A number of things have motivated me to try my hand at blogging. At first I was concerned with the time commitment, but I have discovered by looking at blogs from others I respect that I don’t have to post every day, or week, and in several cases every month. OK!
I just returned from what I considered as a most exciting Burton Catalyst conference. I claim this based on the quantity of thought provoking material around user-centric identity such as Higgins, DIX, Information Cards,
Mike Neuenschwander’s pro-social management systems, and Bob Blakley’s metadata “oracle”. The material presented at the conference, along with the hallway and bar discussions helped me to start piecing much of this together. Prior to the conference I had some perception we had a number of concepts competing in the “user-centric identity” space. Probably true, but I left the conference with a picture of how many pieces can fit together to address, and maybe solve (ok, improve) the whole problem (the definition of which in itself is mind boggling).
There are a number of problems in the security/identity including phishing, identity theft, trust, manageability (fundamentally no-brainer security that minimizes cost to the enterprise). What got me thinking at Catalyst is how the various efforts/ideas listed above address different dimensions of the problem. So much to sort out here…but some brief observations:
- I started with the idea that user-centric identity could solve the corporate problem of lost/stolen identities (credit to a colleague who planted the seed). If corporations did not have identity information then they could not lose it. Good idea, not reality.
- Next Higgins. A framework that defines a standardized identity interface and how providers plug-in (immensely simplified). Great idea – see previous bullet. Corporations and service providers will not be ejecting all user identity data any time soon.
- People are increasingly not trusting the Internet. An idea with significant merit because most people are not computer savvy and security knowledgeable. Enter the Information Card idea – clearly addresses the interface issue with today’s phishing attacks and could transform jargon and mystery into user comprehensible interaction.
- One of Mike Neuenschwander’s presentations stimulated thought around a common issue I deal with in the corporate world – manageability. His point was that administered domains work well in closed environments, but don’t scale. Given today’s reality of global, collaborative environments we need new workable models. The federation thing?
- Bob Blakley’s presentation on metadata sharing, instead of *DATA* sharing was right on. I realized this was the connection of privacy to the ISO Access Control Framework. Many are developing Policy Decision Points today that can support decision making without revealing private information(I am working on this). Of course there is the small matter of how the “oracle” knows how to make the decisions.
Time to go pack for the Identity Mashup in Boston. I spend much of my time looking at current leading edge things but I am anticipating next week I will get glimpses into the “distant” future.
Exciting, wish I could transport to Boston. Guess I will get up at 4am for now.
Posted by Mike Beach 