Roger Sullivan Blog

The overhead television with History Channel makes the time go by when plodding along on the treadmill early each morning at the gym. It used to be that you had to rely on reading the captions from one of the televisions hung from the ceiling. Recently, they’ve installed audio jacks on each of the machines so that you can hear the channels versus having to read the captions – a much better option and permits one to get what’s being broadcast even when you lose your favorite spot right in front of the set.

Several weeks ago, the broadcast focused on Lewis and Clark’s expedition from Pittsburgh via St. Louis and thence to the Pacific Ocean near present-day Portland, Oregon. The expedition began in August of 1803, arrived at the Pacific in December of 1805 and then arrived back in St. Louis by September of 1806. While they weren’t the first non-natives to make the journey, they certainly became the best known. This is largely because it was a very well documented scientific expedition rather than one of conquest or a land-grab.

The broadcast story focused on the role of Sacagawea, a young Native-American mother who proved invaluable as an interpreter during much of the trek. As I was half-listening, one particular fact caught me completely by surprise and I had to do some additional digging to learn more about it.

As the expedition went farther West, there was less familiarity with local Native American dialects and languages. Consequently, and according to the above link:

“While Sacagawea did not speak English, she spoke Shoshone and Hidatsa. Her husband Charbonneau spoke Hidatsa and French. In effect, Sacagawea and Charbonneau would become an interpreter team. As Clark explained in his journals, Charbonneau was hired “as an interpreter through his wife.” If and when the expedition met the Shoshones, Sacagawea would talk with them, then translate to Hidatsa for Charbonneau, who would translate to French. The Corps’ Francois Labiche spoke French and English, and would make the final translation so that the two English-speaking captains would understand.”

So, in each conversation with the Shoshones, there were four people involved. We think of ourselves as sophisticated, worldly-wise, resourceful and full of initiative. Yet, here was a band of about three dozen strangers making their way through completely foreign territory, through potentially hostile Native American lands. They made the effort and found ways to communicate respectfully with those they met in order to advance science and map these new territories. This is a remarkable achievement by any measure and it happened over 200 years ago.

I have frequently flown coast-to-coast across the United States for business and pleasure. Mostly I sit on an aisle seat to allow an easy way to get up and stretch my legs. Occasionally, the aisle isn’t available and I’ll take a window. Because I don’t often get to look out and watch the passing landscape, it is always a treat to see the vast panorama of the American Great Plains rolling on for a couple hours beneath the aircraft wings. Admittedly, it’s an ironic juxtaposition to see endless miles of prairie whilst squeezed into a seat that is 17 inches wide.

Invariably, perhaps because of my interest in history, I think of the early settlers who braved months of wagon trains to move to a better place with new opportunities. It gives me pause to think that I can get from my home to the airport and from there to San Francisco – about 3,000 miles – in roughly the same time that it would take a wagon train to cover 1/3 the distance from my home to the airport. While I’m covering the ground at roughly a mile every ten seconds, they were plodding along at about a mile every thirty minutes. It’s amazing to reflect on this.

The wagon trails had names like: Butterfield, Oregon, California, Santa Fe, and Mormon. I found a consolidated site here from which the above links were taken. I marvel at the hardships that the settlers endured to reach their goal of the newborn America dream. There is an account of one such journey here that lists the travelers and followed by descriptions of the experience.

Over the years, we’ve become more casual, speedy, and cost-effective about getting from one place to another. Times change and our modes of accomplishing the same objective has certainly changed as technology innovation has advanced and been made available to the masses. More recently, we’ve added an increased security process layer to the travel experience. While it took a while to work out the methodology, the efficiency has improved to the point where, even as a seasoned traveler, I occasionally feel like I’m holding up the security process rather than the other way around. We become used to a certain way of doing things, resent when our comfortable pattern is disrupted, but eventually come to accept the “new order” and learn to work with it. Then we realize that the relatively small inconvenience of time is more than compensated by the security we gain. The overall efficiency of the travel is certainly not impacted that severely by a three minute wait in the security line.

Another new and fresh approach to the traditional way of doing thing is taking place in the identity management space. A group of companies and organizations representing public and private deployers, implementers, government agencies from around the world have recently come together to create a new initiative. This alliance is called the Kantara Initiative.

We are excited about the opportunity that Kantara Initiative represents for several reasons.

Firstly, it is a uniquely structured venue with a diverse membership that has come together to solve challenges in the identity space. The organization is open, flexible, and affordable so as to foster and encourage innovative solutions to the problems in the identity space. We have been working on this for some time in collaboration with many companies and organizations from around the world and have developed an approach well suited to today’s needs. Organizations of all sizes, deployers and their business partners, smaller innovative developers, traditional identity management suppliers, WEB 2.0 communities, government agencies and commercial companies from around the world have joined in this effort

Secondly, the problems we face are not just about technology, but rather a combination of business policy and privacy requirements, balanced against interoperability, usability, as well as technology harmonization. All of these issues need to be addressed for identity-based solutions to succeed and for deployers to leverage their benefits. Kantara Initiative is uniquely positioned to address these needs.

Thirdly, the members of Kantara Initiative have long-proven experience, competence, and market leadership in each of these areas. Members come from a diverse, worldwide background and represent companies, agencies, and individuals with deep experience and subject matter expertise. To be sure, these companies, organizations and individuals have remarkable achievements to-date. And, now these members are anxious to come together and work collaboratively within this broad community to leverage that synergy toward even greater achievements.

So in summary, the innovative governance structure, diverse and experienced membership, and range of business and technology issues that we will work on, make this a unique and exciting time for the identity space as a whole.

Having said all of that, there are still those who have their doubts. While we were in the formative stages, one of my colleagues in the initiative sent me a famous quotation:

There is nothing more difficult to carry out,
nor more doubtful of success,
nor more dangerous to handle,
than to initiate a new order of things.

For the reformer has enemies in those who profit by the old order, and only lukewarm defenders in all those who would profit by the new order.

This lukewarmness arises partly from fear of their adversaries, who have the law in their favour; and partly from the incredulity of mankind, who do not truly believe in anything new until they have actual experience of it.

N. Machiavelli, The Prince (1513)

I hope that you will consider joining us in this effort. We welcome your participation.

They stand like silent sentinels guarding against invasion. They are ever vigilant, unceasing in their determined stance, and unyielding to the natural elements. I am referring to the thousands of saguaro cacti that populate the Arizona desert.

Each year about this time, I visit my mother who lives northwest of Phoenix in the former mining town of Wickenburg. On the way from the airport I usually drive Route 74, also known as Carefree Highway. It runs thirty miles east-to-west through barren desert, passing Lake Pleasant at around the ten-mile mark. For miles upon miles, saguaro are scattered in the desert. With arms uplifted, they seem to be pleading for rain while they keep their lonely vigil.

Wickenburg is best known as a tourist stopover for those heading north to the Laughlin, Nevada casinos. Each year, the town also sponsors “Gold Rush Days” in February, celebrating the mining heydays of bygone times and its rich western and native American heritage, hoping to tempt drivers to linger longer than a cup of coffee.

The real excitement in Wickenburg these days is the Route 93 by-pass project that will skirt the eastern side of downtown and parallel the Hassayampa River. The river flows mostly underground throughout its 100 mile length. While one rarely sees flowing water, the lush vegetation above ground shows clear evidence of the river’s hidden path below. It’s a striking and beautiful contrast to the surrounding arid, harsh landscape.

Besides being of concern to the local shop-owners who rightly fear that the tourist dollars will bypass the town along with the traffic, the very best things about the Wickenburg bypass are the two -- count ‘em two “roundabouts” included in the project. I’ve long experience with my own three versions of roundabouts (in New England, we call them “rotaries”). One is on Route 2 near MCI Concord. Another used to be at the Sagamore Bridge. The third remains at the Bourne Bridge. I know that there are many more, but these are the most familiar to me. What I really like about rotaries is the unmitigated thrill that one gets from having successfully entered and exited the traffic flow -- without collision.

A rotary driving experience is similar to the adrenalin rush that Evel Knievel must have had when he survived the Snake River jump attempt. He didn’t end up where he intended, but he was just happy to be alive. The same is true for many out-of-towners who attempt a Massachusetts rotary. They don’t always end up where they intended (for instance in Maine versus Virginia), but they are glad to have escaped -- mostly in one piece.

You see, there are both formal and practical rules for entering and exiting a rotary. From the Massachusetts drivers manual:

Because only a few states in America have traffic rotaries (traffic circles), many drivers are unfamiliar with rotaries’ right-of-way rules. Be especially careful and generous when extending the right-of-way to other drivers in and near rotaries. When you approach a rotary, you must yield the right-of-way to any vehicles already in the rotary. If traffic in the rotary is heavy, stop at the edge of the rotary and wait until you can enter safely.

Pretty clear -- at least up to the part about being generous. I don’t know many Massachusetts drivers who could be characterized this way. If one were to generously wait for “any” vehicle in the rotary, one could spend one’s entire vacation waiting for the Bourne Rotary to empty.

While the formal driving rules govern how one should yield, the typical Massachusetts driver tends to think of yielding as a sign of weakness. An old-time Massachusetts wag once told me that the best way to enter a rotary was to “never look the other driver in the eye.” This was especially true when driving older model cars with a few dings and scrapes. The other driver surely wouldn’t want to be the next victim of a too-close encounter. The momentary tap of the brakes in the face of an unhesitating, seemingly unaware driver encroaching into one’s direct path would provide more than generous room to squeeze into the flow. Oh, now I understand what they meant …

For the life of me, I cannot figure out why one would want to deliberately introduce rotary mayhem into an unsuspecting, sleepy town like Wickenburg. Many of the towns-folk seem to be of the same mind. Some of these folks are snowbirds who winter in the south and summer up north where rotaries are plentiful. They too are expecting the worst, having experienced it first-hand. Perhaps the town planners thought Wickenburg is a bit too sleepy and are looking for some adrenaline rushes and near-death experiences to liven things up a bit.

Give me a good old-fashioned standard traffic light. It’s pretty clear when one must stop or go. Although that same wag did mention that the yellow light simply means to speed up before it turns red.

While I was in Wickenburg, Mom presented me with the usual list of projects that she’d been accumulating since my last visit. This time it included replacing several 3-way switches that had stopped working properly. These switches are used for areas with multiple points of entry, where you want to be able to switch the lights on or off no matter which entrance is used. The internal contacts tend to wear out after a couple decades of steady use.

Once I began, I discovered that the original electrician had taken some liberties with the connection of the “traveler” wire. Moreover, the new switches weren’t of exactly the same design as the ones I was replacing. Therefore, it took a bit of trial (and, thankfully no errors) along with several trips back forth to the fuse box in order to get the switches operating properly. Mom’s happy. I’m relieved that there were no shocking experiences along the way, and the lighting is as good as new.

These examples of timelessness, resilience, and unnecessary uncertainty got me to thinking of standards and how one should be able to expect that something like a wiring scheme should be universally the same and identical from one place to another. In this case, the local electrician had inserted a bit of his own style, habits, and personality into the job that made it more difficult for another person to repair the system in years to come. One should expect that systems and processes are interoperable.

It is similar with driving patterns, long-formed habits, and new experiences. While the above comments about rotaries are (mostly) tongue-in-cheek, the introduction of roundabouts will seem to native Wickenburg drivers as a completely foreign concept. It will take a while for them to get used to the way that traffic flows. It is tricky, different from the norm, and something with which they are definitely not familiar. It will make their lives difficult for a time and create a needless challenge for many older drivers who will be genuinely fearful of the new order. One should also expect that technology can easily adapt to standard business practices versus the other way around.

The need for standardized behaviors and techniques are all around us. When we flip a light switch, we expect it to go on. When it doesn’t, the diagnosis is simple. Generally speaking, it must be the light bulb. Even a defective switch gives warning with its intermittent failures. The swap-out of the light bulb is also easy because the threads in the bottom are identical to the ones that were in there, whether it be a traditional incandescent or new energy-saving style bulb.

This standardization of something as simple as light bulbs required cooperation among government regulatory bodies, manufacturers, and suppliers. Without this, lighting would not be as omni-present as it is today and certainly not as economical for the consumer.

We are at the stage in the identity management industry, where we must also bring together diverse interests of vendors, enterprise deployers, and government regulators to ensure that we are pursuing a coordinated approach to identity management standardization. This standardization must include, not only technical interoperability standards, but also business best practices for the safe deployment of identity solutions.

Today, there are several somewhat competing initiatives in the identity space. Several of us have been working behind the scenes for the past three years to find common ground among these initiatives so that enterprise deployers will have the assurance that identity products will interoperate with one another. We need to ensure that business best practices can be applied across solution and corporate boundaries. Unless all vendors and community members come together to make a sincere effort at harmonization while still fostering innovation, standardized interoperability and best practices will be difficult to achieve. We’ve made good progress with initiatives like Project Concordia, but this is only a first step.

As I mentioned in a previous blog post, we are nearing the launch of a new initiative. It is designed as an open forum that does not have a “pay-to-play” membership requirement for those who want to make a meaningful contribution. It is also designed so that subject matter experts are able to get things done that are important to them and the community -- quickly and efficiently.

It is structured in a clean “bi-cameral” model where the Leadership Council is responsible for the work output and the Board of Trustees has fiduciary responsibility for the organization. Additionally, it is an open forum where the proceedings are open to examination by the community at large and especially to those interested in identity management topics. This openness will make apparent those who are participating for the growth of the identity space and those who choose to remain on the sidelines. It is also intended to work in close cooperation with traditional standards bodies so that this organization does not produce yet another uncoordinated set of outputs that need to be reconciled with pre-existing technologies.

We have made great progress in involving companies and organizations, large and small from across the identity spectrum. These organizations include traditional enterprise vendors and deployers, worldwide government agencies, as well as Web 2.0 developers and deployers.

We have many of the formative documents in place and are in the process of bringing together the founding team of members. We welcome industry-wide participation and I would encourage anyone interested to contact me directly for further information or simply to offer your thoughts about this.

This time of the year always gets me thinking about those who walked the lands where I live hundreds of years ago. Thanksgiving is usually the catalyst for these musings and quickly leads into amazement at the natural elements the early settlers had to endure. They were used to the more temperate climates of northern Europe that are strongly influenced by the more moderate temperatures of the Atlantic Gulf Stream. We complain about the early cold snap, yet we can always retreat to the warmth of a well-insulated home, protected from winter’s wind.

When the Pilgrims arrived, there was no shelter, no stockpiled firewood, very little food, and below-average winter temperatures. One has to admire the fortitude of these men, women and children to have survived even one year past their first encounter with the New World on the shores of Cape Cod.

Note that I am not at all unsympathetic or unappreciative of the Native Americans who lived in this area. The Indians were, however pretty well acclimated to the environment and were masters at growing and hunting food. Early accounts tell of the Indians walking about with nothing more than loincloths, even in late fall when the temperatures dip regularly into the thirties and forties Fahrenheit. Tragically, however, the Indians were not immune to the European illnesses introduced to North America by the Pilgrims and explorers who came before them. In the couple years before the Pilgrims arrived, a severe epidemic devastated the Native American population throughout New England. Literally thousands of Indians died –- upwards of 90% of the population in some places. Entire villages were completely wiped out. It is thought that this was the bubonic plague introduced by European fishermen into Maine then rapidly spread southward.

In an earlier blog post, I referenced the book, In the Heart of the Sea: The Tragedy of the Whaleship Essex by Nathaniel Philbrick. This story was reportedly the inspiration for Herman Melville’s “Moby Dick.” I recently learned of another book by this same terrific author, Mayflower, a Story of Courage, Community, and War. This story, as you might guess is the history of the early settlement of New England in the first half of the 1600’s. Philbrick provides the historical context for the Pilgrims leaving England and gradually making their way to Plymouth. Below are excerpts from the opening passage of this wonderfully entertaining and educational book:

For sixty-five days, the Mayflower had blundered her way through storms and headwinds, her bottom a shaggy pelt of seaweed and barnacles, her leaky decks spewing salt water onto her passengers’ devoted heads. There were 102 of them – 104 if you counted the two dogs: a spaniel and a giant slobbering mastiff. … The passengers were in the between, or ‘tween, decks – a dank airless space about seventy-five feet long and not even five feet high that separated the hold from the upper deck. … A series of thin-walled cabins had been built, creating a crowded warren of rooms that overflowed with people and their possessions: chests of clothing, casks of food, chairs, pillows, rugs, and omni-present chamber pots.

Simply put, the Pilgrims were motivated by religious principals. They aspired to a purer, more literal interpretation of the New Testament and these beliefs were at odds with King James and the Church of England. Given that the Pilgrims held themselves separate from the Church of England, they were referred to as ‘Separatists.’ King James made it a priority to harass the Pilgrims out of existence.

An interesting fact is that of the passenger composition of the first passage of the Mayflower to the New World. Contrary to popular assumption that the ship’s passengers were exclusively pilgrim Separatists, in fact they were only fifty percent of the list. The other half being ‘Strangers,’ added to the passenger list in order to protect the interests of the investors who backed the voyage. However, since the Pilgrims could be counted on to vote as a single block, there could be no doubt that the governing of the early colony would be firmly in the hands of the Pilgrims.

You see, the Separatists were eager to found a colony where they could practice their religious beliefs without fear of persecution. But, they had no means to pay for the passage to the New World. They also needed provisions to feed them until locally grown crops could sustain them, and the hard stuffs (building tools and armaments) necessary to establish the colony. So, they signed an agreement with a group of English investors called the ‘Adventurers’ who provided the funds in return for the wealth of goods that the New World would produce.

In the end, it was a bad deal for both parties, the Separatists were compelled to agree to providing the Adventurers with one hundred percent of their output versus a more equitable 60/40% split as was first negotiated. As for the Adventurers, the group was dissolved some years later without having recovered its investment. Unexpected hardships, poor crops in the early years, lack of hunting skills to provide pelts, and shipments home stolen by England’s enemies all contributed to an extremely prolonged repayment of the original debt.

A fascinating subplot of the Pilgrims’ own story is the relationship that they built with Massasoit, Sachem (Chief) of the Pokanokets. This tribe was one of several powerful –- and sometimes warring -– Native American Nations in early New England. Because many of the others, like the Narragansetts, Nipmucks, Mohegans, Wampanoags, and Nausets had been decimated by the plague mentioned above, there was a significant power vacuum in the region. One could speculate that Massasoit saw a perfect opportunity to befriend the new arrivals -– foreign though they were -– in order to have an ally armed with guns to keep rival Indian tribes in check.

Very early on, in the Spring following their November arrival the Pilgrims and the Pokanoket Tribe, lead by Massasoit negotiated a treaty, paraphrased below, which is remarkable in its comprehensiveness yet brevity.

1. The Pokanokets would not harm the Pilgrims.
2. If a Pokanoket did injure a Pilgrim, the offender would be handed over for punishment.
3. Neither the Pilgrims nor Pokanokets would harm or steal from the other.
4. If anyone warred against the Pokanokets or Pilgrims, they would come to each other’s assistance.
5. Massasoit was to spread the word to the other tribes to assure them of the Pilgrims’ peaceful intentions.
6. Both the Pokanokets and Pilgrims should be unarmed in each other’s presence.

Would that our current global treaties were as straightforward!

As an interesting aside, the Pilgrims broke the agreement on at least two occasions, yet the Pokanokets showed remarkable tolerance, patience and a seemingly bottomless ability to tolerate the behavior of these new comers.

Relations between the neighboring tribes and the Pilgrims flourished after this treaty was agreed upon –- at least for a time. In fact, relations became quite easy-going, with local Indians visiting the Pilgrims on a regular basis. Of course, the Pilgrims were obliged to be hospitable and entertain these guests whenever they dropped by. Given that the Pilgrims were struggling to feed themselves, the situation was quickly getting out of hand and would cause significant hardships in the coming winter when every morsel of food would be essential for survival.

To solve the problem, the Pilgrims devised a way of verifying that Massasoit sanctioned the visitors. They presented Massasoit with a copper necklace and told him that, if anyone came bearing this necklace, they would be welcomed and entertained by the Pilgrims as an ally of Massasoit himself. But if a visitor came without the necklace, they would be turned away.

As I read Philbrick’s account of these early years, I was struck by the simplicity and sophistication of the interactions among the significant parties. All the while that the Pilgrims were struggling to stay alive in this barren land with nothing more than their own muscles to provide the labor (oxen and horses had not yet been brought from England), they were grappling with carefully negotiated trading and treaty agreements. One can’t help but admire their resilience and determination.

In the same way that the Pilgrims didn’t know what the next day would bring to their situation, so are we today no more able to discern what tomorrow will bring in the world economy. Each day we seem to hang on any bit of news to see the effect that it will have on world economies as well as on our personal lives. How will this affect our own ability to survive in the coming years?

Over the past weeks, we have already heard the calls for increased regulation in order to ensure that the current economic situation doesn’t happen again. We are collectively outraged by the apparent lack of awareness of senior executives at failed companies as to the financial instability of the firms that they managed. We can expect the U.S. Congress to enact legislation that will require much more stringent oversight and accountability within public as well as private companies. My personal prediction is that the coming regulations will make the compliance requirements of Sarbanes Oxley pale by comparison.

Central to these looming requirements is the ability to answer: “WHO had access to WHAT information and WHEN did they access it?” The full compliment of identity management functionality is required to answer this. Companies need to deploy Identity and Access Management solutions to govern the access to applications and business data. Companies also need to deploy Compliance solutions to be able to report on the activities of the persons with these access privileges in order to unequivocally determine who had knowledge and when did they have it.

Think of the first set of functionality as “Identity 1.0” technologies. These are the foundational products that must be in place in order to control the basic access, directory, and provisioning needs. Compliance and reporting provide the “Identity 2.0” functions for the more sophisticated regulatory reporting that will be required. Unless companies have already established their Identity 1.0 strategy and deployed the requisite solutions, they will be severely challenged to implement Identity 2.0 solutions required to answer the “Who, What, and When” questions that compliance auditors will be asking in the not-too-distant future.

We are all Pilgrims in these new economic circumstances and landscape. How we prepare for the journey will determine whether we are able to weather the uncertain times that lie ahead.

I just returned from Oracle OpenWorld in San Francisco. Superlatives don’t really do it justice. There were so many people, so many sessions, and so much information to absorb that it was a bit overwhelming. If one didn’t focus on one’s objectives and agenda it would be very easy to get distracted and squander the opportunity to network and get informed. One of the best comments I heard was, “In past years there was a lot of marketing at Oracle OpenWorld. This is now a truly educational event.” Mission accomplished.

One cannot help but be impressed by the scale of Oracle’s worldwide business and comprehensive suites of technologies. Customers have confidence in Oracle’s ability to invest in products that fulfill the complete range of customer requirements. The companies that Oracle has acquired over the past several years have been best of breed technologies providing functional excellence in their particular space. Individually, these companies delivered high performance solutions targeted at solving particular business problems. The scale of Oracle allows us to integrate these products into a cohesive suite and provide synergistic benefits. Additionally, our adherence to industry standards and partnerships with leading third party organizations, allow us to deliver solutions that analysts recognize as superior to the competition.

The Moscone North keynote hall’s capacity was about ten thousand seats. It was highlighted by a twenty by three hundred foot high-definition media screen on which images continually flashed, presentations were displayed, and community comments scrolled by. The experience was a continual feast for the eyes. In the midst of the hustle and bustle, there was a unique oasis of calm. Before each general keynote address, Zoë Keating (warning: sound on this link) a cello soloist gave a performance that was entrancing, hypnotic, soothing and technically intricate.

When I first walked into the hall and heard the music, I wrongly assumed that Ms. Keating was accompanying a sound track that had been previously recorded elsewhere. In fact, she was using a technique of recording a passage of music and then looping that section over and over while recording more tracks on top of the preceding ones. Her album’s title “One Cello x 16” is fairly self-descriptive of what’s going on.

As I listened, it was very difficult to tell what was live versus the tracks underneath without carefully watching her fingering, plucking, bowing, and sometimes gently striking the instrument. I arrived early to one of the keynotes in order to hear how the music built upon itself in ever-increasing complexity. It was fascinating. If one closed one’s eyes, one would fully expect that there was (at least) a full string quartet on stage. Yet on looking, there was only the solitary figure bowed over the one instrument, coaxing from it the most beautiful sounds.

Listen to this selection from “Legions” on her web site and you’ll get a good – albeit brief – sense for how the melodies and rhythms build one upon the other in layers upon layers.

It was nice to have this relatively peaceful reflective time during the rush of Oracle OpenWorld. It gave me the opportunity to think about lessons learned, common themes and issues with which folks in the identity management communities are wrestling.

In general, I would say that there were three universal threads: 1. Have a plan; 2. Start with a good identity foundation; 3. Gradually build upon the foundation.

Virtually all of the presenters from enterprise organizations emphasized the importance of involving both business management as well as information technology management in the analysis and implementation of identity management systems. I listened to British Telecom, Cisco, National City, Chick-Fil-A, Monster, Mitre Corporation, and others who clearly stated that an identity management deployment must be a partnership effort between technologists and business people. The business people understand the functionality and governance issues that need to be addressed, while the technology folks understand the security and infrastructure requirements to make it happen.

The second common theme among these successful organizations was that they all made sure that their foundation for identity management was solid. By this I mean that they had made and implemented the critical infrastructure decisions regarding issues like whether to consolidate or leave alone multiple identity stores. In the relatively rare case where they planned to consolidate, they made the necessary forward-looking decisions regarding the definition and design of identity attributes before they simply replicated the pre-existing state of affairs. In the more usual case where organizations implemented Virtual Directory technology to create a common interface into their identity stores, they clearly understood how this design would support their access control implementations for which the system was designed.

More than once during the week I heard the admonishment of “don’t boil the ocean.” This was repeated both by customers as well as Oracle product managers with the experience of literally hundreds of successful implementations around the world. This means that a well-planned project should be executed in phases where success builds upon success. Identity management is not a simple concept and it has significant implications for both business and technology sides of the house. Taking a step-by-step approach, where each chunk of the project is thought out, planned, and incrementally implemented assures success building upon success layer by layer.

Odds and ends:
· Overheard on the airport shuttle: “Spammers are getting more sophisticated all the time. They entice you to click on the attachment and then, BOOM! You’re pfished.”
· Conversation with a seatmate on the Oracle OpenWorld shuttle bus when she said: “I found someone’s log-on credentials under a demo station. I had taken an ethical hacking class so I didn’t look at it and turned it into the booth receptionist.”
· Greenfield Opportunity: I had a conversation with a government agency during which they made it clear that they are in the process of completely re-architecting their identity management systems. Effectively, they are starting from scratch, redesigning identity repositories, creating proper access control, role management, and bridging to external partners and other government agencies via strong authentication and federation technologies. I’ll be speaking more with them over the coming months and am looking forward to the continued dialogue.
· Identity Scam: I was rushing along back to the Moscone from a customer session when a fellow appeared at my elbow fast-talking about no place to stay, lost luggage, needing cash and holding up an Alaskan drivers license as proof of identity. After giving him a few dollars and walking on, I realized that he had kept his finger covering the face on the license each time he held it up for me to see. Spoils one’s charitable instincts and emphasizes the need for multi-factor authentication even in mundane transactions.
· TSA screener at SFO after looking at my ID: “Hey, it’s almost your birthday. Congratulations.” Nice to know that they are paying attention.

It’s been a busy several months for identity solutions and yours truly. Since my last post, I’ve been in Sao Paulo, Stockholm, Columbia, Venezuela, plus cities around the U.S. talking to Oracle customers and prospects as well as working with identity standards activities about solutions in this fast evolving space.

Throughout my travels and discussions, I am continually reminded of the commonalities that tie the global economies together. Examples include the need for increased efficiencies in on-line transactions; the desire for closer and more convenient relationships with customers, partners, and social networking colleagues; and the overriding need for heightened security for business data as well as protection of personally identifiable information.

At the same time, these very issues have been reinforced in another context – that of identity industry standards.

The Liberty Alliance, has been leading the identity standards development effort since its founding in late 2001. During that time, Liberty has focused on a holistic approach to identity solutions by producing not only technical aspects, but also business guidelines and standards for creating secure, privacy-respecting identity meta-systems.

At the same time, the industry has seen other initiatives emerging that intend to address a narrower slice of the problem set. These solutions have met with more or less success (measured by actual deployments) depending on how well these initiatives have addressed the fundamental requirement of interoperability with existing standards.

As customers repeatedly tell me, the importance of interoperability cannot be underestimated. Customers need the ease of interchangeable solutions that can adapt to changing business needs. The core element that permits this is adherence to and interoperability with accepted industry standards.

Because of the proliferation of initiatives to solve unique problems, customers are rightly concerned that these initiatives will not interoperate within the customer’s existing infrastructure or, worse yet that these innovative solutions will require an extensive rewrite of existing applications in order to accommodate this new phenomenon. I’ve heard inexperienced vendors’ enthusiastic dismissals of these legitimate customer objections by saying something along the lines of, “These IT folks just don’t understand the new identity paradigm (cool word, huh?) that we’re offering. It’s gonna be hot! The whole world is gonna jump on the bandwagon and then the IT shops will just have to adopt it.” … Wrong. Solutions are adopted (as the word would imply) when they actually solve a legitimate customer problem.

Now some may read this as my dismissal of innovative approaches to solving real-world problems. Nothing could be farther from the truth. As I have said publicly for close to twenty years now, technology is the “wild card” of solution innovation. There are only so many ways that human beings can perform a manual function. Yet, when one applies the speed and agility that can be uniquely applied by computing power, one can address business problems in ways that are limited only by one’s imagination. Innovation like this provides sustainable competitive advantage

Technology innovation also needs the opportunity to incubate, take root, and flourish unfettered by cumbersome bureaucratic constraints. This need for free-form development has been the driving force behind several of the identity management initiatives. The difficulty arises when these initiatives need to ‘cross the chasm’ from pure innovation to more mainstream adoption. A fundamental requirement of mainstream adoption is that newer technologies must coexist with existing technology infrastructure investments. If the coexistence requires too much effort or ends up forcing the customer to create one-off proprietary integration points to close the gap, then chances are that adoption will be slowed or even halted.

To address this issue, a group of folks from the various initiatives have been discussing possible approaches. In full disclosure, this discussion was begun in the context of Liberty Alliance’s regular strategic planning review during which we discuss market conditions, customer requirements, and work – technical and non-technical - needed to address potential gaps. This year, we decided to expand the scope and solicit the active participation of key people in the identity community who were not Liberty members.

Those involved in the original sessions are to be commended on the open, candid, professional way that they provided feedback to us. We are grateful for their participation and have already seen very positive indicators that we are on the right track in this effort.

An immediate by-product was that Liberty formed the Web Services Harmonization Special Interest Group (WSH-SIG) whose members include a broad spectrum of Liberty and non-Liberty representatives interested in ensuring interoperability among technical standards that are vital for identity-based transactions.

During the strategic planning process, we conducted two-dozen formal interviews and many more informal discussions. In all, those who participated in the process over the past six months have devoted literally hundreds of collective hours in conference calls and face-to-face meetings. We gathered a wealth of thoughtful input regarding what’s working and what’s not working in the identity standards community as a whole – well beyond the Liberty Alliance’s activities.

The basic conclusion is that most of the various identity initiatives have unique value but are lacking a cohesive means to coordinate and harmonize their efforts with one another. Additionally, many individuals and companies have to invest redundant human and financial capital in order to participate in activities that are essential to their business objectives. This creates an unnecessary drain on large and small companies and slows the overall sector growth.

To solve this, we have proposed that these various initiatives seek a way to come together under a shared organization structure that will actively foster innovation, provide a mechanism for harmonizing various initiatives, and also provide a logistical support structure for shared services (like: IT, staff, legal, financial management, interoperability testing, etc.).

There is an active discussion that is taking place in Google Groups here. You will also find an overview presentation that lays out the initial vision, mission, structure, and operations proposals. The second slide of the presentation lists some of the individuals who were involved in this effort along with their company affiliations.

We are formulating the vision, mission, and principles of the proposed organization as I write this. And, we have deliberately delayed the naming of the organization until such time as we achieve consensus on its purpose. For the moment, we are simply referring to it as: IDtbd (i.e. IDentity To Be Determined).

We are very interested in achieving broad representation and consensus among the discussion participants. Moreover, we welcome any interested party to the discussion. These are fast moving formative times in the identity community. Identity solution adoption and deployment is growing rapidly while, at the same time, new and innovative approaches to solving business problems are emerging.

It is vital that we join together in open, collegial dialogue in order to create long-lasting, secure, privacy respecting, and interoperable solutions.

Please join the discussion.

*******************************

As a footnote, the kind lady who served as my interpreter in Caracas asked if my previous blog post about being offered free tickets to Grey Gardens in Times Square, New York was really true. Yes, it happened exactly as I recounted it. There really are nice people out there who practice random acts of kindness.

I have often thought about what it must have been like for early explorers setting foot on foreign soil for the first time.

In the case of the Pilgrims first encountering America on the shores of Cape Cod, I would imagine that profound gratitude at being alive to see the land after an arduous crossing lasting many weeks would have been the overwhelming emotion.  This would have been closely followed by acute anxiety about the coming winter months, the need for shelter, and lack of food and fresh water.  This was soon followed by fear about the Native Americans who were sensed more than seen until a skirmish ensued on First Encounter Beach.  It is important to note that the Pilgrims had pilfered the grain that the natives had gathered and stored after the harvest.  So, more than likely, the natives were justifiably angered that their early spring food stores had been stolen.

Consider other voyages and expeditions like Lewis and Clark, James Cook, Magellan, and Columbus.  What did they think when they arrived at their sought-after new land?  How did they communicate basic human needs?  How did they communicate more complex interactions like bartering for supplies, buying land, negotiating trade agreements between countries?

I would imagine that signing was extensively used in the early days.  However, as time went by, early entrepreneurs or opportunists who were linguistically inclined hired themselves out as interpreters.  Trust had to be a significant factor in these arrangements.  Each side of the transaction must have watched closely for any indication of double-dealing or less than accurate interpretation of the intended words.

During my schooling, I had a lot of formal and informal language training, having lived overseas in my younger years.  In order to get along with my elementary school peers in Germany, I had to quickly learn basic German if I wanted to participate at all in the local children's games.  Even younger still, I lived in Japan.  I believe that my love of the Orient was somehow imprinted on my impressionable mind and that simple phrases stuck in my mind's language memory banks.

Later, in high school, college, and in military service, languages came relatively easily to me.  In the U.S. Army, I was trained as a Thai linguist.  However, without continued exercise, the mind's language "muscles" atrophy pretty quickly.  This is especially true with tonal languages such as Thai, where the same sound (like "ma") can have five completely different meanings depending on whether it is pronounced with a low, medium, high, rising, or falling pitch.  To a Western ear, this is really hard to master.  Not a few of us in the class would confuse two particular pronunciations of "ma" -- one being "woman" and the other being "cow."  This would have the expected -- if unintended -- consequences with our female instructor.  Needless to say, she was not pleased with our clumsy progress.

Later, when I made the career transition to high technology, programming languages were my entry paths.  I spent my initial years with a low-level "macro" language used in programmable point-of-sale terminals.  It's been a long time since I did any computer coding, but my early spoken language training continues to serve me when I find myself  interacting with people from around the world.

Similarly, technical standards are analogous to the invaluable interpreters of early explorers.  Technical standards allow "foreign" applications, operating systems, and hardware to interact with one another.  Each element is valued for its own unique functionality that satisfies a need.  But, without a way of interchanging data and passing off functional responsibility to the next piece of the overall solution, these technical elements are simply a cacophony of competing proprietary interests.

Years ago, Oracle made a highly visible and public commitment to adhere to industry standards.  We further committed to supply our customers with products that are truly interoperable elements of comprehensive business solutions.  We committed that these elements would plug in cleanly through standard interfaces.  We did this primarily because it is what our customers want.  We also did this because it allows us to leverage acquired technologies more quickly and to assimilate them within our Oracle Fusion architecture, while at the same time allowing these products to interoperate cleanly with existing technical infrastructures within customer environments.

We have continued to follow through on that commitment, with last week's announcement of Oracle Authentication Services for Operating Systems.  This is a new offering within Oracle Identity Management, a component of Oracle Fusion Middleware. 

Oracle Authentication Services for Operating Systems is software that centralizes user management and authentication across major Linux and Unix flavors.  Traditionally, organizations have had to store and manage access and identity information locally on individual Linux or Unix servers throughout their enterprise.  With Oracle Authentication Services for Operating Systems, IT managers can now centralize this information in a single corporate directory resulting in improved management while end users can use their single sign-on login to access enterprise applications as well as Linux or Unix servers.

Organizations with Unix or Linux servers can benefit from Oracle Authentication Services for Operating Systems by being able to easily enforce consistent security and compliance policies across these systems.  For example, administrators and auditors can now centrally disable accounts or more easily report orphaned accounts, which helps ensure that administrator access is compliant with organizational policies.

Oracle Authentication Services for Operating Systems, part of the Oracle Directory Services offering, is based on open standards and includes the following features and complementary directory components:

• Tight integration with Pluggable Authentication Modules (PAM) on Unix and Linux operating systems, including Oracle Enterprise Linux, Red Hat Enterprise Linux (RHEL), SUSE Linux Enterprise Server (SLES), Sun Solaris, IBM AIX and HPUX.
  
• Tools and scripts to configure both PAM and Oracle Internet Directory components for a simplified migration and native security between network endpoints. 
  
• Oracle Internet Directory, built on the Oracle Database, which securely stores and distributes data pertaining to users, groups, roles and entitlements across the enterprise.
  
• Oracle Virtual Directory, which accesses identity information contained in several identity sources and presents it to the application as a single data source.
  
• Strong and flexible password policy support that helps ensure users are selecting stronger passwords and changing them regularly.

Just as in the days of early world explorers, today's global business experience is "multi-lingual." To be successful, vendors must provide customers with products that operate in an ever-evolving heterogeneous environment.  This environment has a diverse range of products from a vast array of vendors.  If our solutions plug into this environment cleanly and perform well, then we will have earned our customers' confidence and will earn the privilege of providing additional products and services.

On an on-going basis, Oracle invests considerable effort and resources into global standards bodies.  We incorporate this out-bound activity into our core internal software development in order to produce the highest quality and most flexible solutions.  We are pleased to offer Oracle Authentication Services for Operating Systems as the latest example of this on-going commitment.

There's no getting around it.

I wrote in an earlier post about the rise and decline of the whaling industry in New England.  At the start, the point was primarily to feed one's own family from the meat.  If you'll recall, much of the early New England colonists' experience with whaling came from harvesting whales that had beached themselves on the shore.  Native Americans generously taught the early settlers how to flense the carcasses as they lay on the beach.

In addition to the meat, oil was boiled out of the blubber.  This oil was used to burn in lamps for illumination.  The only alternative at the time was to read by the light of the hearth fire or by using bundles of soft pinewood that burned hot and clear, but produced a very sooty black smoke.  The smoke dirtied all of the interior surfaces of the homes -- and people too!

Early recorded descriptions of the stranded animals tells us that most were "Blackfish."  These were also called a number of other names, but are commonly known today as "Pilot Whales."  The oil produced by boiling down the blubber made a far superior fuel for lamps than anything previously used.

As the early colonists became more skilled in the production of oil, they became more aggressive about actively pursuing blackfish off the shores of Massachusetts and Rhode Island rather than simply waiting for the occasional beaching.  As they went farther out to sea, the whaling industry as we know it was born.

But we're getting a little off the point of the story.

Anyone at all familiar with the story of the American Revolution knows the story of the Boston Tea Party.  This was not really a party at all, but rather a flagrant act of defiance of British authority.  Parliament had imposed an expensive tea tax on the Colonists who had no representation in Parliament and therefore had no means of appealing the legislation.

However, as it turns out, the independence-minded colonists didn't only object to British rule, but also to that of the Massachusetts Commonwealth's central government.  For you see, the colonists living along the shoreline weren't the only ones in Massachusetts to recognize the bounty of the sea that occasionally washed ashore and yielded valuable barrels of oil.  The Commonwealth had also recognized this and demanded its "fair" share of any whale that washed up onto town land to help defray the costs of the central government.  The Commonwealth share was roughly 30 gallons of oil from each animal.  This would be sent to Boston and sold to merchants for shipment to England where it was highly valued.  The cost of the supply from the Colonies was much less than from the alternative supplies from other European whalers.  The products and natural wealth of the Colonies were seen as the rightful entitlement of the British Empire.

The key qualifier in the rule about owing a portion of the oil to the Commonwealth was that the whale had to be found on town land.  In those early days, the shoreline basically fell into three categories: town owned, Native American owned, or unclaimed.  How would the local town constable or clerk know if one were to lash a rope to a whale's tail, tow it a hundred yards off shore and down the beach a ways?  When the rising tide erased all traces of the stranding (and subsequent towing), there would be no record at all to dispute the ownership of the sea's bounty.

This poaching extended across to Long Island.  The New Englanders on the southern coast of what is now Connecticut, Rhode Island, and Massachusetts would regularly sail across the Sound, seize stranded whales on the Long Island beaches, tow them back to their homes and claim them as their own.  As you can imagine, this created a very hostile relationship between Long Islanders of New York and the poaching New Englanders.  This attitude lives on today between the followers of the respective Boston and New York professional sports teams.

Today, the rules for complying with government regulations are not so simply eluded.  To the contrary, we are required to report out increasingly more precise operational details of our business.  Who, had access to what data at what period of time and for what purpose?  Was that person authorized?  Did that person have simultaneous access to data and applications in violation of segregation of duties policies?   

Answering these essential questions as demanded by outside auditors has become increasingly more expensive for global companies.  Change to business procedures that comes from within an organization in order to meet a strategic objective is relatively inexpensive to achieve.  On the other hand, change which is imposed from outside the organization, whether by changing customer needs, competitors' threats, or government regulations is the most expensive for any business to accommodate.  That is because these imposed changes do not take into account the existing infrastructure of an organization as a starting point.  Rather, they start with the end objective and force us to make systems comply in ways for which they were never designed.  This requires that any solution must be rich in its functionality, highly flexible to integrate cleanly with this infrastructure, as well as economical to deploy.

Oracle has spent a good deal of time over the past months listening to our customer requirements for Governance Risk and Compliance (GRC) solutions that are more comprehensive yet easier to deploy and operate.  Among other requirements, our customers tell us that they need solutions that provide:

• More functionality for flexible attestation reporting.
  
• Additional reporting templates to address common audit requirements.
  
• Graphical workflow design capabilities to more easily construct business rules for provisioning and approvals.
  
• Updated connector wizards and SPML support to more quickly and easily integrate new compliance functionality into heterogeneous IT infrastructures.

Oracle is pleased to announce the immediate availability of Oracle Identity Manager and invite our customers and prospects to visit here for more information.

As requirements for reporting audits become ever more demanding and sophisticated, our ability to easily assert successful compliance with government requirements will be ever more important to efficient operations.  This representation of the quality and discipline of our companies will not only meet these regulated mandates, but will also build a positive reputation for our companies with our business partners and customers.  Increasingly, companies will use high quality GRC best practices as competitive differentiators against those who must still rely on manual audit practices.

At Oracle, we listen closely to our customer requirements in one-on-one sessions as well as at public events.  As I've participated in our Security Summits over the past weeks, I know that GRC compliance is foremost in our customers' minds and I believe that this new release of Oracle Identity Manager will be welcomed as a valuable product to help companies spend energies on running their business and competing in the global markets and less effort preparing for an audit. 

There's a pond not far from my house.  I pass it each day on my regular walking loop.  This time of year, one can gauge the depths of the winter by observing whether the surface is iced over - and how thickly.  Years ago, this was an ice pond, meaning that teams of men would saw blocks of ice from the surface and horses would drag the blocks to a nearby icehouses for storage.  In the pre-Freon days of yore, winter ice was the only way to preserve perishable food during the hot summer months.

In the 1800's, icehouses lined the shore of the pond.  Each of them was insulated with winter grass in the walls and between the layers of ice.  Remarkably, these large blocks would last well into the summer months.  There was even a cargo of ice carried to the Far East by one of the New England clipper ships.  Exactly how much of the cargo actually survived the journey is not recorded.

Several years ago, a nearby boat club repaired a culvert under a road near their boat docks.  The stream through the culvert is now more of a torrent than anything else.  Twice a day, at the peak of tidal flow, the water roars through the culvert as thousands of gallons of seawater ebb and flow to and from the tidal marshes on the lee side of the road. 

Unforeseen at the time was the impact that this water action would have on the ice pond situated just at the edge of the marsh.  While the pond is fresh water spring fed, the fresh water content has now been overwhelmed by the tidal action.  The pond water is now brackish and also has tidal movement of about six to eight inches.  Thank goodness for modern refrigeration.

 -------

Each year, my wife and I try to get down to New York City a couple times a year for a long weekend.  What with family activities and other obligations this year, our usual trip during the holidays didn't happen.  One of the primary reasons for going is that we love Broadway theater and have been fortunate to see some great performances over the years.  The BEST way to do this is to take advantage of the opportunity is through the "TKTS" booths off Times Square and South Street Seaport.  TKTS sells same day, deeply discounted tickets for almost all of the Broadway performances.  If you are patient (the lines can be daunting) and go with a list of options, you can get really good seats and see great theater.

It's just as well that family commitments intervened, as the stagehands strike in late 2007 darkened the lights when we otherwise would have been able to go.

However earlier in 2007, we made the trek down on the Amtrak Acela Express from Massachusetts to Penn Station one Friday morning.  Given that it was more of a spur-of-the moment trip than long-planned, we hadn't researched the available shows ahead of time.  So, we ambled over to the TKTS booth Friday evening to see what was listed.  We intended to grab a bite to eat and wanted to discuss the options over dinner.

As we were reviewing the list, a woman approached us and asked if we wanted free tickets.  Now, I admit to an increased sense of personal security wariness and buyer's skepticism when in New York's Time Square, however the magic word ("free") pretty well got my attention and immediately engaged me in the conversation.

"What show?" I asked.

She replied, "Grey Gardens."

At this point, the TKTS person commented on what a great show this is.

"Did you say, 'FREE'?" said I -- still obviously stuck on the magic word and less concerned with dramatic quality.

She explained that she had purchased too many tickets and simply wanted to offer the extras to someone.

Long story short: I gave her some cash (random acts of kindness should be recognized).  We sprinted to the theater.  (The TKTS transaction took place 10 minutes before curtain rising.)  We found ourselves in the orchestra, eleventh row center section -- outstanding seats.

Very rarely does one have the opportunity to see truly great live performances.  This evening was completely and unexpectedly one such time.  Here's a synopsis from the web site:

"Grey Gardens [NB: LINK HAS SOUND] brings to life both the delightfully eccentric aunt and the cousin of Jacqueline Kennedy Onasis.  Once among the brightest names in the pre-Camelot social register, these two women became East Hampton's more notorious recluses, living in a dilapidated 28-room mansion.  Set in two eras -- in 1941 when the estate was in its prime and in 1973 when it was reduced to squalor -- the musical tell the alternately hilarious and the heartbreaking story of two indomitable women, Edith Bouvier Beale and her adult daughter 'Little' Edie."

Christine Ebersole played Edith Bouvier Beale (Mother Beale) in the First Act and the adult Little Edie in Act II.  Mary Louise Wilson played Mother Beale in the Second Act.  Both actresses won well-deserved Tony Awards for their performances.

After the show, we promptly bought the cast recording CD and have listened to it many, many times.  (Can you wear out a CD?)  It's not often that I'd see a show twice -- actually I've never done it.  But for the fact that "Grey Gardens" ended its U.S. run in July 2007, we would see it at least once again.

The heartbreaking story line unfolds in the Second Act when the effects of Mother Beale's controlling influence on the young Edie become apparent.  In Act II, when both are living together in the ruins of the once-grand home, Edie sings "Around the World" during which she alternately remembers once-precious "memorabilia" in wistful longing for good times past, and rages in anger against her present circumstances.  This was a powerful performance by Ms. Ebersole.

Another memorable Act II scene for me was "Another Winter in a Summer Town" during which Edie aches at the loneliness of her life and longs for happier times when she was a wealthy New York society debutant engaged to Joe Kennedy, Jr. before it all went so very badly.

As I've mentioned in previous postings, I live in a "summer town."  During this time of year, the opening refrain of the song is particularly poignant:

"Another Winter in a Summer Town

The renters go home
The maple goes from crimson to brown
Oh God, my God
Another winter
In a summer town
The beach is empty
They covered the pools
The patio umbrellas come down. . ."

Until I heard Ms Ebersole sing this, I never thought of winter as a sad or melancholy time.  I have always thought of it as a season for rest, reflection and preparation for Spring and Summer activities.  The show brought a new meaning to this time and this place for me -- all because of a chance encounter with a generous woman in Times Square.

I'll be going back to the City in a few weeks to participate in one of the Information Security Symposium sessions that Oracle is conducting.

During this event, I'm sure we'll discuss some of the unintended consequences of IT projects and how proper application of Security and Identity Management solutions can solve some of these problems.  Please consider registering for one of these events nearby.

I look forward to seeing you at this or another session.

Safe travels

I have always had a love of sailing.

As a young married couple, one of the first "investments" we made was a 14 foot Glastron Alpha sail boat.  Basically, it was an oversized Sunfish, familiar to anyone who has visited a seaside resort.  It had a modified gaff rigged sail arrangement.  The controlling lines were simple and easy to understand -- one to lift the sail and one to trim it in or out to catch the wind.  The setup was simple and allowed for a single person to rig and launch.  My wife was a good sport about it at the time, but later pointed out that we didn't have a spare nickel and had little business buying a boat.

The great thing about this boat was that, with no lessons at all, one could learn the ancient mysteries of powering a vessel by the wind.  By learning to tack, one could actually sail in the same general direction from which the wind is blowing.  Further, one could move fairly fast, heel over and generally evoke squeals of delight (or terror) from the crewmate along for the ride.

This style of boats is also forgiving of mistakes.  And, in any event, there's a short drop to the water when the inevitable gust of wind catches one by surprise.  Always wear lifejackets, boys and girls.

Despite my wife's initial misgivings, we owned the boat for close to twenty years.  Each summer we'd tow it behind the car down to Cape Cod.  Each of our three children learned to sail on it -- a wonderful skill to be able to provide them.

So, I suppose you can guess where this is going.  As life moved along, we (really I) concluded that a 14 foot day-sailer wasn't nearly big enough for the family.  As luck would have it, a 27 foot Catalina came on the market in the next town over.  The first of the two happiest days in a boat-owner's life soon followed: the day you buy it.

The Catalina is a very nice family boat.  This one happened to have been completely upgraded for racing.  High performance winches, really good sails, electronics, and the list went on.  The owner was moving to Utah and was, as they say, "motivated" to accept the only offer I could afford.

We sailed out of Salem harbor on Massachusetts' north shore.  This is a well protected, yet large harbor area with Manchester to the north, Baker and Misery Islands to the east and Marblehead Neck to the south.  Occasionally, if the wind was right and the day promising, we'd head further south toward Boston harbor or southeast off Gloucester.  It was a great family experience.

My first and last sails were with my oldest son.  On the first, we foolishly picked an ominous day, with low clouds scudding across the harbor and foam spraying off building whitecaps.  Wisely, we didn't last long.  On our last day, we had sailed south to Boston on a broad reach and then came about to head home.  We were close hauled on a port tack and had the boat trimmed so well that we could take our hands off the tiller and she didn't veer even one degree off course.  The boat was happy and we were thrilled.  Although more than ten years ago, I remember the moment as yesterday.  It was truly magical.  We sold her shortly thereafter (the second happiest boat-owner's day).  The last of our children had left for college, I lost my crew, and the time had passed for sailing.

I build wooden model ships as a hobby.  I've done three thus far.  These are referred to as "plank on frame" construction from kits where the individual hull planks are bent, one by one, usually in two layers, over a frame.  Following this, the superstructure is built (railings, masts, deck hardware, cannon carriages, etc.), followed by rigging the masts.  The last step takes many, many hours to complete.  The standing rigging consists of a hundred or more lines, each one takes about ten to fifteen minutes to dry-fit, place, and tie off.  The finished model is anywhere from twenty to thirty inches in length.

I find it very relaxing, but can only do it for relatively short stretches of time.  It takes a lot of concentration, and even with magnifying goggles, the eyestrain counterbalances the relaxation after a couple hours.  The first one I made was from scratch using solid hull construction.  Next came "The Wasp" from a kit about 15 years ago.  Once I finish my current project, the "Half Moon," in a couple more hours work, my next will be the "Charles W. Morgan."

Other than the pure pleasure of building the ships, I also frequently find myself imagining what it must have been like to actually sail a square-rigged ship.  They were vastly more complicated than either of the two I sailed, even though the basic principles of moving a vessel through the water with wind power are identical.  Some clipper ships had over twenty sails.  Even slower working ships like the whaler "Charles W. Morgan" would have more than a dozen. 

Each of these sails would have upwards of nine or more individual lines to lift, trim, and set to the wind.  In Eric Jay Dolin's book Leviathan: The History of Whaling in America, the author describes the novice deck hand's experience:

One of the most daunting tasks was becoming fluent in the language of the sea.  Every part of a ship had a name.  The green hand not only had to know where to find the bowsprit, the jib boom, the catheads, the lower deadeyes, the fore-topgallant mast, the spanker, the booby hatch, the lashing rail, the hawsepipe, and the mizzen yard, but also what they were for.  Every one of the ropes in the rigging, which at first glance must have looked like a distressed spiderweb, had a name and a function, which had to be memorized, as did all the many sails the ship carried.

This book, by the way, is a gripping history of the New England whaling industry from early on-shore harvesting of stranded pods, to multi-year journeys yielding thousands of barrels of whale oil, to the declining days precipitated in no small measure by the indiscriminate decimation of the Pacific whale population.

The experience of sailing one of these ships was at once exhilarating and terrifying.  Running before a stiff wind, galloping across the peaks of the ocean waves with the sun on one's face must have been thrilling.  That memory would have faded quickly when the seaman was clinging to a bucking spar thirty or forty feet in the air, during a freezing, howling gale, chopping ice from the lines and sails in order to set them while passing through the Straits of Magellan around Cape Horn.  On the outward leg, they were sailing east to west into the prevailing wind of the "Furious Fifties" -- latitudes below 50 degrees -- where the storms are frequent and seamen with careless footing or hands too frozen to grip the mast were quickly swept away in the frigid water before they even reached the Pacific whaling grounds.

For the past several months, I have been visiting U.S. cities to present Oracle's strategy for Oracle Fusion Middleware to current and prospective customers.  I really enjoy interacting with customers, learning of their business challenges, understanding what solutions they are seeking, and relating Oracle capabilities to these requirements.  The objective of the presentation is to map our Oracle Fusion Middleware strategy and directions directly onto the challenges that our customers experience and urgently need to solve.

While on the plane traveling to and from these meetings, I've had a bit of time to reflect on how history and the human experience tend to repeat.  You have doubtlessly heard the expression: "Those who don't study history tend to repeat it."  However, I believe that our very human nature requires that we solve problems in ways that are intuitively familiar.

Square-rigged ships solved the problems of power versus speed versus variable wind direction by creating an assembly of specialized sails -- each designed to a specific purpose to compliment the whole for optimal effect.  The same principle applies to software today.

Years ago, I worked for a small New England software company that created a truly leading-edge workflow product.  It was messaging based, utilized a graphical workflow creation interface, and had easy integration capabilities.  While somewhat successful, it never really achieved "breakout" status.  I've come to understand that the reason for this was that it was, fundamentally, a stand-alone, niche product.  It was, while unique and attractive, a single-purpose tool.  It functioned well enough and was easy enough to deploy.  However it lacked the sophistication and power that comes from being well integrated within a larger suite of complementary functions.

Today, Oracle offers a BPEL (Business Process Execution Language)-based workflow function well integrated within Oracle Fusion Middleware.  Today, I use many of the same words in my presentation as I did years ago to describe the business solutions for which this workflow is well suited.  Yet, a dramatic difference is the synergistic power that is realized when such a tool leverages other equally powerful and complementary features throughout the suite.  This synergy is one of the primary reasons why the Oracle BPEL Process Manager has been so rapidly adopted by our customers.

This is made possible through Oracle's strong adherence to the principles of Service-Oriented Architecture in our product design.  By doing so, we enable our customers to leverage a vast array of functional capability in ways that is only limited by the imagination.

Years before the workflow product, I worked on Wang's Document Imaging products.  We had originally intended to create specific vertical market "applets" for Medical Records, Insurance Claims, Loan Origination, and the like.  A very smart industry analyst told us, "Spend the effort to make the product as flexible as possible.  Your customers will leverage that flexibility to build solutions that you never dreamed of."

Now, years later, Oracle Fusion Middleware is providing exactly that kind of flexibility because of its rich functionality, slavish adherence to industry standards, and integration with Oracle's business applications and database.

An area of the Oracle Fusion Middleware that is of particular interest to me is Identity Management.  Because of the flexibility of the suite and our compliance with industry standards, customers have been able to select the particular solution they require and then gradually expand to other areas as the initial "pain point" is addressed.  I continue to marvel at the momentum with which our acquired Identity offerings hit the ground.  History has repeated itself again and again, as these highly capable stand-alone products achieve synergistic leverage with the rest of our Identity Management suite.

As a result, I think that we will see some emerging trends in the coming year:

• Enterprise deployers will have integrated "identity silos" through Virtual Directory access methods.  These deployers will have achieved significant benefits from establishing disciplined Single Sign-On and Access Management practices.
  
• These deployers will continue to leverage automated provisioning to achieve more rapid user productivity and more rigorous controls over user access to applications and data.
  
• Enterprise deployers will turn their attention in a more focused way on compliance solutions addressing industry and regulatory requirements.  These solutions will begin to reverse the reactive position that many companies have been in with respect to compliance issues.  This reversal will enable them to use their compliance practices as competitive differentiators of a high-quality organization.
  
• This last point will impact partners of these market-leading firms who will be required to measure up and prove their own best practices to maintain their partnership status.
  
• Finally, because we are in a connected world, these practices will drive a global trend towards rigorous compliance audit reporting across all industries, as well as private, and public sectors.

We all need to overcome obstacles in order to be more productive in our work.  Whether it be sailing into the teeth of a gale, or competing fiercely in a twenty-first century global market segment, we need to use the same principles today as before: assemble a suite of flexible tools that meet the challenge in ways that are unique to strengthen one's own competitive position.

My family has always had a close connection to Cape Cod.  For all the years when our children were growing, we vacationed on "the Cape" as it's known to anyone in the five New England States.  It was nearby, inexpensive, family-friendly, and familiar.  It has great beaches, restaurants, and affordable rental houses close to the water.  Also, we have always admired and felt closeness to the hearty sprit of the year-round residents.

Throughout the years, Cape Codders have always been "hard core" New Englanders.  They were, after all, the descendents of the first pioneers off the Mayflower.  There is not much at all to sustain a local economy on the Cape.  Therefore, the locals have had to rely on their own ingenuity and hard work to secure a steady revenue source to provide for their families.

Three notable examples of such industries were whaling (discussed in an earlier post), manufacturing salt through a complicated evaporation process, and cranberry bogs.  The salt works were used primarily for preserving meat.  Finding cheaper salt sources by mining and the advent of refrigeration made the process obsolete.  Cranberry bogs are still scattered here and there, however large-scale cranberry farming has moved to other states that have vast tracts of available land near the sea.  Most of the Cape's seaside land has sprouted another indigenous phenomenon -- the "trophy house" with million-dollar views and price tags to match.  These are far more appealing to developers than a few bushels of cranberries.

We had a small sailboat that we would trailer down and launch from the town ramp in Sesuit Harbor in East Dennis.  "Harbor" is perhaps a bit misleading, considering the small size of the place.  So, I was surprised to discover recently that previous occupants of that same harbor would have dwarfed my little boat.  Moreover, I have since learned that the place is steeped in sailing history that I never would have imagined could have come from such an unassuming place.

As will happen, innovation was born of necessity.

In late 1848, a discovery on the other side of the U.S. continent would again provide an opportunity that innovative "Capers" would seize upon -- gold.  When the California Gold Rush began, the supply of men looking to find instant wealth lying in western mountain streams far outstripped the supply chain to provide these men with sustaining provisions.  Many arrived by jumping ship from whalers or by horseback, having nothing but the clothes on their backs.

The challenge was to provide flour, meat, shovels, picks, nails and other construction necessities to these thousands of men in a way that was both timely and profitable.  Overland routes were useless.  It would take six months or more to get material from the eastern U.S. to the West using wagon trains.  Even then, many mountain routes were impassable in the winter months.  The only realistic way in this pre-Panama Canal era was to sail around another Cape -- Cape Horn, at the southern tip of South America.  This cape is the southern-most of all the Earth's continents and is wickedly treacherous to sail because of the extreme weather and sea conditions.  This route was far longer, and, in many ways much more dangerous than going overland.  However, a fast ship with an experienced captain and crew could make it in a matter of weeks.

Seizing on this opportunity, the three sons of the accomplished sea-captain Asa Shiverick, David, Paul and Asa Junior decided to make their contribution to Cape Cod's sea-faring tradition by building ships that other captains like their father would sail.  Thus was born the Shiverick Shipyard.  They would build not just any ships.  Rather, they would build "clipper ships," the greyhound cargo vessels of the sea.  These were large, heavy ships with sleek lines and many sails to drive them as fast as possible.  Lots of sails made for complicated and expensive rigging.  In some ways one could think of these builders as early venture capitalists.  They had to find the money to build and outfit the ship.  Find a competent crew.  And most importantly, find a captain to whom they would trust this huge investment.

Eight ships were built and launched from the yards during the years that it operated: Revenue, Hippogriffe, Belle of the West, Kit Carson, Wild Hunter, Web foot, Christopher Hall, and Ellen Sears.  These ships were world-renown as the fastest of their kind.  So much so that the most important "competitors" in the world -- British ship-builders from England -- sent engineers to examine the lines of the ships and to try and discover what made these boats from a humble Cape Cod ship-yard, situated on tiny Quivet Creek in Cape Cod Bay so incredibly fast.  One of the Shiverick Clipper ships fully paid for itself on its maiden voyage; so lucrative was the California trade.

At the dedication of the commemorative stone and plaque that marks the site of the Shiverick shipyard, Captain Thomas Franklin Hall, one of the last surviving clipper ship captains said:

To understand clearly the high standard reached in developing those ships, it should be remembered that they were built during the years when the American Mercantile Marine was in the very zenith of its fame and glory. . . .

When, therefore it is realized that ships from the Shiverick yard were not only equal, but in some technical respects, superior to any in the American fleet, it is more than gratifying to local pride;. . . It was a masterful undertaking. . . to establish such an enterprise in such a quiet spot, on the banks of such a small stream.  Yet it is due entirely to the modesty and reticence of those giant intellects that this village is not renown for the masterpieces it sent out. . .

Those were great years; great events; great men.[1]  

The gold rush was an inflection point for shipping technology.  Prior to 1849, long-range shipping to the Orient was important to be sure.  However, there was not the urgency required of cargoes of silk and spices that equaled that of flour and shovels for the "Forty-Niners," as the gold rush participants came to be known.  Clipper ships were known to be fast, but now they needed to be even faster and built in greater quantities to meet the market demands.  That market need drove shipping technology to the next level in order to meet the need.  Ship builders started to "standardize" on similar building designs, techniques, and rigging in order to maximize efficiency across the entire development and operating process.

The Identity Management (IdM) market is at a similar inflection point. 

I was privileged to host a "Concordia" workshop at the recent Catalyst Conference in San Francisco.  Concordia was initiated by the Liberty Alliance as a neutral forum to discuss deployers' needs for interoperability among various identity management technologies.  Concordia is named for the Roman goddess of marital harmony.  We hope she will be an inspiration for similar harmony in the IdM space.

Participating in the workshop were five deployers: AOL, The Boeing Company, the Canadian Province of British Columbia, General Motors, and the U.S. General Services Administration.  Each of these organizations described their experiences in deploying IdM, difficulties that they had to overcome because of lack of standardized interoperability, and some of their forward thinking plans for additional deployments. 

On the technology panel listening to these deployers' needs were experts from the leading IdM standards space: WS-*, Liberty Alliance/SAML, and OpenID.

I think it is fair to say that these future roll-outs are somewhat impeded by the lack of existing clean interoperation among these technologies as well as a lack of clear direction for how these initiatives with work in harmony with each other in the future.

Permit me to use this venue to sincerely thank all of the participants -- both on the deployer panel as well as the technology representatives.  I was impressed by the collegiality of the discussion.  I was glad to see that all of the panel participants as well as the audience were thoroughly engaged and were genuinely interested in how to solve the issue going forward and willing to commit to work toward that goal.

Those of us who organized the workshop encourage everyone to review the deployer presentations that have been posted, common requirement themes that emerged from the sessions, as well as the key next steps that were captured as desirable outcomes of this effort.

We also encourage everyone interested in this dialogue to join the discussion on the Concordia wiki site.  Suggest approaches to solve the issues along with concrete next steps that Concordia should take.

This is an exciting time for IdM standards development.  The presence of these leading IdM deployers and implementers in one venue to discuss common requirements and expectations is also an inflection point for the IdM marketplace.  Harmonization among standards is essential for implementers and deployers in order to grow the market and achieve the potential that we all seek.