Much was said at the Catalyst Conference about Trust. For example, trust between
enterprises is a prerequisite to establishing federated exchange of Identity
Information. Internet users must trust enterprises to protect private information.
Enterprises authenticate user credentials before a user is trusted to access
to online resources. Indeed, a trusting relationship between parties is the
foundation of any online interaction.

A Trusted Third
Party (TTP) is an interesting example of establishing trust relationships.
Dick Hardt of Sxip
Identity pointed out that our drivers licenses largely work as Identity
credentials because a trusted third party – the Motor Vehicle Division – has verified the authenticity of a person’s identity
and has issued on official, widely-accepted token of that authenticity, the
license itself. People trust a drivers license identity
authentication because people trust that the Motor Vehicle Division did its
job well. Interestingly enough, the MVD relies on another trusted TTP, the government
department which issues birth certificates, to establish citizenship and birthdates.

This model is evident in the Sxip
Identity model, where a Home Site is a TTP which can vouch for a person’s
credentials to a Member Site on the Internet. The Home Site receives validations
about user Identity from additional TTPs (e.g. government department for birth
data, university for transcript data).

I asked Dick what type of organization could be a Home Site TTP in this model.
He suggested that because banks already have relationships
of trust with their customers, they might be ideal candidates for maintaining
Home Sites. It is quite natural to think of depositing one’s Identity into a
virtual safe deposit box at a bank. The depositor could then selectively authorize
copies of Identity information from his or her safe deposit box to be sent other
Internet sites for authentication and authorization purposes.

Brook Schoenfield of Cisco proposed at the Catalyst Conference an infrastructure
for automated trust establishment between enterprises, using a TTP to vouch
for enterprise credentials, modeled after the credit card infrastructure.

It stands to reason in our inherently un-trustworthy world, that TTPs are essential
to establish trust-based relationships. However, while acknowledging that TTPs
are valuable, Nick Szabo states
that TTPs are security holes: "The invocation or assumption in a security
protocol design of a "trusted third party" (TTP) or a "trusted
computing base" (TCB) controlled by a third party constitutes the introduction
of a security hole into that design. The security hole will then need to be
plugged by other means."

A credit card company, acting as a TTP in a seller/buyer transaction, plugs
the security hole of credit card fraud by essentially indemnifying buyers against
fraud. For example, a Visa representative called to inform me that a person
had purchased $1800 worth of pharmaceuticals on my credit card number for shipment
to a Nigerian address. They backed out the charges and changed my card number
when I confirmed the fraud. A hole was detected; the hole was plugged. Such
actions lead to a widespread feeling of trust between credit card holders issuers.

I presume that TTPs of the sort proposed by Dick Hardt and Brook Schoenfield
will emerge when there is commercial impetus for companies to act as TTPs and
the TTPs can demonstrate sufficient good will and hole-plugging actions to maintain
and grow their status as entities worth of trust.

In closing, may I Trust that you will send me your comments? 🙂

Tag: Identity

In my recent blog, I listed “Relationships” as a major theme addressed during the Catalyst conference. In the art and science of Identity Management, relationships between Identities are what deliver business value. Perhaps the monikor for our industry should be Identity Relationship Management.

In the discipline of database design, Entity Relationship diagrams are used to diagram database schemas. In a database, neither entity nor relationship is complete without the other. It is the definition of relationship between data elements that adds value- hence the pervasive utility of the relational database.

A simple “Identity Relationship Diagram” (my term) helps to illustrate the concept. Identities are shown in boxes; relationships are shown as arrows.

If we think of why Identity Management has business value, the value of Relationships become apparent. When a user is granted login privileges to a resource (e.g. application, system), relationships are brought into play on at least three levels:

1. A governance relationship between one or more administrative authorities and the resource
2. An administrative relationship between such authorizing parties and the user to whom privileges are granted
3. The granted relationship between the user and the resource

At the Catalyst conference, Randall Gamby of the Burton Group observed that “workflow deals with relationships  between people.” Indeed, automated workflow processes are used to implement the first two relationships listed above.

In a real sense, such workflow processes constitute the business policy governing the third relationship. In his Catalyst conference presentation, Ken Weiss of Charles Schwab commented that “policies define how Identities are permitted to access resources.”

Of course, this is just a simple example. Many more Identity Relationships can be easily listed – consumer to vendor, reader to news source, participant to online community, to name a few. Value accrues to each party in such relationships after access is granted and relationships are consumated. Establishing trust, authenticating identities, authorizing access and enabling exchange of information, goods and services are all part of consumating such relationships. Identity Management is at the heart of establishing such secure relationships. Jarrod Jasper of GM observed at Catalyst: “”How long does it take to enable a desired relationship so someone can get to work?” Perhaps I could paraphrase further: “How long does it take to enable the exchange of value between Identites?”

The understanding of Identity Relationships helps us to understand the business value that accrues when Identity Management is implemented. As I discussed with Nick Nikols of the Burton Group at the Catalyst Conference, the tools to manage Identities are becoming mature and productive, but tools to manage relationships should become more complete as the Identity Management market continues to advance.

In the mean time, I’ll ponder some more on how to use IRD’s (Identity Relationship Diagrams). I think better in pictures.

Tag: Identity

When
I stepped into the Sxip hospitality suite at the Catalyst Conference last Thursday,
a nice young lady stuck a label on my shirt bearing the hand-written exclamation,
"I Know Dick!" It was a clever marketing trick; several people in
other hospitality suites asked about it.

I don’t know Dick well, but I am impressed. Dick
Hardt is the founder and CEO of Sxip Identity
(pronounced ‘Skip’), a startup company focused on the "vision of a simple,
secure and open identity network that enables individuals to create and manage
their online digital identities." I admire both Dick’s vision and his drive
to bring interesting technology to market.

Dick’s presentation at Catalyst was hands-down the most entertaining of the
entire conference. He used a rapid-fire presentation style with only one or
two words on each slide. The presentation was laced with both humor and insight,
clearly describing the issues surrounding user-centric Identity for the Internet
and proposing specific solutions — all leading to what Dick termed "Identity
2.0."

In
the Sxip hospitality suite I met Dick personally. As I ate ice cream, Dick showed
me a simple flow diagram where "a user can securely store personal information
at a Homesite and control the release of that information to other web sites,
called Membersites, that request the information when the user clicks a Sxip
button at the Membersite." This puts the Internet user, not large, suspicious
companies, in charge of the user’s Identity.

I
look forward to monitoring the progress of Sxip, to see how this little upstart
company will play in enabling user-centric Identity for the Internet. In the
mean time, I pause now and then to thank Dick for being an early investor in
Flickr, one of my favorite
websites. Check out his photos.

Tag: Identity

My blog entries for the three days of the recent Catalyst 2005 conference simply
recorded individual items that impressed me from each speaker in the sessions
I attended. Today, I will briefly describe five themes that seemed to be emphasized
consistently throughout the conference. For each theme, a few observations from
conference speakers have been listed. Comments attributed to speakers in the
conference are mostly my paraphrasing of their actual comments.

Identity Management Involves Relationships

We in the Identity Management world spend much time focusing on the management
of individual Identities. We store Identities in directories, we manage "Virtual
Identities," we provision systems with Identity attributes. However,
it is the relationship between Identities and other things that really matters.
The tools to manage relationships are not as mature as the tools to manage
Identities, but should become more complete in the future.

Mike Neuenschwander, Burton Group: "Relation"
is a core ingredient to distributed systems. Identity isn’t about
the end points—it’s about the relationship … Enduring systems
account for multiple views by focusing on relationships.

Jamie Lewis, Burton Group: "Its the relationships,
stupid!" ID services facilitate and coordinate relationships and interaction."

Jarrod Jasper, GM: Identity Managements helps answer the
question, "How long does it take to enable a desired relationship so
someone can get to work?"

John Loiacono, Sun: Identity Management will drive Participation
by enabling relationships

Randall Gamby, Burton Group: Workflow deals with relationships
between people

Dave Temoshok, GSA: IDM Federation Core Infrastructure
addresses Trust, Interoperable Technology and Business Relationships/Governance

Business Issues are More Important than Technology Issues

Being from a technology company, it is easy to get caught up in the role
technology plays in the resolution of Identity Management issues. However,
we must not forget that technology is a tool to solve business problems. As
Identity Management software matures, it becomes clearer that business issues
are paramount.

Jamie Lewis, Burton Group: Architects must understand
larger context where business, technology combine. Identity Management is
80% politics and business, 20% technology.

Mike Neuenschwander, Burton Group: Architecting identity
systems requires an understanding of more than its constituent technologies

Phil Blank, ADP: We should talk business process and business
value of Identity Management to business owners.

Compliance is the Most Critical Identity Management Driver

In the current business environment, compliance with government regulations
is the most important business driver. In most major enterprises, compliance
is now recognized as a stand-alone budget line item. This simplifies justification
of Identity Management systems, which are crucial to meeting compliance demands.
Government regulations are forcing enterprises to focus on business improvement
processes which should be healthy for business in the long run, even though
compliance is requiring heavy new investment.

Sara Gates, Sun Microsystems: Audit and compliance can
become an enabler for new business opportunities

Frank Auger, Novell: Compliance forces a sense of urgency,
which can force a healthy long term systemic approach.

Prakash Ramamurthy, Oracle: Compliance is now a budget
line item

Doug Simmons, Burton Group: Deployment strategy will be
influenced as much by regulatory issues as return-on-investment priorities

Identity Management as a Risk Management Tool

Enterprises must effectively deal with the ever-increasing threat of automated
intrusion from the outside and ethical compromise from the inside. Identity
Management must be an integral part of information security strategy, which
is largely an exercise in Risk Management.

Jamie Lewis, Burton Group: Risk Management is one of the
top five Identity Management Drivers

Scott Blackmer: The old worry was Big Brother. The
new worry is lots of Little Brothers – sharing data, losing data.

Dan Blum, Burton Group: We must raise the bar of software security so as
to reduce risk

Identity Services should be an Integral Part of Service Oriented Architectures

Service Oriented Architectures (SOA) are emerging to support business agility
and enable rapid change. Identity Management must be an integral part of such
architectures. All applications and systems must be Identity-enabled to ensure
security and regulatory compliance. Therefore, Identity functionality should
be delivered as Identity services within the SOA context.

Mike Neuenschwander, Burton Group: Service-oriented architecture
for Identity is a better approach than suites

Nick Nikols, Burton Group: Identity services are the set
of services that enable applications and other services to fully leverage
identity information … Identity services will facilitate the consumption
of identity by applications and services

Ken Weiss, Charles Schwab: Every resource, every application,
must be identity-enabled

Ann Thomas Manes, Burton Group: Use Identity-based security
throughout service oriented architectures

 

Tag: Identity

This morning’s sessions are "cross
cut" sessions – spanning multiple tracks. I attended the Application Security
session.

Dan
Blum, Senior VP, Group Research Director, Burton Group – Application
Security Strategies: Aligning Developer Needs and Security Imperatives

• Services Oriented Architectures, which are more than Web Services, should
  be good for application security, becase SOA’s require disciplined governance.
• Use a systematic, comprehensive approach to application security.

Ann
Thomas Manes, VP, Research Director, Burton Group – Security
in an SOA World

• The goal of SOA is to increase business agility and keep up with business
  change.
• SOA is more than web services. SOA may be implemented using web services,
  but governance is paramount.
• SOA is more about behavior than technology
• SOA will have a challenging adoption path for any enterprise
• Use Identity-based security throughout

Brook Schoenfield, Senior Security Architect Cisco Systems,
Inc. – From Web Services to Service Oriented Architectures

• Trust establishment is a currently a manual process that must be in place
  before web services interaction
• Trust establishment is currently blocking the promise of web services
• He proposed automation of trust establishment between enterprises, using
  a trusted third party, modeled after the credit card infrastructure.

Nick
Nikols, Analyst, Burton Group – Leveraging Identity for Application
Security

• Identity management is becoming a basis for improving application security
• Identity services will facilitate the consumption of identity by applications
  and services
• The value of Identity increases with broader integration

Diana
Kelley, Senior Analyst, Burton Group – Application Security:
Everybody’s Problem

• Security awareness and methods must be an integral part of the entire Software
  Development Life Cycle
• Build security into applications using both process and technology
• Robust software begins with well defined requirements and thoughtful design
• Take a realistic, process based approach to software quality

Arthur Mateo, Founder and VP of Products, Service Integrity – SOA Transparency
Facilitates Security & Regulatory Compliance

• SOA promises agility and adaptability
• Transparent SOA Fastest Way to Compliance
• Need to see, understand and act in real-time for SOA Transparency
• Monitoring services should be an integral part of SOA

Note: A computer malfunction that occured during the
conference prevented me from posting this blog entry until Tuesday, July 19th.

Tag: Identity

Day Two at the Catalyst Conference also provided a wealth of insight from a
number of interesting speakers. Several of the sessions today had more depth
than the ones we heard yesterday.

Mike
Neuenschwander,
Associate Research Director, Burton Group – Episode
III, Identity Management Markets and Architecture: Evolution and Innovation

• Identity management is the set of business processes, and a supporting infrastructure,
  for the creation, maintenance, and use of digital identities in online spaces
• “Relation” is a core ingredient to distributed systems. Identity
  isn’t about the end points—it’s about the relationship
• "Identarati" – those involved with Identity
• Cross-domain sign-on is a big winner this year.
• Service-oriented architecture (SOA) a better approach than suites

Nick
Nikols, Analyst, Burton Group – Identity Services and the Identity
Access Layer

• Growing IdM requirements are straining current capabilities, requiring multiple
  and dynamic views of identity information and more complex relationships between
  identities and other objects
• Distributed identity services becomes the new goal
• Identity services are the set of services that enable applications and other
  services to fully leverage identity information

Ken Weiss, Charles Schwab & Co., Using Web Services
to Manage Identity and Access

• The perimeter has vanished
• Every resource, every application, must be identity-enabled
• No substitute for a consistently applied opaque unique identifier
• Really, really know your requirements
• Policies define how Identities are permitted to access resources

Doug
Simmons, Principal Consultant, Burton Group – Provisioning
Implementation: Setting Realistic Expectations

• Deployment strategy will be influenced as much by regulatory issues as return-on-investment
  priorities
• Help end users become productive immediately. Focus on Day 1 productivity.
• Establish a three-year architecture. Implement in bite-sized chunks.

Gerry
Gebel, Senior Analyst, Burton Group – The Big Challenge: Standardizing
Policy While Maintaining Semantic Intent

• Focusing on policy for security enforcement in IdM systems, including authorization,
  privacy enforcement, and personalization
• Momentum is growing for the adoption of XACML among broad vendor base
• WSPolicy framework is maturing slowly, but is starting to appear in products
• "Entitlement engine" products are emerging to manage policy

Dan
Blum, Senior VP, Group Research Director, Burton Group – Federation
in the Identity Infrastructure

• Federated identity management solves real problems today, enables Web services,
  and constitutes the future of the identity management market
• Business interoperability issues are lagging technology interoperability
• On the standards front, Liberty/SAML is making most progress now, but Microsoft
  and IBM (WS*) are slowly progressing. Beware of the tortoise overtaking the
  hare.

Dave Temoshok, Director, Identity Policy and Management GSA
Office of Governmentwide Policy – Government Adoption of Federated Identity

• The Government needs the capability to authenticate millions of citizens,
  businesses, and governmental entities without issuing a standard, national
  ID
• GSA is directed to provide common authentication infrastructure for all
  Federal E-Gov business applications and E-access control.
• IDM Federation Core Infrastructure addresses Trust, Interoperable Technology
  and Business Relationships/Governance
• If there is to be no central registry of personal information, attributes,
  or authorization privileges – a decentralized approach means federation.

Jamie
Lewis, CEO, Burton Group – User-Centrism Meets Polycentrism:
Creating Identity Infrastructure for the Internet

• The Internet lacks sufficient identity, security infrastructure
• Customer awareness of privacy, identity is rising
• "Its the relationships, stupid." ID services facilitate, coordinate
  relationships, interaction
• Identity systems that work for a financial services company will not work
  for social software and vice versa
• Ultimately, systems will mesh, creating a fabric that will allow systems
  user-centric, enterprise, government systems to interact using common standards

John Shewchuk, CTO Distributed Systems, Microsoft, Microsoft’s
Digital Identity Strategy

• Users should be in control.
• Each user should make decisions about relationships he or she has.
• Kim Cameron’s 7 Laws of Identity provide a set of axioms to describe how
  Identity systems should work
• InfoCard is Microsoft’s proposal for an Identity infrastructure that complies
  with the 7 Laws to replace the ill-fated Passport
• WS* is a comprehensive framework of "Identity standards" to enable
  web services.

Dick Hardt, CEO, Sxip
– Identity 2.0

• The Identity industry is currently at version 1.0, requiring centralized
  Identity Management.
• Federated Identity will be provide Identity version 1.5
• User Centric Identity, properly implemented, will be Identity 2.0.
• Trusted third parties are required to validate Identities

Bob Blakley, Chief Scientist, Security and Privacy, IBM, The
Logic of Identity

• Identity and privacy are not technical problems
• Security and Privacy are naturally at odds with each other

Roundtable Discussion: User-Centric Identity Management:
Federating the Individual? (Participants — Stefan
Brands, President, Credentica; Kim
Cameron, Identity Architect, Microsoft; Paul Trevithick,
Co-Founder, SocialPhysics.org.;

Bob Blakley, Chief Scientist, Security and Privacy,
IBM; moderated, sort of, by Jamie
Lewis, CEO, Burton Group.)

• I was disappointed in this roundtable discussion. What could have been an
  enlightening discussion about the real life issues facing user-centric identity
  was little more than a very high level conversation of esoteric issues that
  may apply in the distant future. I was able to get more insight into the real
  issues facing user-centric identity management by spending 5 minutes with
  Dick Hart in the Sxip hospitality suite than by listening to 30 minutes of
  this group.

Note: A computer malfunction that occured during the
conference prevented me from posting this blog entry until Tuesday, July 19th.

Tag: Identity

The weather is great in San Diego. I took an early morning walk along the pier near
the

Manchester Grand Hyatt where the conference is being held. One of the large
yachts moored at the pier was from Scottsdale, Arizona. I had to ask myself,
"Why is a yacht from the desert of Arizona being moored in San Diego?"
Perhaps the question should have been, "How in the world can a yacht be
based in the desert of Arizona?" Anyway, it’s pleasant to be in the relatively
cool weather of San Diego while Arizona experiences heat of 110+ degrees.

In the blog entry for each day of the conference, I’ll point out highlights
I liked from each speaker in the track I attended (Identity and Privacy Track).

• Identity
  management (IdM) is a strategic business issue. It is a crucial part of the
  distributed infrastructure "interoperable fabric" necessary to support
  new ways of creating economic value. Similarly, IdM is a crucial part of the
  fabric necessary to support new media for social interaction outside the enterprise.
• Architects
  must understand larger context where business, technology combine. Identity
  Management is 80% politics and business, 20% technology.
• Identity coalesces into services as Service Oriented Architectures
  (SOAs) reach critical mass.

Mike
Neuenschwander, Associate Research
Director, Burton Group – Taking a Holistic Approach to Identity and Privacy
in the Enterprise

• Architecting identity systems requires an understanding of more than its
  constituent technologies
• Enduring systems account for multiple views by focus on relationship
• The goal of Identity Management is to establish an enabling infrastructure.
  It is a means, not an end.

Scott Blackmer,
Attorney at Law – Information Compliance

• Enterprises must shoulder a greater and greater burden of compliance, due
  to government regulation in response to information security and privacy threats.
• There are considerable inefficiencies aand overhead to deal with threats
  from the dishonest and evil people.
• The old worry was Big Brother. The new worry is lots of Little Brothers
  – sharing data, losing data.

Jarrod Jasper, Chief Identity Management
Architect, General Motors – GM Identity Management

• Identity Managements helps answer the question, "How
  long does it take to enable a desired relationship so someone can get to work?"
• Initial charter for their Identity Management strategy:
  "To enable users to easily and consistently access enterprise information
  and systems."
• Focus on enabling the business to execute business decisions efficiently
• Get repeatable results by leveraging standards.

John
Loiacono, Executive Vice President, Software, Sun Microsystems
– Uniting the Universe: Identity Management Enables the Participation Age

• The .com era was a proof of concept- a forerunner of the Participation Era
• Identity Management will drive Participation by enabling
  relationships
• Sun Removes Barriers to Participation by establishing Open Identity
• Federation align participants for rapid growth and infinite scale
• Open SSO will provide source code
  for basic identity services including Authentication, Single-domain SSO, and
  Web and J2EE agents.

Phil Blank, Vice president, Information
Technology, ADP – Discovering The True You

• The Identity Management Solution implemented by ADP (using the Waveset Lighthouse
  product) reduced risk, provided a complete view of each user’s identity and
  enabled efficient, automated operations.
• The ease of SOX audits was a serendipitous benefit that came with the system.
• We should talk business process and business value of Identity Management
  to business owners.

Nick
Nikols, Analyst, Burton Group – IT Governance and its Effectiveness
within IdM Programs

• A pragmatic approach toward governance leads to success
• IdM governance is about managing the IdM lifecycle
• Establish Identity Management Governence through a decision-making body
  that spans constituencies
• Establish clear metrics for measuring effectiveness

Kevin
Kampman, Practice Manager and Senior Consultant, Burton Group –
Reality of Roles: Practical Role Engineering

• User rigor and discipline in defining a role architecture
• Roles are the intersection of responsibilties, privileges and context
• Don’t put roles on the critical path of an Identity Management project

Randall
Gamby, Principal Consultant, Burton Group – The Value of Business
Process and Workflow in the Lifecycle of Identity Management

• Processes and governance are more important than technology
• In reality, Identity Management is an integration of applications, process
  and technology
• Workflow deals with relationships between people

Edmund Yee, Identity Management Architect, Chevron – Implementing
Stronger Identity at Chevron

• Number One problem that drove Identity Management: Password Management
• Take time to define rules and processes
• Build identical test and production systems

Roundable – Compliance and Identity Management

• Sara Gates, VP, Identity Management, Sun Microsystems
  • Good behavior can be forced by regulation, even for common sense things
    (such as wearing a seat belt)
  • Auditors are now at the table influencing IdM decisions.
  • Audit and compliance can become an enabler for new business opportunities
• Frank Auger, VP, Product Management, Identity-Driven Products,
  Novell
  • Compliance forces a sense of urgency, which can force a healthy long
    term systemic approach.
  • Enterprises may achieve compliance at the expense of competitiveness
    and agility unless they implement systems to support the compliance effort.
• Prakash Ramamurthy, VP, Security and Identity Products,
  Oracle
  • Compliance is doing things right every day – fixing business process.
  • Compliance is now a budget line item
• Cindy Sterling, Director, Identity Management, BMC Software
  • Federation is still very young.
  • The impact of compliance on federation is not known.

Note: A computer malfunction that occured during the
conference prevented me from posting this blog entry until Tuesday, July 19th.

Tag: Identity

Management of the Identity Management implementation process is as crucial to the success of an Identity Management system as the technology underpinnings selected for the task. My work focuses more on implementation than technology. Therefore, in cooperation with colleagues in the Sun Identity Management practice, we have identified Ten Best Practices for Identity Management Implementation. We recommend these as broad guidelines on how to approach and execute Identity Management projects. We welcome your suggestions and criticism.

1. Set Strategy – A cohesive Identity Management strategy will set overall objectives and give guidance to individual projects or project phases.
2. Secure Sponsorship – Project sponsors must have a vested interest in the business objectives of the project, have spending and decision making authority, and retain a cross-functional view of the project.
3. Plan Quick Wins – By segmenting the overall solution into manageable parts, an organization can realize quick, visible business benefits.
4. Select Project Leadership – Full-time, proactive project management is essential to the implementation of an identity management strategy.
5. Define Business Process – Organizations should define as many of the end-state business processes as possible prior to designing the technology solution.
6. Select Implementation Team – Identity projects should be staffed with qualified, experienced, motivated, and dedicated resources.
7. Gain Commitment from Supporting Resources – Owners and administrators of managed resources throughout the larger organization must also be committed to identity management success.
8. Provide Proper Infrastructure – Investing in the proper technical environment for an Identity Mananagement project will ultimately pay off in reduced errors, more effective troubleshooting,and more efficient coordination of configuration components.
9. Assure Data Quality – Project managers should build time and resources into their project plans for an assessment of data quality and for remediation of any deficiencies.
10. Conduct Post Production Turnover – Following a formal process for post production turnover allows all parties to set proper expectations for ongoing support.

Each of these Best Practices will be addressed in upcoming blogs. Stay tuned for more.

Tag: Identity

“Setting a goal is imagining where you want to be at a particular time, and then, from that future vantage point, looking back to where you are now and answering the question, ‘How can I get from where I am now to where I want to be?’” – Royden G. Derrick.

Strategy: An elaborate and systematic plan of action.

Tactic: An expedient for achieving a goal; a maneuver.

I heard of a company yesterday that had launched competing Identity Management projects. Two different project teams. Two different technologies. Neither team knew about the other.

Does this sound like the company had “an elaborate and systematic plan of action?” Or does this sound like two factions of the same company were conducting little “maneuvers” to gain political advantage?

Too often, enterprises launch identity management projects tactically, rather than stepping back and determining a course of action that would solve enterprise-wide issues. Such short-sighted actions can lead to confusion, unnecessary expense and delay of beneficial results.

A cohesive Identity Management strategy should be prepared to give guidance to the individual projects or project phases that will be executed within the strategy. Different components of the strategy (e.g. user provisioning, password management, access control, directory consolidation) will then be seen as supporting elements to a unified scheme, rather than isolated projects.

The strategy should clearly state what is to be achieved, in measurable terms, so progress can be demonstrated as the strategy is implemented. Without this cohesive overall view, individual projects may not integrate well with each other, sponsorship can be fragmented and expensive re-work may be required later on.

It will be interesting to see how the competing tactics are resolved in the company I mentioned. It is more interesting, and certainly more fruitful, to watch companies who set strategy first and achieve results by executing meaningful tactics within that strategic framework.

Tag: Identity

My wife and I are in the process of installing new wooden blinds in our family room windows. During the process of buying the blinds, I was introduced to the concept of

Faux Wood blinds. Faux wood blinds look like wood, but are made of plastic. They are not the real thing.

Faux equals

fake, but faux sounds more chic.

Faux pearls.

Faux painting.

Faux fur.

Faux identities are not new.

Mark Twain was Samuel Clemens’ faux identity or

pseudonym.

Andrew Heenan’s Real Names of Famous Folk lists many famous people and their real names.

In the modern world of cyberspace, faux identities are commonplace – and troublesome. While some anonymity provided by false identity is certainly justified, particularly by those seeking protection from predators or bigots, I am troubled by the pervasive culture of anonymity on the Internet. Too many people act out fantasies in cyberspace that they wouldn’t be caught dead doing in real life. Evil people prey on innocents while hiding behind false identities. Phishers and spammers ply their trade behind the shield of anonymity.

An engineering professor once taught me that I should be proud to affix my name to anything I created. Conversely, I should make sure that anything I create is worthy of my name.

My recommendation? Beware of faux – whether faux wood or faux identity.

Tag: Identity