User Attributes – Part of Identity?
I recently participated in an Identity and Access Management architecture session where I was asked a direct question, “Do you consider user attributes not stored in the main directory a part of user Identity?” Â When I said yes, a few people seemed somewhat perplexed. Â Please let me explain my point of view.
I think there is a propensity to think that “Identity attributes”  are strictly limited to those stored in a directory user object.  That focus is too narrow.  While it may be that the “Identity Management System” only knows about those attributes, the sum total of real Identity information can be much broader.  This broader view of Identity is essential if we hope to leverage Identity Management to enable innovative business models.
For example, if I am an online vendor hoping to leverage user Identities to provide a highly personalized user experience for my customers, I must not rely only on the user object in the authentication directory. Â A more rich set of Identity data comprising history, preferences and real-time context must be considered. This information may reside in multiple repositories.
Just my thoughts. Â What do you think?
Programmers would tend to think that attributes MUST be stored in the directory – how else would they get at them? But I agree with you – there’s a finite, but uncountably large, number of attributes which make up an identity – and the number is ever expanding.
Comment by Dave Kearns on October 8, 2011 at 9:30 amGood point! I posted my response “User Attributes – More than Identity” @ http://blog.aniltj.org/2011/10/user-attributes-more-than-identity.html
Comment by Anil John on October 8, 2011 at 10:15 am