When I took my sons camping last weekend, David brought along his Mac laptop with a GPS antenna and mapping software. As I drove, he tested out the software to see how well it tracked us as we travelled to our destination through the Arizona countryside. GPS, like the Internet, is a superb technology that has filtered down to the general population from the military applications for which it was originally designed. Moreover, it is a really fun toy.

We chuckled when it displayed a few commercial landmarks, like the McDonalds restaurant at the junction of Highways 87 and 260 in Payson, AZ. We were amazed at how accurately it tracked us along a dirt road that wound through the woods northwest of

Tonto Village. However, at times when we drove along a fairly new stretch of divided highway, the arrow on the screen which represented our vehicle showed us meandering off the known highway through the sajuaros and mesquite.

It occured to me that Location can be a dynamic and useful attribute of Identity. At any moment a GPS-equipped vehicle or person can have fairly precise location attributes associated with other unique Identity information. Location differs, however, in its dynamic nature. As long as our car was moving, the location coordinates (latitude, longitude, elevation) for our vehicle changed correspondingly.

Earlier last week, I read attended a telebriefing and read a new white paper from the Burton Group about

Virtual Directory Services (VDS). Location is a good example of an attribute that is not easily stored in a classic directory. It would be a poor practice to continually update a vehicle’s location attribute in a classic directory server along with less-frequently changing attributes. However, if an LDAP query could trigger a VDS query to a GPS-enabled location service, location attributes could be returned with along with other static attributes as if all were stored in the directory.

Including Location as a standard Identity attribute, can be a powerful addition to a wide variety of applications.
Location based applications – used in such industries as transportation, emergency services and law enforcement – could benefit directly from VDS – combining the dynamic nature of GPS and flexibility of directory services.

As for the mismatch between our dynamic location and the changing Arizona road? I think someone needs to update the map.

Identity

This morning I listened to a recording of Greg Papadopoulos’ comments about the

Sun/Microsoft interoperability announcement
last Friday. I was impressed with three items in particular:

1. The customer is the primary driver for this relationship. Customer’s are demanding that the two main platforms in which they have sunk large investments (JES and .net) must interoperate.

2. Service oriented architectures – such as the

EDS Agile Enterprise
where Sun is the server vendor – require platform interoperabilty to succeed.

3. The concept of “Identity Agreements” between services enables interoperation.

I also liked Greg’s parting statement “this is not loving Microsoft. We’re going to compete like crazy. I think we have, by far, the best … it’s the open solution. It is really the way that the customers ought to go do their development. But in as much as the Microsoft world is going to exist, and continue to be important parts of our customers’ base, then we will have the superior product for interoperating with it.”

Sun’s Identity Management Products will be at the forefront of making this a reality.

Identity

Last night, I accompanied two of my three sons and a 20-month-old grandson on a Fathers and Sons campout sponsored by our church. We had a wonderful time in the woods northeast of
Payson, Arizona.
As we drove to the campsite, I recalled the first time I became aware of a business application for Identity. Perhaps it could be called Bovine Identity.

I grew up on a small dairy farm in southern
Idaho.
When our dairy herd once swelled to 75 cows, I thought we were in the big time! But such a herd is miniscule when compared to the multi-thousand-cow herds that are commonplace today.

Dad knew each of his cows by name. Each cow had a unique identity. His favorite practice was naming a cow after the wife of a farmer from whom he had bought the cow. If multiple cows were involved, he’d name the cows after the farmer’s daughters.

One such cow was named Claudia, after a local farmer’s daughter. Soon before I got married, Dad decided to switch business models and sold all his cows – except one, Claudia, who would provide the family milk for a few years. I think it no coincidence that Dad chose to keep the cow who shared its name with my wife Claudia, a pretty city girl who was amused and intrigued by some of our interesting rural traditions.

In the dairy business, it is crucial that each cow be known individually. Each has a unique capacity for milk production. Attributes such as milk produced per day, milk-fat content, length of productive milking cycle, gestation cycle and offspring produced can be tracked and leveraged for the benefit of the dairy business. Indeed, one of the first commercial computer companies I learned about was Dairy Herd Improvement (DHI), based in Provo, Utah. This company provided a service to help dairy farmers individually track the performance of cows in a herd. High producing cows are retained, not only for their milk production capacity, but for their potential of giving birth to other high-production offspring. Lower-producing cows are culled out. In the dairy business, Identity is literally a life or death proposition (for the cows) that can help dairy operations progressively become more efficient and profitable.

In the early 1980’s, I worked for Eyring Research Institute, a small Utah company located just down the street from DHI. Our company was engaged to produce a physical access control system for the United Airlines Maintenance and Operations facility at the San Francisco airport. One critical system component was a badge reader system developed by Schlage. Each employee’s badge contained a uniquely-tuned electronic circuit which could be identified by a badge reader if the badge was held within six inches of the reader. Radio Frequency Identification (RFID) was alive and well in 1980, if only in a primitive state!

However, as we investigated this new badge reader technology, we learned that one of its earliest applications was with cows, not people. In a dairy operation much larger and more sophisticated than the Dixon farm, the Schlage devices were used to identify individual dairy cows. A badge was hung around each cow’s neck so that when she entered the milking parlor (yes, they are called parlors) to be milked, a badge reader would identify the cow, trigger an automatic system to record her production for that session, and meter out the right mixture of feed and nutritional supplements calculated to maximize her productivity. Bovine Identity was being leveraged in a real-world business case!

Identity Management is really about understanding and managing the unique Identities of people or things. In my work at Sun, we have primarily focused on managing the identities of people – not cows. However, realizing that Identity Management can extend much more broadly can help us to keep our eyes open for unique opportunities and challenges.

Identity

What a coincidence! On the first day I start my blog, I listened to Scott McNealy and Steve Ballmer speak like old buddies, from the same stage, about enabling interoperability between Microsoft and Sun platforms. The press conference included comments from EDS, GM, Accenture and NEC Solutions. It is clear that that two major items are driving this “partnership of competitors”:

1. Big, important customers are demanding interoperability for both operational and regulatory reasons

2. Systems integrators and outsourcers see interoperability as a way to meet customer needs more simply and economically

Basically – customers and their partners are challenging their vendors to solve an age-old problem of getting computer systems to “speak” to each other in an efficient way.

Identity Management is the key to enabling interoperability. It is the pivot about which the Microsoft/Sun relationship turns. Why – because Identity, by its very nature, transcends platforms. Regardless of which application or platform is being used, a user’s basic identity doesn’t change. So, in a naturally heterogenous world, an ability to rise above the differences between computer platforms is necessary if companies are to reach goals of efficiency and connectivity they require for business success.

I joined the Sun Identity Management Practice in October, 2004. Fortunate to have been referred into Sun by a trusted mentor, I found myself in the midst of the dynamic, rapidly moving Identity Management market. Nearly five years ago, I began to sense the importance of Identity Management while employed by Oracle. Oracle Internet Directory, still in its infancy, promised to simplfy the process of security control. My work with telecommunications companies showed that significant business benefit could accrue from centralized management of security credentials and simplified policy enforcement.

Explaining the meandering path that led me from Oracle to Sun will have to wait for another time. Suffice it to say that I’m delighted to be here, on the front lines of a market with high customer demand, multiple business benefits, interesting innovation, strong competition and real-world results.

So … this blog. I’m intrigued with the opportunity to document and share principles of Identity Management I learn while proceeding with my work in the Sun Identity Management Practice. My comments will have more of a business than technology bent, although I also hope to explore some of the interesting technical issues that face our industry. I’ll try to mix in a bit of business wisdom I’ve learned over the years. If you’re interested, come along for the ride.

Identity