Where does User-Centric Identity fit into the Enterprise?
By Nishant Kaushik on Jun 13, 2006
One area that I have been paying a lot of attention to recently is the scaldingly hot area of user-centric identity. No other area in identity management is generating as much interest in the community. While this is extremely gratifying (because the ultimate goal is to make our lives better and more secure, and who doesn't want that?), I have been concerned about the lack of clarity regarding the impact that this emerging discipline will have on my particular problem domain - enterprise identity management.
In my experience trying to talk about this, I have mainly drawn a lot of academic responses, that I have had a lot of trouble translating into applied solutions in the reality I deal with daily at my job. Recently, however, a lot of good discussion has started to happen, which makes me feel that the time is right to initiate a dialogue on the subject.
Let me say at the very outset that it is my belief that user-centric identity will play an important part not just in enterprise identity management, but in the evolution of enterprise architecture itself. However, getting there will require a fundamental change to how enterprises not only manage identities, but also how they deploy and manage applications, security and infrastructure. It is this belief that I hope to validate by initiating this dialogue.
The Missing Link?
User-centric identity has primarily (and rightfully) evolved addressing the problems of identity in B2C scenarios. However, the unprecedented speed with which it has evolved means that some things may have been missed out. One aspect that is missing is the B2E (Business-to-Employee) equation. Assuming that B2E is simply an extension of the B2C problem is a simplification that can take the discussion in the wrong direction.
In a recent post titled "Enterprise and Individual Identity", Kim Cameron wrote:
...the future of the corporation will unfold largely in the virtual world. What will then be more important to a corporation that its relationships with its "consumers"? The lack of a reliable grid for dealing with the individual in the digital world is, in the big picture, the most urgent corporate identity issue of our time. That's one of the reasons I was led into the problem area.Kim's post brings out some of the main challenges we face in trying to apply user-centric concepts to enterprise identity management. Those of us who have lived and breathed enterprise identity management for the last few years know that enterprise identity is a completely different beast from personal (or internet) identity. And while Kim's statement is true that the future of corporations will unfold in an increasingly connected virtual world, it is also true that most corporations are a world unto themselves within that virtual world. Within the enterprise, the different nature of enterprise identity challenges some of the solutions of scale that user-centric identity brings to the table.
The most important thing about the identity metasystem the way it creates a unified infrastructure reaching between the corporation (or organization) and the individual (aka consumer).
What are we going to have? One set of precepts that faces towards the inside of the corporation, and another completely different set that faces the outside? That doesn't compute, and my work on this blog applies to both sides of this boundary.
The whole evolution of business is towards a more open mesh of interconnecting organizations in which individual relationships are key. So empowering the individual within the organization will increasingly become the most important aspect of empowering the corporation. The dichotomy you propose is a false one...
The many layers of context that enterprise applications add to the identity of a user fundamentally changes to rules of the game. The precepts for the world inside the enterprise boundary will be different from that used for the world outside in that they will be extensions of the latter that cover far more advanced and far more complex situations.
This is the fundamental problem that I hope to work out over the coming weeks and months. Hopefully the conversations I have this week at Catalyst will help crystalize the solution. My feeling is that when we have the answer, we will have helped define "Enterprise Identity 2.0", which following the arguments outlined above, will be a highly developed extension of "Identity 2.0". I will be posting a lot more about this topic, and hope to hear back from all of you on this topic.
Kim is right when he says:
Reliable identity-based collaboration between individual users which also integrates with organizational identity will empower them both the users and the organizations. Making progress on this front is the most important single thing we can do right now to help the corporations we work for benefit from technology. That is the big picture.