OpenSSO Enterprise Yesterday, September 30, 2008, Sun Microsystems officially unveiled OpenSSO Enterprise, Sun's "Next-Generation Access Management, Federation and Secure Web Services Solution."
Over three years ago, way back on July 13, 2005, just two months after I wrote my first post on this blog, Sun announced at the Burton Group Catalyst Conference "plans to open source its web site authentication and web single sign-on (SSO) technologies through the Open Source Web Single Sign-On (OpenSSO) project." I gave the announcement only one sentence of coverage: "Open SSO will provide source code for basic identity services including Authentication, Single-domain SSO, and Web and J2EE agents."
Yesterday's announcement was, in a way, a celebration of that early foray into the world of open source. What began as a virtual toe-dip led to complete immersion in open source waters. OpenSSO Enterprise is a result of putting Sun putting its entire access and federation management code base into the open source domain, providing a transparent and progressive forum for collaborative development. The innovations apparent in this newly released product owe much to the many external contributors to the OpenSSO project.
It is exciting to see the fruits of Sun's open source strategy unfold.
Sun Rising on the Vancouver Olympics
I have spent the last couple of days with my Sun colleagues in Canada. Because of Sun's position as supplier to the 2010 Winter Olympics in Vancouver, Sun Canada business cards and presentation templates are Olympics-themed. The back of each business card is shown below.
Batteries - Can't Live without 'Em Last Friday was a bad battery day for me. My bluetooth headset battery died in the middle of a conference call. My mobile phone battery barely made it through that call before it died, too. My two laptop batteries didn't provide enough juice to make it through my cross country flight from New York to Phoenix. To top it all off, when I got to the airport parking lot, my car battery was dead. Aaarrrrgh! (that is my contribution to Talk Like a Pirate Day).
In this hyper-connected electronic world we live in, we are terribly dependent on batteries. I did a quick inventory of the battery-powered devices I carry with me on my travels:
Laptop (2 batteries)
Mobile phone (2 batteries - take that, iPhone!)
Wireless mouse
Bluetooth headset
iPod
GPS navigator
Laser pointer
Security token
Pedometer
Wristwatch
Flashlight
Plus my car, which apparently has a parasitic electrical leak we can't find. Aaarrrrgh again!
I find it interesting and frustrating that in my lifetime, improvements in battery technology have been only incremental, not revolutionary. Our world is begging for some monumental breakthrough in energy storage technology that is cheap, efficient and long lasting.
In the mean time, I hope we can at least get some standardization in the devices and cables necessary to charge the batteries we have. Of the six devices I have that can be charged via a computer USB port, I must use six different cables. Aaarrrrgh again!
Explosion on Aisle 3
If sometime my brain explodes due to information overload from cyberspace (or from the pointy-haired boss), please send a cleaning crew to mop it up.
Super-scale Required for Digital Media Distribution It has been intriguing for me to read over the past several months about the accelerating demand for digital media distribution and download. In a crazy world where an YouTube video of yours truly going down a zip line Park City has been viewed over 2,750 times, it seems that online viewers have an insatiable appetite for content. Yet videos of zip lines are but a drop in the proverbial ocean of digital media. Just imagine when we really kick it in gear and demand that the industry provide both the ability to stream high defintion video to any device of our choice at any time we want, as well supporting our desire to generate and distribute high definition content ourselves.
This week, in an article entitled, "Deloitte Launches Initiative to Streamline Digital Media Distribution," David Rips, lead architect of the Deloitte Digital Media Framework and director in Deloitte Consulting LLP's Media and Entertainment practice, addressed the net effect of this appetite:
"... the technical scale and complexity required to deliver this demand far outstrips the capabilities and capacity of today's digital media companies and infrastructure."
The Deloitte Digital Media Framework proposes to establish a new digital media value chain that will enable the delivery of content from multiple creators, on multiple devices, through multiple carriers.
"The technology infrastructure needed to meet increasingly sophisticated media demands will dwarf anything we've seen before,"said Phil Asmundson, Deloitte LLP vice chairman and national managing partner of Technology, Media and Telecommunications.
It will be really interesting to see how this unfolds.
In the mean time, take another look at my zip line video. It had twice as many views today as it had the last time I checked. It will be interesting to see if the number doubles again.
Happy Thoughts about You
Much has been said about user-centric, or user-controlled Identity allowing individuals to choose which subset of personal Identity attributes use in facilitating online interactions. Maybe this could be called "self personalization" because an individual is in control and actively choosing specific steps to follow.
But at the recent Digital Identity World conference, I had a minor epiphany. As a speaker addressed the subject of role management, it struck me that much of enterprise Identity management is also about personalization - granting people the specific rights and credentials to enable them to do their work. These assignments could be made automatically or with human intervention. This could well be termed "assigned personalization."
I supposed that efforts like Amazon's to deliver purchase recommendations based on past activities would be a form of "calculated personalization."
In all three cases, the objective is similar - how can the online application experience be more closely aligned with who a person is and what the are doing at a particular time?
Personally (pun intended), I think this personalization stuff is fascinating. Those are happy thoughts.
Bloggers Send Prayers of Hope
Last week, I posted a brief article about close family friends who are recovering from a serious plan crash.
The following news report, produced by a Phoenix television station, explores how bloggers from around the world are sending their hope and prayers to Stephanie and Christian.
Makes you kind of feel good about participating in the blogosphere!
CSO on Role Management An excellent article on role management was published last week in CSO Online. Business drivers, benefits and challenges were listed from a Burton Group study:
"In its 2007 survey of 35 organizations, Burton Group found that the number of role management initiatives has grown significantly since 2003, especially in the financial services industry. The top business drivers include:
Administrative efficiencies for access management
Ease of audit and compliance
Improved security controls for access and authorization
"The payoff? In return for your efforts, expect the following benefits:
Simplified number of managed entities
Improved visibility into available resources
Better enforcement of policy
Improved relationship of IT with the business
"The Burton Group says major challenges for these projects include:
Establishing the relationship of roles to business and administrative processes
Setting guidelines for defining and establishing roles
Determining who should participate and in what capacity
Determining how to maintain roles over time
Associating roles with resources
Determining how to associate business process and policy with roles"
A variety of customers, using several role management software tools, were quoted in the article in support of a good list of recommended Do's and Don'ts for role mangement projects:
DON'T select a tool until you've defined your process.
DO take a combined top-down, bottom-up approach.
DO take a combined top-down, bottom-up approach.
DO create links between IT roles and business roles.
DO go beyond access control when communicating business benefits.
DO look for a tool that mirrors your organizational approach.
DON'T underestimate the time commitment.
DO manage scope.
DO consider getting a quick start with role mining.
DON'T create too many roles.
DO look for reporting capabilities and a strong certification process.
DON'T assume you need a suite to integrate role management with your provisioning system.
Although no vendors were directly quoted, many observations were favorable for the Sun Role Manager product.
I thought it interesting that Kevin Kampman, senior analyst at Burton, recommended the role discovery process directly supported by the Sun product:
"DO take a combined top-down, bottom-up approach. According to Kampman, role management typically combines a top-down (or business responsibility-driven) perspective, and a bottom-up (or system resource-oriented) approach. Top-down reflects the needs of the business, while bottom-up reflects the application privileges and permission sets to satisfy those business responsibilities."
Craig Cooper, senior project manager at Thrivent Financial for Lutherans, a Vaau/Sun Role Manager customer, offered some interesting practical insights:
"Cooper sees role management as an integral part of enhancing Thrivent's trusted reputation with customers. 'We want to be able to demonstrate that we have the controls in place related to access, and this process has allowed us to do that,' he says.
"The most time-consuming piece, according to Cooper, is the communication, analysis and research required to get business people on board and ensure your initial design is correct. The good news, he says, is that the learning curve drops off, and you can leverage process improvements and reuse definitions. While it took 12 weeks to set up roles for Thrivent's first business unit, the team is now completing units in six weeks."
"It's important to keep the number of roles you create down to keep your management burden low. 'It's a lot easier to manage 1,000 roles than 5,000 or 7,000 individual access profiles,' Cooper agrees. It's good practice to use an 80/20 rule, he says, where you assign groups of users a base set of access and then use auxiliary roles and exceptions to cover additional access needs.
My Business Card
May I introduce myself and present my business card, please?
As a an addendum to yesterday's post, here is an electronic copy of my business card. Another nice feature of the Scan2Contacts personal scanner is that a .jpg copy of the business card image is added to the Outlook contact record. Fun stuff!
Scan those Cards Last week, a minor miracle occurred. When I returned home from the Digital ID World conference, I already had all the contact information from business cards I had received entered into MS Outlook, where I maintain my extensive personal address book.
How did I do it? I used my new Scan2Contacts personal scanner to scan in each business card and create a new contact record in my Outlook application data store. What a time saver! It's not 100% accurate on all cards, but it is close enough to make a big jump forward in personal productivity. I like jumps like that.
Leadership Quote: Oliver Wendell Holmes "Every calling is great when greatly pursued."
This quotation came from either Oliver Wendell Holmes, Sr., (1809-1894), American physician, writer and poet, or his son, Oliver Wendell Holmes, Jr., (1841-1935), US Supreme Court Justice. It has been variously attributed to both.
I think this is a profound statement. The greatness of our life's work does not depend so much on what so-called "status" it might bear or others may think of it, but on the intensity, passion and diligence we give it.
Managing My Identity on chi.mp I recently received an alpha test invitation from chi.mp to try out their new service: "The dashboard for your digital life," which offers "The simple way to manage your online life, on a domain of your very own."
So, I established my own domain, "markdixon.mp," populated my profile with links to the social networking sites I frequent (Facebook, Twitter, etc.), my blogs and websites, and the instant messaging services I use. This site allows me to provide some measure of integration among the different facets of my Internet presence, and gives me quite a bit of flexibility in exposing which details of my Identity I believe to be appropriate.
By coincidence, I met Tony Haile, the chi.mp Chief Strategy Officer, at Digital ID World earlier this week. He has interesting perspectives to share in the DIDW session, "How Social Web will change Identity Management." It appears that Tony and the DIDW crew are making an important contribution to this change by offering steps forward in Identity integration and personal control.
Please take a look at my chi.mp profile and let me know what you think. I'll keep you updated as this experiment proceeds.
Stretch Goals
I participated in a conference call yesterday about establishing yearly "performance maps" that include goals to achieve during the current fiscal year. Coincidentally, the Dilbert comic strip yesterday addressed the same subject.
Yesterday, September 30, 2008, Sun Microsystems officially unveiled OpenSSO Enterprise, Sun's "Next-Generation Access Management, Federation and Secure Web Services Solution."
