Robin Wilton's esoterica

       
 
« Previous day (Oct 3, 2005) | Main | Next day (Oct 4, 2005) »

04 Oct · Tue 2005

Information Age, Sept 2005


Several good articles in the current issue of Information Age, not least on the incipient revolution on software pricing. But more of that later. There's also an article on the Identity Management 'landscape', so naturally that one gets priority. It's billed as a 'Sector Profile', and the author, Pete Swabey, does a good job in that regard, giving a fly-by of the vendors and Gartner/IDC analyses. The detail is good too; here's a subset of the points he makes which happen to resonate with my own experience:
  • The 'frontier' of complexity in IDM is currently around adapting policy- and role-based mechanisms to the intricacies of a dynamic business;
  • Regulatory compliance is a significant driver for auditability and therefore IDM;
  • Federation has a significant role to play;
  • Humans are not the only entities with identities which need to be managed;
  • IDM can be as much about physical access and device provisioning as it is about authentication and password management.
There are also some implied points which it would be inaccurate to attribute to Pete, but with which I suspect he might agree. For instance, a couple of his contributors note that HR departments are often the point at which information about a user intersects with information about IT resources (particularly in role-based setups, I would suggest), but then go on to note that the HR department should not necessarily 'own' the digital identities as a result. I would go further and suggest that responsibility, accountability and even liability for digital identities and their use should rest with an employee's business unit --- even if, as is often the case, the 'definitive source' of information about who is an employee does indeed reside in an HR repository. There is a nice section showcasing Liberty, federation and the importance of identity management in the context of web services. Pete correctly draws out the aspect in which I think Liberty is recognised as having added particular value, namely the implementation and policy-related guidelines which supplement the technical specifications. These guidelines illustrate best practice and address concerns such as regulatory compliance, data 'ownership'/custody, liability questions and so on. To my mind, that's one of the reasons why Liberty is still such a groundbreaking enterprise. The article closes with a few remarks on infrastructure vendor lock-in, which is where I would again diverge slightly from Pete's analysis. I think there are two relevant counters to such lock-in tactics: first, the whole notion of federated identity, particularly with web services, tends to decouple the 'service delivery' platforms from the 'identity' platforms. Second, there are the principles of open standards and interoperability, which Sun and Liberty both propound. I think customers are genuinely starting to trust in the ability of open, interoperable products to deliver the benefits which are claimed for them. My own view (as a vendor employee) has always been that the best (if not always the most restful!) way to lock your customers in to your products is to keep delivering added value.
Posted by racingsnake @ 12:16 PM GMT+00:00 [ Comments [1] ]
 
 
 
 
 
« October 2005 »
MonTueWedThuFriSatSun
     
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
      
Today

unsubscribe from human rights abuse in the war on terror
Locations of visitors to this page
Such views as I express in this blog are based on my own opinions, experience and judgements. They do not necessarily represent the policy or views of my employer. It is not my intention to offend readers in any way. If you find anything on this blog offensive, please contact me in the first instance.
Robin Wilton
www.flickr.com

Links to recent entries

[RSS Newsfeed]

Valid XHTML or CSS?

[This is a Roller site]
Theme by Rowell Sotto.
What's this?
 
© racingsnake