Wednesday Oct 01, 2008

OpenSSO Enterprise

Yesterday, September 30, 2008, Sun Microsystems officially unveiled OpenSSO Enterprise, Sun's "Next-Generation Access Management, Federation and Secure Web Services Solution."

Over three years ago, way back on July 13, 2005, just two months after I wrote my first post on this blog, Sun announced at the Burton Group Catalyst Conference "plans to open source its web site authentication and web single sign-on (SSO) technologies through the Open Source Web Single Sign-On (OpenSSO) project."  I gave the announcement only one sentence of coverage: "Open SSO will provide source code for basic identity services including Authentication, Single-domain SSO, and Web and J2EE agents."

Yesterday's announcement was, in a way, a celebration of that early foray into the world of open source.  What began as a virtual toe-dip led to complete immersion in open source waters.  OpenSSO Enterprise is a result of putting Sun putting its entire access and federation management code base into the open source domain, providing a transparent and progressive forum for collaborative development.  The innovations apparent in this newly released product owe much to the many external contributors to the OpenSSO project.

It is exciting to see the fruits of Sun's open source strategy unfold.

Technorati Tags: , , , ,

Thursday Sep 18, 2008

BearingPoint and the Marines

Washington Technology reported this week "BearingPoint to assist Marines with identity management". I confirmed today that BearingPoint is using the Sun Identity Management suite as the basis for this significant project. Congratulations to our friends from BearingPoint on this significant win!

Technorati Tags: , , , ,

Wednesday Sep 17, 2008

Happy Thoughts about You

Much has been said about user-centric, or user-controlled Identity allowing individuals to choose which subset of personal Identity attributes use in facilitating online interactions. Maybe this could be called "self personalization" because an individual is in control and actively choosing specific steps to follow.

But at the recent Digital Identity World conference, I had a minor epiphany. As a speaker addressed the subject of role management, it struck me that much of enterprise Identity management is also about personalization - granting people the specific rights and credentials to enable them to do their work. These assignments could be made automatically or with human intervention. This could well be termed "assigned personalization."

I supposed that efforts like Amazon's to deliver purchase recommendations based on past activities would be a form of "calculated personalization."

In all three cases, the objective is similar - how can the online application experience be more closely aligned with who a person is and what the are doing at a particular time?

Personally (pun intended), I think this personalization stuff is fascinating.  Those are happy thoughts.

Technorati Tags: , ,

Saturday Sep 13, 2008

Managing My Identity on

I recently received an alpha test invitation from to try out their new service: "The dashboard for your digital life," which offers "The simple way to manage your online life, on a domain of your very own." 

So, I established my own domain, "," populated my profile with links to the social networking sites I frequent (Facebook, Twitter, etc.), my blogs and websites, and the instant messaging services I use.  This site allows me to provide some measure of integration among the different facets of my Internet presence, and gives me quite a bit of flexibility in exposing which details of my Identity I believe to be appropriate.

By coincidence, I met Tony Haile, the Chief Strategy Officer, at Digital ID World earlier this week.  He has interesting perspectives to share in the DIDW session, "How Social Web will change Identity Management."  It appears that Tony and the DIDW crew are making an important contribution to this change by offering steps forward in Identity integration and personal control.

Please take a look at my profile and let me know what you think.  I'll keep you updated as this experiment proceeds.

Technorati Tags: , , , , ,

Tuesday Sep 02, 2008

Identity Paramount for Mobility

As the mobile Internet arrives, Identity becomes paramount, points out Andrew Jaquity, Security Program Manager, Yankee Group, in a compelling article in last Friday's RCR Wireless News. A few of his statements impressed me:

"As the mobile Internet becomes a reality, it will pull identity issues along with it. Users will take their identities (user names and passwords, personal attributes, location) with them on their phones. Vendors can significantly ease user pain by working together."

"Mobile operators should add identity management features to give users more control. "

"Security-software vendors should ally themselves with trusted parties, rather than compete with them."

Technorati Tags: , , ,

Saturday Aug 30, 2008

Radhakrishnan and Chandramouli - Identity and Policy

I am pleased to announce the publication of Identity & Policy: A Common Platform for a Pervasive Policy Paradigm, by Sun colleague Rakesh Radhakrishnan and Dr. Ramaswamy Chandramouli, published by Futuretext.

"The objective of this book is to explore the strategic significance, market requirements and all the potential possibilities of leveraging Standards based Identity and Policy Systems for an Enterprise IT environment (& Enterprise Architecture) and Telecom environment to provide a pragmatic view for the future in network convergence based on NGN and converged services based on Service Oriented Architecture."

Congratulations Rakesh and Ramaswamy on extending our education in these critical Identity Management concepts.

Technorati Tags: , , ,

Tuesday Aug 26, 2008

Validation - Overcoming Identity Fraud

In his recent Network World article, Dave Kearns challenged the Identity Management industry to give special focus to validation in the process of issuing authentication credentials or creating user accounts:
" ... validation - ensuring that the account that gets created accurately reflects the true identity of the entity that it's created for. This step can overcome much of the identity fraud (what the popular press calls “identity theft”) that is prevalent today."
Much of the ongoing controversy swirling around OpenID gets down to this basic issue. If OpenID credentials (or any credentials for that matter) can be issued to a person without verifying their true identity, the potential specter of fraud looms large.

However, as Dave also points out, users are slow to accept any methods that require extra effort:
" ... users, as most of us know, are more reluctant to change than a baseball player on a hitting streak. Getting the changes implemented is going to be a slow slog ... "
Short of government mandated and enforced identification processes that include fingerprinting and retina scans, I'm not sure how bullet-proof validation will occur, but perhaps we will develop methods with acceptable levels of risk that improve over what we have now. A Google search on "identity validation" yields a wide variety of disparate efforts in this area. The Wikipedia article on "Identity Score" highlights methods for "tagging and verifying the legitimacy of an individual’s public identity." Many smart people are addressing the subject, but there is much more work to be done.

Technorati Tags: , , , ,

Monday Aug 25, 2008

Eve Maler live at Gnomedex

Please join me in watching the XMLGrrl herself, Eve Maler, speak at last week's Gnomedex 8.0 conference, as presented on Chris Pirillo Live. Eve articulately addressed the topic "The Care and Feeding of Online Relationships," covering timely issues related to humans' online relationships with networked applications.
Technorati Tags: , , , ,

Thursday Aug 21, 2008

Sun Identity Manager Developer Wiki

dsc_9622_editedMy hat is off to Sun Identity Management expert Jeff Bounds, who set up Sun Identity Manager Developer Wiki on
"This is a repository for Identity Manager customers, partners, and Sun Employees to contribute ideas, code, and tips on how to best use Identity Manager. Anyone can contribute, our only requirement is that you register."
I look forward to monitoring and contributing to this open forum, which I believe will become a vital part of the Sun Identity Management community.

Technorati Tags: , , , , ,

Friday Aug 08, 2008

Rich Green: Identity Everywhere

In a speech given yesterday by Rich Green, Sun's Executive Vice President, Software, at the Sun Americas Sales Meeting, he remarked, "Planet Earth needs Identity everywhere. It's not just a good idea. It's the law."

Well said, Rich. Couldn't agree more.

Technorati Tags: , , ,

Tuesday Aug 05, 2008

It's the Relationship that Matters

Last night I had a stimulating conversation with a colleague, Shawn Malaney, about the importance of relationships (or the lack thereof) between telephone companies and their customers. An AT&T customer for over 25 years, Shawn currently has three separate accounts with AT&T. Even though he enjoys their service and faithfully pays three bills each month, he knows that AT&T has no idea that the three bills represent a relationship with just one Shawn Malaney.

This highlights a major problem and huge opportunity for telecommunications carriers and their subscribers. I recounted to Shawn the presentation about relationships that Bob Blakley gave at the Catalyst Conference in June. In response to a question I posed, Bob responded, "Companies that succeed online will have close billing relationship with customers. Telcos are there now. Startups are seeking to build such relationships" (paraphrased).

It is true that telcos could have the upper hand in online relationships because they do have such long-term, trusted relationships. However, such relationships could be so much better than they are.

Suppose that AT&T really took advantage (in the good sense of the word) of the fact that Shawn had multiple accounts and a 25 year history of faithful payments. AT&T could offer Shawn premium, preferred services that spanned his multiple accounts, confident that this would provide additional benefit to both Shawn and themselves. This would give Shawn financial reward and access to better services, plus the incentive to stick around for several more years. AT&T would benefit from additional customer loyalty, plus additional revenue from a satisfied subscriber.

So, it is clear to me in this case that Shawn's Identity, while vitally important, is less important that the Relationship he has with AT&T. Leveraging Identity information more effectively to strengthen the Relationship benefits both customer and service provider.

Technorati Tags: , , , , ,

Saturday Nov 03, 2007

Answers, Not Questions!

This reminds me of when I was a junior engineer with Eyring Research in Provo, Utah.  I used to pepper my boss, Dennis Fairclough, with all sorts of questions.  One day when he was particularly exasperated with my frequent questions, he said, "Mark, I hired you to give me answers, not questions!"

Dilbert Comic Strip Archive - - The Official Dilbert Website by Scott Adams - Dilbert, Dogbert and Coworkers!

The saving grace?  Dennis didn't have pointy hair, and he said it with a smile on his face!  I'll always be grateful for Dennis grounding me as an engineer.

Tags: ,


Discovering Identity was founded on in May 2005 as a means of documenting my exploration of the field of Identity and Access Management. In February, 2010, I switched to hosting the blog at In March 2012, I began posting Oracle-related information in both places.

Thanks for stopping by.

Please connect with me in cyberspace at LinkedIn or Twitter.

The views expressed on this blog are my own and do not necessarily reflect the views of my employer, Oracle Corporation, or any other person or organization.


« June 2016