Monday Sep 28, 2009

Thanks, Dave!

I was honored today to have the wise sage of Identity, Dave Kearns, refer to me a “fellow grandfather” and borrow content from my DIDW post (with my permission, of course) in his article about Digital ID World.  It’s always great to share thoughts with Dave.

Thursday Sep 17, 2009

Digital ID World – Final Thoughts

I missed the final sessions of Digital ID World on Wednesday because of commitments in California.  Judging from the Twitter traffic, it sounded like some great stuff was discussed.

As a follow-up to my posts for Day 1 and Day 2, here my top ten final thoughts about the conference (without the benefit of Day 3):

  1. Most Stimulating Information. Jeff Jonas’ discussion about using data analytics to discover space-time-travel characteristics of individuals was both challenging and disturbing.
  2. Newest Identity Concept. Phil Windley’s proposal to enable contextualized, purpose-based user experiences using the web browser as a point of integration triggers lots of new thoughts about extracting value from the Internet.
  3. Most Reinforced Notion. The Identity Management market is maturing.  Companies are seeking to learn best practices for getting the most out of their investments.
  4. Biggest Question in my Mind. How much validity should we place in Symplified’s claim that “Federation is Dead.  Long Live the Federation Fabric?”
  5. Most Enjoyable Networking Moments.  Meeting folks in person I have only met virtually beforehand.  In person wins every time.
  6. Most-asked Question.  Nearly everyone whom I spoke with asked me something about the Oracle acquisition of Sun.  That happened to be the easiest question for me to answer: “Until the deal closes, we are independent companies.  We must wait until then for details.”
  7. Best Trade Show Giveaway. An LED flashlight from Novell.  Incandescent bulb flashlights seem to be quickly joining buggy whips in the dustbins of history (except for special cases).
  8. Biggest Pet Peeve.  No power strips or WIFI were provided for attendees.  This severely limited note taking and real-time blogging.
  9. Most Entertaining Event.  No, not the parties.  It was the Chinese guy who drove my taxi to the airport.  He chattered non-stop for the whole trip about technology, Maryland, California, Utah, Idaho, Micron, Sun Microsystems, Oracle, potato chips, microchips, stock trading, traffic and dishonest taxi drivers.  What a hoot!
  10. Biggest Disappointment. The show seems to get smaller each year – both in the number of attendees and participating vendors.  Will it survive?

That’s my list.  What do you think?

Tuesday Sep 15, 2009

Digital ID World - Day 2

didw09 Today was really the first “official” day of the Digital ID World conference, but for me – Day 2.  So, here are some short highlights of the sessions I attended.

Cops and Robbers, Las Vegas Style – Jeff Jonas, Chief Scientist, IBM Entity Analytic Solutions

  • Las Vegas is his “laboratory” for identity analytics – resorts typically have 100+ systems and 20,000+ sensors
  • Context engines close the gap between the rapidly increasing amount of digital data and the less rapid growth of “sense-making” algorithms
  • Mobile operators are accumulating 600 billion cellphone transaction records annually and are selling this data to third parties who use advanced analytics to identify space/time/travel characteristics of individual people

Context Automation – Phil Windley, CTO, Kyntetx

  • Current focus in web marketing is focused on servers, using the metaphor of “location”
  • Focus on “purpose” from the client’s perspective, using an intelligent, adaptable browser, will bridge between server-based silos to give users a richer, more purposeful experience

The Implications of Privacy on IDM – Larry Ponemon, Founder and Chairman, Ponemon Institute

  • Many cultural differences are evident between nations and areas of the world with regard to privacy, security and identity management expectations.
  • Companies doing business internationally will need to be sensitive to cultural and legal issues in the nations where they do business.
  • People are growing tired of fact-based identity
  • Perceptions of privacy are inextricably linked to identity and authentication

Business Process and Legal Issues in Cross-Org Secure Collaboration – Peter McLaughlin, Foley & Lardner

  • Regulatory language should be treated as a floor, rather than a ceiling
  • Normal industry practices may represent minimum requirements but may not guarantee compliance
  • Make sure your business partners abide by same laws your company is subject to
  • Reputational risk will always stay with your company, but you may seek to share financial risk with partners

Identity Governance Frameworks – Marc Lindsey, Levine, Blazak, Block & Bootby

  • Legal agreements seek to apportion liability - who is responsible for what?
  • Comprehensive frameworks for governing such agreements are emerging
  • Modern federation agreements need to be better than the old EDI agreements

Dealing with International Privacy Laws – Discussion led by Larry Ponemon, Founder and Chairman, Ponemon Institute

  • Complex international privacy laws affecting data transport hamper organizations' ability to do their legitimate work.
  • Will it be easier or harder to deal with international differences in privacy laws in five years?  (majority of audience said no)

Federation is Dead: Long Live the Federation Fabric – Symplified

  • Federation must move to utility model to overcome issues of costs and complexity associated with one-to-one integration.

Building Good Practices into Your Processes – Edward Higgins, Vice President of Security Services, Digital Discovery Corporation

  • Education of employees on good security practices is critical part of getting value from your IDM investment


Digital ID World - Day 1

didw09 On Monday and Tuesday this week, I attended the Digital ID World (DIDW) conference held at the Rio Hotel in Las Vegas.  It has been enjoyable to take the pulse of the industry from yet another vantage point and connect with fellow Identity Management practitioners from diverse locations.  Of course, the first question nearly everyone asked  me had something to do with Oracle, but, of course, I can’t talk about that.  So, here are very brief highlights of each session I attended the first day (Authentication and Virtual Directory “Summit Sessions”):

The State of Authentication and its Impact on IDM – Jim Reno, CTO, Arcot

  • “Risk Based Authentication” is a fourth factor of authentication, augmenting traditional factors (what you have, know, and are)
  • Authentication should consider context when assessing risk

Authentication Case Study – Naomi Shibata, former GM/COO, MLSListings

  • Communications with users is essential prior to authentication system rollout

The Future of Authentication – panel including Jim Reno and Naomi Shibata, moderated by Bill Brenner, Sr. Editor of CSO Magazine

  • Business, legal, regulatory and liability issues are more onerous than technical issues when considering an authentication system
  • Authentication technology advances usually occur in response to advances in threats
  • Enterprises should periodically re-verify appropriateness of installed authentication systems in light of advances in technology and threats
  • Identity assurance is increasing in importance

Identity Service Virtualization and Context Management – Michel Prompt, CEO/Founder, Radiant Logic

  • It is difficult to define Identity without understanding the context in which it is used
  • Understanding relationships between identity objects enables a global model that links identities together to enable contextual views
  • Such Identity linking can occur in a virtualization layer between diverse identity repositories and applications which consume those identities

Case Study: Identity Services and Virtualization – Bill Brenner, CSO Magazine and Mohammad Khattak, Booz Allen Hamilton

  • Dynamic Access Control requires consolidate identity repository with many sources of identity information
  • When aggregating data sources, we need to understand the trust level in each source repository

Impact of Oracle/Sun Acquisition – David Rusting, Unisys and Todd Clayton, CoreBlox

Note: I am restricted from commenting on product roadmaps or anything related to the Oracle acquisition of Sun.  The following comments are views expressed by the panelists.

  • The primary discussion focused on how customers should plan for potential changes in either Sun or Oracle directory roadmaps
  • A virtualization layer between director and applications may provide a layer of abstraction to shield customers from changes in vendor roadmaps and reduce tie to single vendor
  • This may be a time to re-evaluate application needs and determine which direction to go with regards to directory technology

Stay tuned for Day 2!

Thursday Apr 02, 2009

Have a Token: ID Hats and Personae

While pondering the ProtectServe/Relationship Manager proposition, use cases and protocol flows set forth by Eve Maler, in the context of a discussion of open architectures for citizen/government interaction I had earlier in the day, I came up with the bizarre notion that perhaps the best analogy for an Identity persona claimed by an individual is not an ID card, but an ID HAT.

We often talk about wearing different hats in life ... some of mine are listed in my Twitter bio: "Husband, father, grandfather, social networking afficionado and Identity Management professional."  In one short phrase, five hats I commonly and proudly wear are identified.  Of course, I can choose to don other hats or expose other personae in my relationships with people or systems, either in person or in cyberspace.

In the case of online relationships, the trick is to provide the service I choose to relate with - the "consumer" in the ProtectServe model - with precisely the subset of my "user" data, that represents the hat I choose to wear in that relationship (my selected persona).  In the ProtectServe model, I depend on the Authorization Manager (aka CopMonkey) to provide the consumer with a token representing my chosen hat.

Now here's where the hat concept becomes more useful ... in addition to being a useful metaphor for my chosen persona, HAT is also an acronym for "Have a Token," which is  precisely the action I authorize the relationship manager to complete on my behalf.  Through this trusted third party, I have offered a token (Have a Token) to the consumer representing the HAT I choose to wear in our relationship.

Whether or not ID HAT analogy has legs will be for others to decide.  But for me, it was an analogy that helped me understand a somewhat complex concept.

By the way, (many) hats off to Eve and the other brilliant thinkers who came up with the ProtectServe concept!

Technorati Tags: , , , ,

Discovering Identity was founded on in May 2005 as a means of documenting my exploration of the field of Identity and Access Management. In February, 2010, I switched to hosting the blog at In March 2012, I began posting Oracle-related information in both places.

Thanks for stopping by.

Please connect with me in cyberspace at LinkedIn or Twitter.

The views expressed on this blog are my own and do not necessarily reflect the views of my employer, Oracle Corporation, or any other person or organization.


« July 2016