My former Sun colleague Brad Wheat just alerted me about an interesting service from Acxiom, “Identity-X Authenticate”:

According to Acxiom’s brief product description:

Verification is the process of substantiating that someone is in fact who he says he is, and verifying the validity of the information he has provided as authentic or genuine. Often times this is the first step in a risk management strategy. The Acxiom Identify-X Authenticate process uses unique data generated questions to identify an individual and then verifies these individuals through our high quality database, offering greater security to the end user.

Acxiom’s identification platform utilizes demographic and geographic data in challenge questions with nearly 900 data elements for more than 300 million individuals. Identify-X Authenticate data comes from public, publicly available and non-public proprietary databases. Identify-X Authenticate data is current and regularly updated daily, weekly and monthly, depending upon the data source.

Reading further in the product fact sheet, I discovered:

Examples of some of the data generated questions that Acxiom uses include:

• Based on your driver’s license do you wear corrective lenses?
• What professional licenses do you hold?
• What subdivision do you currently reside in?
• What state does your relative Joe live in?
• How many fireplaces did you have in your last residence?

Acxiom claims to leads the industry with a collection of more than 115 unique authentication
questions.  I didn’t realize I knew that many answers myself!

When I visited the Acxiom corporate headquarters in Arkansas about a dozen years ago, they claimed to have data on 95% of the population of the United States.  I think the coverage has grown in both depth and breadth by now.

This approach to authentication both encourages and unnerves me.  On one hand, it appears to be an effective method to reduce fraudulent access to information and systems.  On the other hand, it is more than a bit scary to realize that all this information about individuals resides in a single private database.

I just wonder … do they know what injury nearly killed me when I was four years old?  Do you? Do you care?

Dave Kearns indentified three separate focus areas for Identity and Cloud Computing in his Network World post today:

Identity-in-the-cloud, or Identity as a Service:

IdM services such as provisioning, governance, role management, compliance, etc. are hosted "in the cloud."

Identity-for-the-cloud:

Provisioning services for cloud apps provided by traditional, on-premise, provisioning vendors as well as other identity services (privileged user management, compliance, etc.) extended to the cloud from your data center.

Meshed, or integrated, on-premise/in-the-cloud:

Linking on-premises Identity Management infrastructure and cloud identity data from cloud-hosted applications.

More than anything, this points out that Identity Management and Cloud Computing is a multi-faceted issue.  “Cloud” may refer to where the Identity Management services are hosted, as well as where the applications reside that consume Identity Management services – or a combination of both.

Certainly worth further exploration.

I dedicate a column in my laptop TweetDeck application to the search term “Identity Management.”  It is enjoyable to scroll through now and then to see what folks have to say about this important topic.   Tonight, I was intrigued by a tweet from @susanguarneri “Online Identity Management: Get Found! http://bit.ly/djdFRm”.

It was interesting to find that Susan Guarneri, AKA the Career Assessment Goddess, defines Identity Management this way:

“Online identity management is career management for the employed and unemployed. Online identity management is also business management, particularly if your small business centers on you. Rather than waiting and hoping that your career or business future plays out successfully, why not take back control? Find out how you can get found online, differentiate yourself, and stand out positively from your competition.”

That is quite a bit different than what Wikipedia’s definition:

“Identity management or ID management is a broad administrative area that deals with identifying individuals in a system (such as a country, a network or an organization) and controlling the access to the resources in that system by placing restrictions on the established identities.”

It all goes to show how different perspectives may yield different definitions.  To Susan, Identity Management is all about taking control of one’s personal Identity in cyberspace.  To the unknown Wikipedia author (by the way, that article is begging for a re-write), Identity Management is all about some organization controlling the Identities of others.

Both are valid viewpoints.  It just pays to understand the perspective of each user of a phrase before passing judgment.

Next Thursday, January 21st, I will be giving a presentation at the Sun Horizons conference, “Healthcare Integration Through a New Perspective.”  My topic will be “Identity Management: Securing Information in the HIPAA Environment,”  I will explore how the complementary functionality of Identity Management and Master Patient Index technologies can enable effective management of Patient Consent Management, a vital requirement for online health information networks.

If you would like to discuss the topic or meet me in Washington, DC, please drop me a line.  After the event, I’ll post my presentation deck for review.