Catalyst 2005 – Day Two
Day Two at the Catalyst Conference also provided a wealth of insight from a
number of interesting speakers. Several of the sessions today had more depth
than the ones we heard yesterday.
Mike
Neuenschwander,
Associate Research Director, Burton Group – Episode
III, Identity Management Markets and Architecture: Evolution and Innovation
- Identity management is the set of business processes, and a supporting infrastructure,
for the creation, maintenance, and use of digital identities in online spaces - “Relation” is a core ingredient to distributed systems. Identity
isn’t about the end points—it’s about the relationship - "Identarati" – those involved with Identity
- Cross-domain sign-on is a big winner this year.
- Service-oriented architecture (SOA) a better approach than suites
Nick
Nikols, Analyst, Burton Group – Identity Services and the Identity
Access Layer
- Growing IdM requirements are straining current capabilities, requiring multiple
and dynamic views of identity information and more complex relationships between
identities and other objects - Distributed identity services becomes the new goal
- Identity services are the set of services that enable applications and other
services to fully leverage identity information
Ken Weiss, Charles Schwab & Co., Using Web Services
to Manage Identity and Access
- The perimeter has vanished
- Every resource, every application, must be identity-enabled
- No substitute for a consistently applied opaque unique identifier
- Really, really know your requirements
- Policies define how Identities are permitted to access resources
Doug
Simmons, Principal Consultant, Burton Group – Provisioning
Implementation: Setting Realistic Expectations
- Deployment strategy will be influenced as much by regulatory issues as return-on-investment
priorities - Help end users become productive immediately. Focus on Day 1 productivity.
- Establish a three-year architecture. Implement in bite-sized chunks.
Gerry
Gebel, Senior Analyst, Burton Group – The Big Challenge: Standardizing
Policy While Maintaining Semantic Intent
- Focusing on policy for security enforcement in IdM systems, including authorization,
privacy enforcement, and personalization - Momentum is growing for the adoption of XACML among broad vendor base
- WSPolicy framework is maturing slowly, but is starting to appear in products
- "Entitlement engine" products are emerging to manage policy
Dan
Blum, Senior VP, Group Research Director, Burton Group – Federation
in the Identity Infrastructure
- Federated identity management solves real problems today, enables Web services,
and constitutes the future of the identity management market - Business interoperability issues are lagging technology interoperability
- On the standards front, Liberty/SAML is making most progress now, but Microsoft
and IBM (WS*) are slowly progressing. Beware of the tortoise overtaking the
hare.
Dave Temoshok, Director, Identity Policy and Management GSA
Office of Governmentwide Policy – Government Adoption of Federated Identity
- The Government needs the capability to authenticate millions of citizens,
businesses, and governmental entities without issuing a standard, national
ID - GSA is directed to provide common authentication infrastructure for all
Federal E-Gov business applications and E-access control. - IDM Federation Core Infrastructure addresses Trust, Interoperable Technology
and Business Relationships/Governance - If there is to be no central registry of personal information, attributes,
or authorization privileges – a decentralized approach means federation.
Jamie
Lewis, CEO, Burton Group – User-Centrism Meets Polycentrism:
Creating Identity Infrastructure for the Internet
- The Internet lacks sufficient identity, security infrastructure
- Customer awareness of privacy, identity is rising
- "Its the relationships, stupid." ID services facilitate, coordinate
relationships, interaction - Identity systems that work for a financial services company will not work
for social software and vice versa - Ultimately, systems will mesh, creating a fabric that will allow systems
user-centric, enterprise, government systems to interact using common standards
John Shewchuk, CTO Distributed Systems, Microsoft, Microsoft’s
Digital Identity Strategy
- Users should be in control.
- Each user should make decisions about relationships he or she has.
- Kim Cameron’s 7 Laws of Identity provide a set of axioms to describe how
Identity systems should work - InfoCard is Microsoft’s proposal for an Identity infrastructure that complies
with the 7 Laws to replace the ill-fated Passport - WS* is a comprehensive framework of "Identity standards" to enable
web services.
Dick Hardt, CEO, Sxip
– Identity 2.0
- The Identity industry is currently at version 1.0, requiring centralized
Identity Management. - Federated Identity will be provide Identity version 1.5
- User Centric Identity, properly implemented, will be Identity 2.0.
- Trusted third parties are required to validate Identities
Bob Blakley, Chief Scientist, Security and Privacy, IBM, The
Logic of Identity
- Identity and privacy are not technical problems
- Security and Privacy are naturally at odds with each other
Roundtable Discussion: User-Centric Identity Management:
Federating the Individual? (Participants — Stefan
Brands, President, Credentica; Kim
Cameron, Identity Architect, Microsoft; Paul Trevithick,
Co-Founder, SocialPhysics.org.;
Bob Blakley, Chief Scientist, Security and Privacy,
IBM; moderated, sort of, by Jamie
Lewis, CEO, Burton Group.)
- I was disappointed in this roundtable discussion. What could have been an
enlightening discussion about the real life issues facing user-centric identity
was little more than a very high level conversation of esoteric issues that
may apply in the distant future. I was able to get more insight into the real
issues facing user-centric identity management by spending 5 minutes with
Dick Hart in the Sxip hospitality suite than by listening to 30 minutes of
this group.
Note: A computer malfunction that occured during the
conference prevented me from posting this blog entry until Tuesday, July 19th.
Tag: Identity