Digital ID World recap: Identity Services is Next
By Nishant Kaushik on Oct 01, 2007
It took me a while to recover from last weeks Digital ID World conference. And it wasn't just because of the mad scramble I went through at the last minute to update all my slides for my talk. That was just the side effect of spending too much time in some really interesting sessions and fascinating conversations at this year's conference.
I mentioned in my last post that the theme to emerge from the first three keynotes was that the nature of identity is about to change. The rest of the conference was a continued emphasis on this idea, and on the topic of identity as a service. And the sessions drawing big crowds were the ones that talked more about emerging identity technologies and architectures.
What of OpenID?
The session 'Understanding OpenID and the Early Implementations' by David Recordon (SixApart) and Eve Maler (Sun) drew a pretty big crowd. Interest in understanding the value of OpenID was high (something the OpenID crowd has not been able to articulate clearly beyond the simple positioning as "SSO for the Web", leading to some interesting discussions by Bob Blakely, Stefan Brands and David Recordon). Folks were especially interested to hear what Eve had to say, in light of the effort Sun made to issue all employees an OpenID. To be honest, it was a little disappointing. If I remember correctly, she said that uptake has been low. This could partly be because Sun did not create any value for the Sun issued OpenIDs by incorporating it into the work life of a Sun employee. None of Sun's community sites (like those for open source projects) accept these OpenID's for authentication, and it cannot be used at Sun partners or service providers either. In fact, it seems like it is mostly a curiosity, evident when she pointed out that the highest usage of these OpenIDs seems to be at a British gambling website. Oh well, it is still early, and hopefully some of the debate in the community will get us further along.
Microsoft makes a Services play
The talk 'SOA and Identity with BizTalk Services' turned out to be a disappointing follow-up to Kim Cameron's keynote. What I took away from the session was that Microsoft is taking the features they have in BizTalk Server, and rolling out hosted services on top of that. Maybe I am wrong and there is more to it. But with the demoware breaking a couple of times, poor Justin Smith had to resort to a couple of "I think you get the picture" statements to make whatever point he was trying to make.
British Columbia presents the Next Identity Architecture
Ian Bailey, Director of Application Architecture for the Province of British Columbia, gave a very interesting presentation on their undertaking to design an identity management architecture that will deliver what they call "Citizen-Centric Identity Services". The solution he presented in his talk 'A Claims Based Architecture for British Columbia', was quite interesting to hear. The content of the session has evolved from the presentation he gave previously at another conference, and included much more detail with regards to the identity services needed to make it practical. Their architecture document can be found here and makes for very interesting reading. His session was quite inspiring to me actually, as it gave me an answer (not necessarily the answer) for one of the areas of my presentation that I was having the most trouble with.
That part was the discussion of the API layer needed in any identity services framework. As I pointed out in my talk on 'Externalizing Identity' (you can download the presentation here), the primary purpose of creating identity services is to make it available to application developers so that they can make identity a part of their business logic without having to build the necessary infrastructure. And the API they must code against must be simple enough to use easily, and abstract enough that it has no dependency on the underlying service providing product. Developers cannot code to XML-based standards, and so the idea of a claims-based API seems brilliant in its simplicity. Not sure if it is do-able just yet, but it is worth looking into.
Those familiar with my previous talks and blog posts about identity as a service will note that my architecture for the identity services layer has evolved over time, and has changed quite a bit even from my talk at the Jericho Forum not even a month ago. One of the key changes was the transformation of the "Identity Provider" service into an "Identity Oracle" service. It took a while, but I was finally able to articulate in detail the necessary features of this service that justify renaming it to the term that Bob Blakely (of Burton) introduced at last years Catalyst (or was it 2 years ago?). The feedback I got on the idea of a productized Identity Oracle, and the session in general, was quite interesting and encouraging. So send me your thoughts as well.
For those that are interested, I know that the DIDW folks recorded the audio of the session. I'll try and make that available here if allowed. If you went to DIDW, you can access it from the post-conference website.