methods while
academics favor theoretical approaches. In reality, enterprises and the Internet
needs solutions that just work.
Like most cases, the answer probably lies in the practical middle road. Most
people will probably be content with giving up a little privacy to make online
systems easier to use and reasonably secure. We do it now in the physical world.
We offer up bits of personal information to get drivers licenses or credit cards.
We’re willing to share personal information to get a loan or register a new
car. If we care to travel internationally, we use passports. Even though we
might argue that giving up personal information is a privacy compromise and
security risk, we do it out of practical necessity.
This seems consistent with Mike
Neuenschwander‘s observation at Catalyst that we can achieve security only
at the cost of reducing privacy and efficiency. Jamie
Lewis stated that the desire for privacy both enables and inhibits IdM.
The need for privacy fuels demand for systems to securely and privately manage
identities, but this very need holds people back because the ideal solution
is not yet available.
We haven’t achieved the correct balance yet. As awareness of online privacy
and identity become widespread, the demand for government regulations and correct
business practices increases. In his Catalyst speech, Scott
Blackmer highlighted a Harris-Westin survey published in June 2005 claiming
"59% of people say current laws and business practices to protect privacy
are inadequate." Jamie Lewis states that "The Internet lacks sufficient
identity and security infrastructure" to meet privacy and security demands.
Theoretically, the move toward User-Centric Identity Management looks interesting
as a way for individuals to manage their own balance between privacy and Identity. However,
from a practical viewpoint, I wonder whether enough people will take the time
and initiative to take control of their own identities, even if the technology
infrastructure evolves to allow it.
Most of my work is done where the rubber
hits the road in Identity Management deployments. Down in the trenches,
we are all about practical, implementable, reliable systems. I’ll be interested
to see how real-life solutions emerge to solve the tension between Privacy and
Identity. Will the solutions be brute force, more purely academic, or, as I
predict, of the more practical, compromise variety?
Tag: Identity
Privacy: "a:the quality or state of being apart from company or observation:
SECLUSION b:freedom from unauthorized intrusion <one’s right to privacy>"
In his Network World article today,
Dave Kearns drew attention to a blog by
Timothy Grayson
reviewing a new Canadian court ruling "that inclusion of marketing materials
in a statement to a client/customer constitutes ‘secondary marketing’ and is
a privacy breach." Wow! So my bank’s stuffing an advertising flier inside
the envelope that delivers my bank statement is an attack on my privacy? I hadn’t
thought of it that way. I suppose I’ve considered the flier to be a waste of
paper and ink as I threw it in the garbage without glancing at what it said,
but I hadn’t considered that my privacy was being compromised.
Somehow,
this made me think of high school math class. In the hippie culture of the 1960’s,
it was popular to advocate a "tune in, drop out" culture. My high
school math teacher, Mr. Kissler, teetered on the edge of that philosophy. During
one "math class" he told of a young runaway girl he befriended. She
was convinced that she wanted to drop out of normal society and live off the
land – at least until Mr. Kissler demonstrated how to kill, skin and butcher
cuddly bunny rabbits for food.
Now doesn’t that make you want to sell your house and move to the rain forest?
My advice for someone who doesn’t want to endure the bloody reality of animals
being killed for food — don’t expect to live off the land. Advice for people
who don’t want fliers in their bank statements? Change banks or stuff your money
in a mattress. Drop out of connected society.
I find it interesting that the first of
Merriam-Webster’s definitions of privacy
suggests "Seclusion" as a synonym for "Privacy." To the
extent one chooses seclusion from society as a lifestyle and becomes cut off
from interaction with other humans and institutions, he or she can achieve true
privacy. For centures, hermits have withdrawn from society and lived in caves.
Become a virtual hermit if you wish. But please don’t expect complete freedom
from unauthorized intrusion (the second definition) if you choose to receive
bank statements, use the Internet or function as a non-hermit in the
Participation Age. Throw those pesky instrusive fliers in the trash and get on with life.
Tag: Identity
Sara Gates made an interesting observation during a panel discussion at the recent
Catalyst Conference. She said she didn’t use seat belts until the government
mandated seat belt use. She compared this to enterprises delaying good business
practices (such as Identity Management) until government regulations forced
compliance. Others on the panel, including Prakash Ramamurthy of Oracle and
Frank Auger of Novell, quickly agreed.
Perhaps we can look at it another way, with all due respect to people like
Sara who delayed seat belt use:
Enlighted
business leaders choose good business practices because of inherent advantages
in cost containment, efficiency and revenue generation, just like enlighted
drivers use seat belts because of inherent safety benefits. We often call such
enlighted leaders "bellwethers" or "early adopters." Mediocre business leaders follow
their lead only when forced to by external market pressures or, as Sara suggests,
by government edict.
Government
leaders, in all their benevolent wisdom, attempt to compensate for poor performance
by creating regulations to protect citizens from themselves and from poor business
practices. Therefore, the prevalence of recent government regulations like the
Sarbanes-Oxley act are the direct result of poor business leadership, just like
seat belt laws are the result of citizen apathy towards safety.
Can we therefore thank the apathetic and mediocre for the recent growth in the Identity Management market?
Tag: Identity
Robin Wilton recently
expressed his disdain for the concept of an "authorized signature"
on the back of an airline frequent flyer program card. He observed that saying
"Authorised Signature" in that context carries about as much weight
as a label declaring "Authentic Peanut Butter."
Recently,
I tried to pay for dinner with my credit card at a little restaurant in Panguitch,
Utah. My signature had rubbed off the back of the card. I offered my drivers
license as proof that I really am the correct Mark Dixon, but the nice lady
said she really didn’t want to accept a credit card without a signature. So
I asked to use her pen. I signed the card; she accepted it. What more could
I ask!
How’s that for an "authorized signature?"
P.S. The only thing I know about authentic peanut butter is that I really like it
crunchy.
Tag: Identity
Federation: "a union of organizations"
(Merriam
Webster Online)
Today’s topic is not nearly so fun as yesterday’s,
but perhaps more practical. But I pose more questions than I can yet answer.
It was evident from the recent Catalyst Conference that Federated Identity
is a topic whose time has come. It is clear that customers want this stuff.
Products are maturing to match previous hype. But some big questions remain:
Can enterprises and other organizations effectively implement federation technology
to unify disparate organizations, as the dictionary definition suggests? Who
will solve the business issues concerning organizational interaction?
First – we see the demand: Sun is currently working with a
major US company who purchased licenses for Sun’s Access Manager product with
the intent to replace a vendor’s SSO product. However, since that original purchase,
their focus has switched to using the product to enable federated SSO with business
partners, reasoning that customers and partners, not employees, generate new
revenue. Federation enables that new revenue creation.
We see other customers, who offer services from themselves and partners through
online portals, anxious to implemented federated SSO to give their customers
a better user experience. This is directly in line with the conference address
entitled "Uniting the Universe: Identity Management Enables the Participation
Age," by John
Loiacono, Sun’s Executive Vice President of Software. John claimed that
"Federated technology enables aligning participants for rapid growth and
infinite scale."
Dave Temoshok from the US General Services Administration reported that the
federation infrastructure being architected by GSA "addresses Trust, Interoperable
Technology and Business Relationships." He observed that a federated architecture
may enable better citizen interaction with the federal government without assembling
a single master Identity repository that many fear and loathe.
Second – technology is maturing: The featured technology
demonstration at the conference was focused on
Federated Interoperability. Twelve
vendors enthusiatically demonstrated how they could interoperate with others
using a variety of federation protocols.
Dan Blum
of the Burton Group observed that on the federation standards front, Liberty/SAML
is making the most progress now, but Microsoft and IBM, champions of the WS*
suite of protocols, are progressing slowly. However, we should "beware
of the tortoise overtaking the hare." The interoperability demonstration
at the conference, echoing the sentiments of the Sun and Microsoft interoperability
work, showed that federated services can exist, even in a multi-protocol
world.
Sun’s decision to offer basic single-domain SSO capability to the open source
community sends the message that basic SSO is old stuff, that the future is
with federation. John Loiacono stated that "OpenSSO changes the conversation
from plumbing to innovation."
Third – the gotcha: Despite all the good hype about federation,
Brook Schoenfield of Cisco warned that "trust establishment is a currently
a manual process that must be in place before web services interaction."
Trust is an essential element of any federated business relationship. As I observed
in a recent blog entry,
"Trust between enterprises is a prerequisite to establishing federated
exchange of Identity Information."
An overriding theme in the Catalyst Conference was that business issues are
more important than technology in effectively implementing an Identity Management
strategy. So it is with Federated Identity. In order to make the advances in
federated technology effective, organizations must learn how to easily put in
place the legal agreements and business cultures that support federated business
operations. Brook Schoenfeld went on to propose that automated methods for trust
establishment may be part of the solution to this issue.
Regardless of the methods, it would seem to me that Organizational
Behavior theory addressing the interactions between organizations will be
as important as technical federation expertise in acclerating the effective
implementation of Federated Identity. Perhaps the science of Social
Networks will apply. I just hope that you OB experts out there, where ever
you are, can connect your thoughts with all the federation techies to solve
these real-world business challenges. Any ideas?
Tag: Identity
The
hospitality suites at Catalyst were great. More food than one could possibly
east and great desserts! Plus – everyone gave away some little device or photo
or trinket in hopes we would all remember their wares.
My kids love it when I come home from a conference or trade show. We all got
a chuckle at the photos of me hanging from the Novell helicopter and posing
with a live parrot on my shoulder.
One son particularly enjoyed the 4-way USB
hub I brought home from one suite.
Another son loved the little FM radio on legs. My daughter liked the stubby pen with its carabiner key chain. My wife
seemed to like Sun’s own martini glass with the pulsating blue light in its
stem — at least she hasn’t thrown it away yet!
But my favorite? Hands down
– the random Shakespearean insult kit from Bridgestream.
If only I had been equipped with this in my high school literature class!
It took only a few minutes to tear apart all the little magnetic insulting
adjectives and nouns and place them on our refrigerator door. But I find myself
spending a more than a few more minutes now and then, adjusting the words into
pleasantly-diabolical insults. Perhaps you can think of people to match the
phrases I constructed – people whose Identity attributes would be enhanced by such pithy words.
It
all reminded me of a a wild and crazy guy I worked with in the early 1980’s.
A brilliant software developer and ardent investigator of "zero-point
energy," Moray King even played drums in a jazz band at his own wedding.
What a great guy to work with! He told us of a random insult generator he devised
while attending the University of Pennsylvania. This was back in the days when
8 inch floppy disks held 16K bytes of information and a Nova minicomputer with
32K of magnetic core memory was hot stuff, if you can remember that long ago.
Moray had assembled lists of insulting adjectives and nouns – maybe not as
flowery as the Bridgestream set, but effective still the same. His user interface
program would randomly post a selection from each list on the menu
screen. Of course, it was all in fun until a professor surprised Moray by bringing
in a group of women to tour the computer lab. Before Moray could make any alterations,
a rather plump middle-aged lady sat down and tapped the keyboard. "Hello,
you obese harlot, what would you like to do?"
was the quick and unfortunate reply!
Moray survived that dubious event and actually graduated from the university.
And later while we worked together, he resurrected the random insult generator
– using a Data General Eclipse computer on a major US air base. But this time,
he was careful. By toggling one front panel switch on the computer, he could
easily turn off the insults when the top brass dropped by for a demonstration!
I’m not recommending that Microsoft build such a function into the next version
of Windows or even that you should actually repeat these high-brow insults to
co-workers you detest. Just smile serenely the next time you see an unchin-snouted
weather-bitten foot-licker, and think Shakespearean
thoughts.
Tag: Identity