"Identity" is far from an understood concept

As usual, it has taken a while for me to resurface from my latest
conference stint. Not because I overextended myself while in Vegas for
Collaborate. That only warrants a few days. No, the real reason is that
being offline from work for just a few days means loads of catching up
to do. And there is a lot of work going on in the IdM team, especially
related to Fusion, which was all the talk at
Collaborate.

Discussions on Identity at
Collaborate

Not suprisingly for a user group conference, the
overwhelming majority of questions I fielded at Collaborate pertained
to how IdM fits into the Fusion vision for applications. People from
various strata of the applications universe were trying to understand
this at a very basic level. But what complicated the discussions was
the fact that people are still not clear on what we mean when we talk
about "Identity". In fact, I even got someone asking me if identity
management was similar to UDDI! While I certainly wasn't expecting
people at the conference to have a deep understanding of identity
management, that one threw me for a loop.

The
Challenge

Recently, Johannes Ernst asked members of the
Internet Identity Workshop how they would explain to an identity
neophyte and non-technologist "why identity is important". The spirited
discussion led to the rather generic, but all-important, conclusion
that identity provides context that enables you and your consumers to
do business the way you want to. Doing business the way you want
encompasses issues of trust, transparency, convenience, security,
privacy and community. As context changes based on the business domain
you are talking about, so does the definition of
identity.

Our Focus: Enterprise
Identity

The focus of our group has been on that specific
version of digital identity that we refer to as Enterprise Identity.
Enterprise Identity covers those aspects of your digital representation
within the enterprise environment that the enterprise needs to manage
or delegate management of. So in that context, Enterprise Identity
covers personally identifiable information (PII), roles, relationships,
accounts and related access, physical assets and
privileges/entitlements. The diagram below illustrates this basic
definition (click on it for a larger view).

Identity in Fusion
One of the
things that constantly comes up in any discussion of Fusion is a debate
around where identity data ends and application data begins. PII and
some aspects of roles and relationships today reside most commonly
within the domain of HR applications. On the other hand, application
environments like retail applications consider this application data.
Entitlement management has traditionally been within the application
domain. And we know how much of a mess any discussion of roles ends up
being.

In a SOA-based enterprise architecture, this
kind of ambiguity is a recipe for chaos. And as identity has become an
important component of application business logic, businesses are being
forced to empower end-users via self-service and delegated
administration capabilities to make their architectures scalable and
practical. This requires the view of "one identity" for a user in
Fusion, so that users have one place to go in order to manage their
identity in the enterprise. That is the central idea behind the
campaign for "identity as a service" and its inclusion into Fusion
architecture via a middleware service called Fusion Identity
Management. This was what I introduced in my session at Collaborate,
and if you missed it, well, there's always OpenWorld
:)

In the meantime, it would be interesting to hear
from people in the applications community what they feel identity
management in Fusion means to them. So start sending me those comments
and emails.

Comments:

Post a Comment:
  • HTML Syntax: NOT allowed
About

bocadmin_ww

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today