The primary site for this blog is now located at DiscoveringIdentity.com. While I will continue to shadow-post to the blogs.sun.com site, all new structural changes and innovation will be provided only at the DiscoveringIdentity.com site.
If you care to follow my postings on the new site, please bookmark the new RSS feed.
On a recent trip out of town, while waiting in the Phoenix airport to board my flight, I suddenly become aware that I had really used a lot of apps on my iPhone that morning. So I counted the ones I had used – all 15 of them – before 10am.
Mail
Phone
iPod
Safari
Messages
Calendar
Toodledo
Evernote
Tweetie
Facebook
Brightkite
Livestrong
AP Mobile
Weather Channel
Tripit
I went on to use some more apps later in the day, but this all goes to prove that the iPhone has become an indispensible part of my life – helping me be more productive, connected and responsive to the people in my life.
What apps are a critical part of your everyday life?
When he learned I would be re-joining Oracle after my time at Sun Microsystems, my son suggested that I take a drive down Oracle Street in Mesa, Arizona, to celebrate. It is a small street with a big name, located about a mile from my house. Here is evidence that I took the trip.
To support recent discussions about Identity Management and Cloud computing, I divided the types of Identity Services that might be needed to support Application services into three major categories as shown in the following diagram and explained in a bit more detail below:
The specific services provided in each category could include:
Identity Administration Services
Create, update, delete identities
Password/credential management
Entitlement definition/management
Provision/de-provision access privileges
Role engineering/management
Policy definition/management
Identity Enforcement Services
Authentication
Authorization
Access control
Federation
Web services security
Identity Audit Services
Reporting
Evaluation
Attestation
Validation
Remediation
Did I miss any services that you think should be present? Any input on the categories or types of services? Any input or criticism would be most welcome.
The following chart may be helpful as we consider the different types of users that should be addressed by Identity and Access Management (IAM) technology and processes in cloud computing.
At the Platform as a Service (PaaS) and Infrastructure as a Service (IaaS) layers, the only users are administrators of the platform or infrastructure services, respectively. However, these administrative users may be either on the provider side or on the recipient or enterprise side. End users, whether within the enterprise (employees or contractors) or external to the enterprise (customers and partners), only exist at the application layer or Software as as Service (SaaS) layer.
This illustrates how cloud computing introduces increased complexity into IAM. Not only do the different layers (PaaS, IaaS and SaaS) have unique requirements, but multiple organizations (e.g. provider and enterprise) need to be considered.
For example, the nature of PaaS services will require provider administrators to have root access to the operating system, while enterprise administrators at the SaaS level may only need access to application configuration functions and external SaaS users only need to access to selected application functions.
Hopefully, this provides food for thought as we explore IAM in cloud computing. I’d be grateful to hear your comments.
noun, “a bent or curved piece of tough wood used by the Australian Aborigines as a throwing club, one form of which can be thrown so as to return to the thrower.”
verb, “to come back or return, as a boomerang”
I first joined Oracle in 1997, as a pre-sales consultant on the Oracle Telecommunications sales team, and then spent an intense three years literally travelling around the world in support of Oracle sales activities to many telecommunications companies. I learned much, worked with outstanding people, had great experiences, and then was lured away to a Silicon Valley startup just before the .com bubble burst. A series of interesting experiences with small companies led me to Sun. It turns out that the executive who initially hired me at Oracle was the same one who referred me into Sun.
So now, after nearly a decade, I will be leaping back into the Oracle fold with my Sun colleagues, eager with anticipation, looking forward to many more exciting years.
As Sun transitions into Oracle, the bright expectations of new opportunities have been accompanied with the gut-wrenching impact of learning which friends were not invited to make the leap. Thursday and Friday were difficult for me, as I heard from outstanding people I have learned to admire and trust that they were opening new doors in their lives.
As a tribute to them and all other friends I have come to know and respect during my sojourn at Sun, I offer a few lines I penned several years ago ...
A Tapestry Of Miracles
Like brilliant golden strands Woven delicately yet boldly Among more dreary threads To create a magnificent tapestry, Our lives converge In brief but sparkling brightness, And then intertwine into Radiant relationships Borne of common hopes and dreams.
Countless encounters Of human souls, Guided by an unseen hand, Link our lives together, Creating cascading Miracles of light, Illuminating our hearts and minds Amidst the harshness and the gloom Of mortal life, Ever weaving and preparing The glorious, eternal tapestry Of humankind.
Mark G. Dixon November 15, 1996
Photo credit: A quilt entitled “The Woodpeckers” by Kathy Swartz, based on a tapestry of the same name by William Morris.
Last Thursday, January 21st, I gave a presentation at the Sun Horizons conference, “Healthcare Integration Through a New Perspective.” The title of my talk was “Identity Management: Securing Information in the HIPAA Environment.” I explored how the complementary functionality of Identity Management and Master Patient Index technologies can enable effective Patient Consent Management, a vital requirement for online health information networks.
A copy of my presentation deck is available for download here.
At the heart of my the presentation was the following diagram, which illustrates major components required in a Patient Consent Management system:
A brief explanation of key components follows:
Identity and Role Repository
IAM technology and methods provide the foundation for an effective patient consent management system. An Identity and Role Repository contains Identities, roles and access control credentials necessary to support the consent system. This repository includes:
Patients
Providers
Access Rights
Roles (map business responsibilities to access rights)
Override Rights (Only users with specific roles can perform override without consent)
Consent Registry
A consent registry is required to specify what permissions have been granted by patients, within the allowable limits specified by each applicable jurisdiction. Some of the key attributes include:
Consent Permissions for
Patients
Organizations
Users
System-wide mask (everyone)
Fine gained access
Include or exclude attributes
Accommodation for multiple jurisdictions
Master Patient Index
A Master Patient Index enables correlation of patient data across multiple repositories. This is essential because patient records are typically help in multiple locations. In other cases, if patient records exist in the same physical data warehouse, they are often logically separated.
Federated Data Access
If patient data is located in physically or logically separate locations, Federated data access controlled allows access across domain boundaries without compromising the privacy or integrity of individual patient record repositories.
Data Access Services
By providing a set of centralized data access services governed by IAM, the Consent Registry and the Master Patient Index, a secure method of patient data access is possible.
I recently replaced the wheels on my roll-aboard suitcase with inline skate wheels. So much for a run-of-the-mill black-on-black look for my luggage! I hope the fact that I chose orange rather than red doesn’t get in the way of success with Oracle.
In August, 2007, the Sun National Sales Conference featured Oracle/Sun luggage tags for all attendees, which was terribly ironic for those of us in the software business, which competed head to head with Oracle. Little did we realize at that time how prophetic those luggage tags would be!
Thanks to my colleague Patie McCracken for sharing this nostalgic song ... to the tune of the old favorite “American Pie” by Don McLean. Patie isn't the author, but she received it from colleagues in Europe.
A long, long time ago.... I can still remember when Unix used to make them smile. And we knew that if we had a chance Sun could make those networks dance And, maybe, they'd be happy for a while.
But DEC and Apollo make us shiver With every workstation they'd deliver. Competition camped out on doorsteps We had to fight for each step.
I remember how hard we tried To win each system that they buy Yes, something touched me deep inside The day Sun Microsystems died.
So bye-bye, dear 'ole S--M--I We drove those networks to the limit And made applications fly!! Them corporate boys have kissed Sun good-bye, Singing, "Time to give Oracle a try. Time to give Oracle a try!!"
Have you heard of Solaris OS? And do you believe in Open Source? If the European Union tells you so..... Do you have faith in MySQL? Can Java save your mortal soul? And, can you keep data from moving slow....
Well, I know that Larry's in the groove `cause I saw his keynote on You-Tube. Oracle and Sun have hit the news!! Man, I dig them targeting Big Blue.
I was a great Sun Sales Rep kicking butt With a SPARC based server and tons of spunk But I knew I was out of luck The day the Sun Microsystems died.
So bye-bye, dear 'ole S--M--I We drove those networks to the limit And made applications fly!! Them corporate boys have kissed Sun good-bye, Singing, "Time to give Oracle a try. Time to give Oracle a try!!"
For nearly 27 years we've been on our own Now our revenue's gone down and confidence is blown. But, that's not how it used to be. When Scott ruled with Ed and Joe, And installed systems around the globe With a OS that came from BSD....
Oh, and while Scott was flying around, The jester grabbed his SMI crown. The stock-holders were concerned; The SUNW brand was over turned.
While Johnathan played his agenda in the dark, IBIS ran in stops and starts, We just kept selling Solaris and Sparc The day Sun Microystems died.
We were singing, Bye-bye, dear 'ole S--M--I We drove those networks to the limit And made applications fly Them corporate boys have kissed Sun good-bye. Singing, "Time to give Oracle a try. Time to give Oracle a try!!"
Re-orgs and RIFs in a March disaster. The IBM bid fell upon us in a news flash after Analysts screamed high and then fell fast...... IBM's bid landed foul on the grass. The players tried for an Oracle pass, With the European Union looking on aghast.
This acquisition news was sweet perfume. The industry spun up many tunes. The Stock holders all lined up to dance, But...they never got the chance! `cause when Oracle tried to take the field; The European Union refused to yield. Do you recall what was revealed The day the day Sun Microsystems died?
They started singing, Bye-bye, dear 'ole S--M--I You drove those networks to the limit And made applications fly!! Them corporate boys have kissed Sun good-bye. Singing, "Time to give Oracle a try. Time to give Oracle a try!!"
So, now we are all here in one place, An acquisition stuck in space With no time left to start again. So, Larry be nimble, Larry be quick! Use your brains and might and wit, 'Cause profit is the market's only friend.
As this plays out on the world stage My hands are clenched in fists of rage. Can this angel born in hell Break those devils' spell? Our company falls deeper every night And crumbles under this burdensome rite, I saw the competition laughing with delight The day Sun Microsystems died.
They were singing, Bye-bye, dear 'ole S--M--I You drove those networks to the limit And made applications fly!! Them corporate boys have kissed Sun good-bye, Singing, "Time to give Oracle a try. Time to give Oracle a try."
I met a guy who wrote some code And I asked him what the future bodes, But he just smiled and typed away. So, I went on to the Inter Net Where I'd played with Sun years before, But the sites there said that Sun had gone away.
And in the streets: the customers screamed, The partners cried, and the programmers dreamed. But not a word was spoken; The systems all were broken. And those groups I admire most: The Engineers, Sales Reps and Service folks, They caught the last train for the coast The day Sun Microsytems died.
They were singing, Bye-bye, dear 'ole S--M--I We drove those networks to the limit And made applications fly!! Them corporate boys have kissed Sun good-bye, Singing, "Time to give Oracle a try. Time to give Oracle a try."
So....... Bye-bye, dear 'ole S--M--I We drove those networks to the limit And made applications fly!! Them corporate boys have kissed Sun good-bye, Singing, "Time to give Oracle a try. Time to give Oracle a try."
This morning I read a thought-provoking article by my associate Mark Montgomery entitled “Systemic failures, by design.” The article proposes that in many high-profile cases, catastrophes could have been averted or moderated if appropriate semantic-based analysis and action had been taken, based on data that existedprior to the event:
Over the course of the past dozen years the U.S. has experienced a series of dangerous and costly systemic failures throughout our security and regulatory framework. The unfettered bubble in technology, missed opportunities to prevent 9/11—leading to two ongoing wars, the tragic response to Katrina, the largest financial crisis in history, the Fort Hood massacre, and the ‘underwear bomber’ incident on Christmas Day all share one commonality.
In each of these cases, data had been collected by U.S. government agencies that contained a high probability of either entirely preventing or substantially mitigating each event, if only the information had been recognized and acted upon within the window of time allowed by circumstances. In case after case, repeated warnings by recognized experts, sourced internally and externally, were ignored or suppressed.
In the past few months, I blogged a couple of times about the use of data analytics with Digital Identity:
In his address at Digital ID World, Jeff Jonas’ discussion about using data analytics to discover space-time-travel characteristics of individuals was both challenging and disturbing. He proposed that advanced analytic techniques could be effectively used to pinpoint the identities of people of interest based on patterns of use of mobile phones and other data sources readily available today.
While there is certainly danger of loss of freedom to ordinary citizens due to government surveillance, it is apparent that a much better job of identifying and acting upon potential threats and the identities of people involved is quite possible if existing data, lawfully acquired, is more effectively analyzed in meaningful (aka semantic) ways.
Next Thursday, January 21st, I will be giving a presentation at the Sun Horizons conference, “Healthcare Integration Through a New Perspective.” My topic will be “Identity Management: Securing Information in the HIPAA Environment,” I will explore how the complementary functionality of Identity Management and Master Patient Index technologies can enable effective management of Patient Consent Management, a vital requirement for online health information networks.
If you would like to discuss the topic or meet me in Washington, DC, please drop me a line. After the event, I’ll post my presentation deck for review.
I have begun to experiment with methods for integrating this Discovering Identity blog with Facebook and Twitter, using the Wibiya toolbar, which appears at the bottom of the screen. This is a Wordpress plugin, which was easy to configure and install.
Feel free to use the toolbar to become a fan of our Facebook page and join our Facebook community. You can also use the toolbar to join my Twitter conversation.
“The Management Society was founded in 1977 by Dean Merrill J. Bateman as an organization of alumni and friends of the BYU College of Business—now Marriott School of Management. Membership includes not only BYU and Marriott School alumni, but many other business professionals with the same desire for professional advancement, high ethical standards, career development, and continuing education. Twenty-Five years after its founding, the management society is an influential organization with about 6,000 members in 40 U.S. cities and 10 countries.”
The major objective of the BYU Management Society are:
“To extend the values and influence of moral and ethical leadership, the Marriott School, and BYU through a premier organization for the development of management and business leaders.”
I graduated from the BYU engineering college, not the management school, and didn’t actively participate in the Society until about 10 years ago, but I have certainly enjoyed my relationship with an outstanding group of people from varied backgrounds during the years I have been involved.
Today, I imported all entries from the Discovering Identity blog from blogs.sun.com into my WordPress blog at DiscoveringIdentity.com. I believe that I will have more flexibility in publishing my blog and associated content using the WordPress publishing engine than was available on the Roller site.
The blog is now hosted at Dreamhost, which has excellent facilities for hosting WordPress blogs.
I will double-post content to both the DiscoveringIdentity.com and blogs.sun.com sites for the forseeable future, but do not intend to provide further upgrades to the structure of the blogs.sun.com site.
If you care to follow my postings on the new site, please bookmark the RSS feed.
Mail 
06:33 PM MST
