« October 2007 | Main | December 2007 »

November 2007 Archives

November 7, 2007

Getting the discussion going on Identity Services

By Nishant Kaushik on November 7, 2007 3:20 PM

Like I mentioned last week, this is an interesting time for Identity Services. In that post I talked about some of the reasons why this is relevant to what's going on at Oracle. But this is also relevant to the industry at large.
 
There are lots of small projects going on that at some point could coalesce into a unified vision for Identity Services. However, this bottom-up development has to meet a top-down design at some point for this to play out properly. Otherwise all these projects could end up fulfilling their goals without making our overall identity experience better.

The timing of starting a concentrated effort at defining this top-down design is an ongoing debate happening in various spheres I am involved in, both inside and outside Oracle. Getting going on large scale architecture efforts are always hard, especially when it's impact will be felt way down the line. But we have seen that happen in the area of SOA, so I am hopeful we will figure out a way to make it happen. Some of us have been trying to work out the right forum under which to set up a working group on the topic. But the important thing to do is to get a discussion going on the topic among stakeholders, something I have been trying to do through this blog.

Tomorrow, I will be participating in a panel on "Identity: The Ultimate Solution to SOA Security" at the InfoWorld SOA Executive Forum being held at the Millennium Broadway Hotel in New York. If you happen to be attending the conference, please plan on attending the discussion, which I hope we will be able to make interesting. And I will be more than happy if you come up to chat about this (or anything else) after the panel is over.

Tags:

| Comments (1) AddThis Social Bookmark Button

November 9, 2007

The Disconnect between SOA and Identity Services

By Nishant Kaushik on November 9, 2007 7:41 PM

Here is what I learnt at the InfoWorld SOA Executive Forum, where (as I mentioned in my previous post) I was participating in a panel on "Identity: The Ultimate Solution to SOA Security". The SOA community is not very clear about what we mean when we talk about Identity, let alone Identity Services.

The panel discussion was pretty good, with all of us on the panel doing a pretty decent job explaining the issues that are being faced in making identity a consistent part of the SOA experience. However, about halfway through the panel, we got some questions from the audience that seemed to indicate that perhaps we were thinking two steps ahead of where the audience was. People struggle to understand the impact identity can have on the way they are thinking about SOA, and their mental map of identity services seems to only go as far as authentication and (to some extent) authorization.

It was encouraging to visibly see the light go on for some people as we talked through the concept of SOA Identity. A number of people came up to the panelists after we finished to discuss their ideas and thoughts. A few even talked to me about trying to figure out a way to link their SOA efforts to their ongoing IdM deployments (that are happening in independent projects).

One of the things that seemed to work for me personally was linking the discussion of identity in SOA to the real challenges we are facing at Oracle in defining Identity Services for Fusion Architecture. The use of concrete examples seemed to illustrate the use cases that they cared about. And it generated a lot of interest.

It will be interesting to see if we can carry this discussion forward. On Monday, I will be presenting at OpenWorld on the topic of Identity Services in Fusion architecture. If you are going to be at OpenWorld, I encourage you to come and attend. The more discussion we have about this topic, the better.

So come by and join in the fun:

Session: S291824
Title: Rationalize, Centralize, Externalize: Detailing Identity Management in Oracle Fusion Architecture   
Time: Monday, 11/12/2007, 4:45 PM - 5:45 PM   
Location: Moscone West  3006 - L3

Tags:

| Comments (0) AddThis Social Bookmark Button

November 15, 2007

OpenWorld 2007: Virtualization, Fusion and Social Applications

By Nishant Kaushik on November 15, 2007 4:35 AM

I'm writing this on a flight from San Francisco to Los Angeles, because an unfortunate scheduling conflict means that this year, Oracle OpenWorld and the Gartner Identity & Access Management Summit overlap for two days in the middle of the week. So I am going to miss the first day at Gartner because I just had to stick around at OpenWorld to hear Larry's keynote.

As usual, OpenWorld was chaotic, massive and entirely overwhelming. Between the claustrophobia induced by the crowds crossing Howard Street or cramming into keynotes, the rush of standing in front of folks to talk about identity management in fusion architecture, the late, late evenings with customers and co-workers, and almost being trampled by a couple of OpenWorld revelers dancing a wild jig at Lefty O'Douls, it's been a crazy couple of days. Oh, and the conference has been interesting too.

OpenWorld always has the production values of a rock concert, and one of the interesting things that the organizing team did this year was incorporate a form of user-generated content into the opening for the Keynotes. Before the keynotes would start, a poll or questions would be posted on the giant screens in the keynote hall, and the audience members would be encouraged to send in their responses by text message, with the results being shown on the screen in real-time. While the poll questions elicited some good feedback from the audience, it was interesting to see some of the responses people sent in to questions like "The next killer app would be...", "What features would you most like to see in Oracle products?" and "What was the first Oracle product you encountered?". Messages ranged from the humorous to the thought-provoking, with a couple of digs at Larry.

Audience Polls before Keynotes
THE KEYNOTES
All the keynote speakers used their platform to really showcase their products and make some major announcements. The big announcement from Oracle was first made during Charles Phillips keynote on Monday, and then repeated throughout the week - the introduction of Oracle VM, Oracle's server virtualization software technology (check it out). During his keynote, Charles also talked about Oracle's growth by acquisition benefiting customers by moving the inter-application integration challenge off the customer's shoulders and onto Oracle's plate, delivered through Oracle Application Integration Architecture.

Thomas Kurian used his keynote to explain how Fusion Middleware was going to change how business is delivered by applications on the back of 5 middleware "pillars" - SOA, Enterprise Performance Management (EPM), Enterprise 2.0 technologies (which includes collaboration and communication tools, content management and rich user experience), Security and Identity Management, and Grid Computing.

Larry Ellison used his CEO Keynote to update everyone on Unbreakable Linux (which he launched at last year's OpenWorld), expand on the launch of Oracle VM, and talk about the first Fusion Application that will be rolling off the production line - Sales Force Automation (SFA). A demo provided a first look at the 3 slick applications that make up SFA: Sales
Prospector, Sales References, and Sales Tools. Interestingly enough (for IdM), SFA incorporates social concepts into its functionality.

Oracle partners that gave keynote addresses this year were AMD, HP, Intel, Dell and Sun. Among the more interesting, Sun announced the launch of their open-source project in Server Virtualization, OpenxVM. AMD, Intel, HP and Dell all announced products focused on enabling greener Data Centers, where power utilization and efficiency are greatly improved.

Charles Phillips giving his Keynote
You can check out webcasts of all the keynotes here.

THE SESSIONS
As so often happens at these events, customer meetings eclipse my ability to attend sessions with any regularity. OpenWorld presents a good opportunity to listen to people from other parts of the company (that I would be hard pressed to find time with) introduce their products and talk about their plans for the same. The rate at which Oracle acquires companies and technologies sometimes means that this is the only way to figure out technologies we have in-house that can help in our development activities. So it was good to be able to go to sessions and learn about Coherence, Hyperion and a few other technologies.

The audience was definitely geared towards the database and applications side of the house. In terms of the topics that I touch on in this blog, interest was high in understanding the value that Oracle's IAM suite brings to current deployments of Oracle Applications like E-Business Suite, and in understanding where Fusion Applications was going. While the attendance at IdM sessions was not as high, the quality of people in attendance was extremely high, with discussions exploring topics in quite a bit of depth.

IDENTITY SERVICES AT OPENWORLD
My session on "Identity Management in Fusion Architecture" was extremely well received and drew some quality feedback. The folks who showed up were really interested in seeing how the concept of identity will be woven into the fabric of Fusion Applications moving forward. And a number of them gave me some really good real-world information on challenges that they are facing today. A lot of them came to the session not exactly sure what identity even meant in the fusion concept, and left (hopefully) a little clearer on the topic.

I had hoped for a lot more people to come so that I could get some more input, but I'll be more than happy if folks participate in a discussion via this blog as well. Check out the presentation I gave in my session by downloading it from here.

MESSAGES
Virtualization is hot, and information is more important than ever. Getting applications to work with each other in a seamless manner is the key to business innovation. And the next hot thing in applications is the incorporation of social concepts into their functionality, combining Business Intelligence with Human Intelligence in a way that will make it easier to solve the real challenges enterprise users face every day.

THOUGHTS
As I mentioned above, I had a number of interesting side discussions with customers and prospects at OpenWorld this year. I was really encouraged to finally connect with a customer that had some deep and well thought through needs for deploying enterprise identity services. Most of the customers I know who are thinking of identity services are thinking about it as an enterprise architecture project (because they know it is the right thing to do) without any concrete consumers lined up. This particular customer actually has projects planned that could really use identity services. It led to a very interesting conversation that I found quite stimulating. I will definitely be covering some of my thoughts that came out of this meeting in the coming weeks.

Also, I found a number of people interested in understanding fusion architecture as a way of figuring out how they should go about standardizing their application development efforts. The big thing I saw was that there are a few enterprises out there that want to put an identity services layer in place, and are debating whether to build it themselves or wait till someone in the identity community comes out with something. While I am pretty sure that frameworks like Higgins can help some of these folks, there were a number that talked about Higgins being too low level in the abstraction it offers.

The fact that concepts emerging from the social networking arena are actually being built into the way the next generation of applications will work presents an interesting challenge for identity management. Not only are identity services going to have to scale to a level that supports these kind of interactions in applications, they will also need to have the right controls in place to protect privacy while not preventing the kind of collaboration that social concepts will foster.

Well, looks like we are about ready to land. I will probably post this sometime tonight, with my next post probably focusing on the Gartner summit. But add some comments if you have some thoughts on OpenWorld, Fusion, IdM and the crazy world of Oracle. Oh, and if you were at my session and were one of the people taking photographs of me while I spoke, drop me an email with some of those pictures, will ya? I'd love to see what was drawing so many flashes :-)

Tags:

| Comments (1) AddThis Social Bookmark Button

November 21, 2007

Gartner sums up the CIO debate on identity

By Nishant Kaushik on November 21, 2007 7:13 PM

It feels good to come to any conference and hear people talk about concepts and trends that validate the direction we are taking. And the Gartner IAM Summit certainly did that. Steps that we are making in the areas of role management, identity services and the move towards tighter integration of identity into the fabric of applications seemed to resonate with the analysts and customers that were presenting. And the overall tone of the conference seemed to indicate that good times lie ahead.

I missed the first day of the conference because of the overlap with OpenWorld, but I did manage to catch sessions the next day and a half. From what I saw, the sessions at this year's conference were designed to cover the entire gamut of everything that exists today in the IAM space. That meant talks that ranged from authentication to role management to user-centric identity.

Here are some thoughts from my experience at the conference:

  • In light of the broad coverage that Gartner was trying to achieve, it was interesting that User Provisioning was not covered in any
    sessions (unless it was discussed on day 1, but the agenda didn't seem to indicate that). Could it be that UP is ubiquitous enough that it is well
    understood, or is it simply too boring a topic?
  • Gartner seems to have upgraded Role Management from an interesting but difficult solution to something that is "doable".
  • The new darling of the analysts seems to be the line of products that play in the Identity Auditing space.
  • I was pleasantly surprised by the amount of coverage that Identity Services received at the conference. Earl Perkins did some good sessions on the topic, providing a good explanation of the concepts to the audience.
  • Externalized Authorization also received a fair amount of coverage, but it is still being presented as an edge technology due to the revamp it forces on application architectures.
The wrap-up panel discussion seemed to sum up the main discussion topics of the conference, as it focused on three angles to approaching IAM that CIO's are now faced
with - Compliance, IT Efficiency and Enterprise Architecture. Unfortunately, Identity Services was the loser in the shootout as it was viewed as being too long-term of a solution to invest in. However, if we don't start investing in it now, it will never arrive. We have to move beyond simply reinforcing the fortress model we currently have to reinventing how we think about identity.

Lets hope that we are able to achieve something in identity services over the next year to warrant discussion at the next Gartner IAM summit.

Tags:

| Comments (0) AddThis Social Bookmark Button

November 28, 2007

We need a strong Internet Identity Framework, NOW!

By Nishant Kaushik on November 28, 2007 4:43 PM

This is a little bit of a rant, but read this article in the New York Times and you may understand why. It is difficult to get past the feelings of disbelief, outrage and anger that the tragic story of Megan Meier will stir inside you. But if you somehow manage to move past it and think about the implications, it becomes clear that there are some pretty important things that we (the identity community) need to work out, and fast.

Most of today's social web applications (like MySpace and Facebook) are persona-based, not identity-based. What I mean is that these applications don't really care about who you are, they only care about letting you be what you want to be within their context. So, it is not surprising that a 47 year old woman was able to pose so devastatingly as a 16 year old boy, because in essence that is what MySpace was built to be - a way to express a persona of your choosing.

Why don't these applications, that know the kind of impact they can have (we all understand the threat predators pose online) on a persons life, care about who you really are? Because, bluntly put, they can't. It is not possible for them to do that in a scalable, cost-effective manner. The lack of a solid identity framework for the internet prevents these applications from being truly identity-based. We have seen a push towards heavy-handed identity verification mechanisms (see my earlier post about identity verification in Second Life), but those solutions are so costly (time, infrastructure, cost) as to be impractical for most web applications. This kind of model will effectively curtail the free-wheeling collaborative spirit prevalent in the current generation of internet apps, and throttle innovation. If you had to stand in a line somewhere for 4 hours, and had to show your passport to someone, just so you could sign up for a Twitter account, would you?

A one-size-fits-all approach is not the answer. The correct solutions in life only come from taking a balanced approach to the problem. Nothing is more annoying to me when adding a Facebook app than being
required to check the box agreeing to share my information with the
app, even though I know that it doesn't need any of it, and most likely isn't using it at all. Consequently, I avoid adding those apps unless I really want to.

This is where pieces like Bob Blakely's Identity Oracle, the Identity Services model, Burton's Limited Liability Persona, the IGF and user-centric methodologies have to all fit together. We do need strong identity verification mechanisms, but we shouldn't need to go through that for every single site we want to use. Indirection is the solution to many a problem, and the right identity framework for the internet is the necessary thing to have this identity verification feed into a platform level identity that multiple applications can build on.

This is also needed as a necessary step to support pseudonymity online. The goal of an identity framework is not to prevent people from creating online personae that are
divorced from reality. It is to give applications the ability to create
suitable boundaries within which such a persona can be created. Using this,
an application like MySpace, where the identity consequences can be so
devastating, can choose to, for example, prevent people whose identity
is in the 30+ age group from creating a persona that is in the 10-20
age group.

Like so many things in modern life, we have gotten immune to all the horror stories of online predators. Until a story like this comes along to remind us that these are important things that we are working on, and we need to get it right.

Tags:

| Comments (1) AddThis Social Bookmark Button

About

Nishant Kaushik

An exploration of the world of Identity Management with me, Nishant Kaushik, architect for IdM products at Oracle. More...

Downloads | Speaking | Contact Me

About November 2007

This page contains all entries posted to Talking Identity in November 2007. They are listed from oldest to newest.

October 2007 is the previous archive.

December 2007 is the next archive.

Many more can be found on the main index page or by looking through the archives.

Archives

Google Search


Only search this blog

Syndication

Subscribe to this blog's RSS feed
subscribe by email Subscribe to this blog by Email

Socialize

View Nishant Kaushik's profile on LinkedIn
Add to Technorati Favorites
twitter_icon.jpg
Powered by
Movable Type Enterprise and Oracle