You are Never Alone
Kerrie Smith
It is obvious from the points that Stephen raises that there are some huge issues to be considered. He talks at length about the metadata that makes up what we are about, and where it is stored. How do we go about pulling all the metadata about us, personal metadata, resource metadata, and information metadata together? Stephen talks about creating various windows or profiles from our collected metadata. There cannot be a single ultimate storage. more

Bandit, Higgins, Open Source, Profit and Novell
joe andrieu
I’ve been following the user-centric Identity movement ever since Doc Searls talked me into attending IIW2006b, an unconference. EIC is a classic Enterprise technology sales conference on identity management. The two events couldn’t be more different, even though both have excellent content and are focused on Identity. EIC was all about big business selling to each other, while IIW is all about engineers making user-centric Identity work. more

Access Agents
P.T. Ong
Access agents, which are a form of personal directories, are required to solve multiple problems in digital identity. more

Online Identity - Your Doing it Wrong
Craig Overend
The problem however with the current identity space, is that to do this requires reliably storing *any* entities transaction history - which requires silo-free persistence, redundancy and management on all sides of the transaction in ... more

Why Information Rights Management is mandatory…
Martin Kuppinger
If you use IRM for any type of information there is no necessity anymore for the classical access control approaches. The best way to protect information is to do it directly at the level of the information... more

LDAP as the COBOL of Identity?
Clayton Donley
There's no pressing need to get rid of LDAP in existing applications. None at all. It works. The applications support it and will continue to support it indefinitely. more

Managing your identity
Alwyn Van Niekerk
People through the ages have always had a requirement to prove in a credible and trustworthy manner that they are indeed who they say they are. more

Improved Security on the Identity Infrastructure
Matt Flynn
What it doesn't do, however, is protect the connected data stores against direct access. For example, the DBA still has direct access to the database and the Directory Administrator still has direct access to the directory. more

Oy vay Oracle!!!
Jackson Shaw
Fear, uncertainty and doubt aka FUD. You thought only Microsoft used it? Think again, because here comes Oracle. more

ID Conference coverage
Vikram
Had a look around to see the media coverage sparked off by the Identity Conference in Wellington. Given the wide range of things covered, I thought it would provide a good indicator for what the media thinks is news-worthy about identity. more

Visual Identity
Paul Madsen
Just came across Vittorio's notation for visually representing web services security keys, signatures, and encryption. Very nice. more

Visit to the Workshop: A Do It Yourself Identity Management Solution
Patrick Foley
...we can, instead, wander out to the workshop and see if we can cobble together an IdM solution from bits and pieces of controls we might have lying around.However, as with any do-it-yourself project, preparation work must be comprehensive and well-executed or your project will fail. more

Identity Management
Jeff Squires
The conference is all about “Identity Management”. Richard Florida is holding a keynote, further talks are held by the likes of Mark Vanderbeeken from Putting People First or Mads Thimmer from Innovation Lab in Arhus. more

OpenID getting more usable, a tiny bit at a time
Rafe Needleman
But the concepts of OpenID are still a bit too weird for ordinary mortals to use. It's in the interest of OpenID technology providers to fix that... more

What About IGF and Existing LDAP Systems?
Phil Hunt
To be clear. Enterprise LDAP is a key part of what we are thinking about for IGF. The plan for IGF (and its components CARML and AAPML) is to develop a profile against multiple protocols (LDAP, ID-WSF, WS-*) used for identity information. more

Proliferation of Multiple LDAPs
Matt Flynn
Many companies still haven't dealt with the user-store sprawl. In a general sense, I think metadirectory technologies can help get you to a place where you refine and consolidate your infrastructure and can then leverage virtual directory technologies where appropriate for applications that need access to data in multiple stores and/or multiple formats. more

Virtual, Meta, and Identity Buses -- Oh My!
Clayton Donley
Applications need to register their identity needs and repositories need a way to have their available attributes (and policies on those attributes) discoverable. Only then will supply and demand be accurately mapped, allowing services (whether based on IGF or an identity bus model) to thrive. more

We're Listening, Pamela. We're Listening
Nishant Kaushik
Authentication and Authorization are definitely at the forefront of this revolution in application development, mainly due to the ratification of decent standards in this area (like SAML and XACML). But there are many more facets to identity that need to escape from the application black box. more

Standards and Implementations
Phil Hunt
But it goes without saying that if developers don't use it, none of this matters. Developers won't do this simply because the other parties (like infrastructure managers) want it. The key benefit I see for developers is the ability to write applications without having to worry about issues of deployment or issues surrounding protocol implementation through powerful development tooling more

The elephant in the room
Jeff Bohren
Since Dave first brought up elephants, let me point out the elephant in the room no one is talking about; AD. For the vast majority of enterprises AD plus other identity services already serves the role of the identity hub. more

Converging Metadirectory and Virtual Directory…
Kim Cameron
But details aside, it sounds like CARML will be a helpful input to an important industry discussion. Above all, this needs to be a wide-ranging and inclusive discussion, where we take lots of input. To get “as many applications as possible” involved we need to win the participation and support of application developers - this is not just an “infrastructure’ problem. more

Hitachi! Who knew?
Lori Rowland, the Burton Group
While the benefits of the acquisition to M-Tech are obvious, Hitachi’s (the parent company) overall vision for the IdM it is not yet clear. more

Your mother was a hamster and your father smelt of elderberries!
Dave Kearns, the Virtual Quill
Still, if any developers feel that only XML based scripting is acceptable to use, then I'd suggest they consider the very good LDAP replacement, DSML which has, sadly, languished for a number of years. Or there's SPML (for provisioning services). Even XACML could be used (although it would need a bit more work). The point is that there are open protocols, openly arrived at, that will do the job and today's application designers are bright enough to know how to use them. more

Kim Cameron On The New Generation of Metadirectory
Phil Hunt
We've recently begun an open source project at OpenLiberty called the IGF Attribute Services API that does exactly what Kim is talking about (by the way, I'm looking for nominations for a cool project name - let me know your thoughts). The Attribute Services API is still in early development stages - we are only at milestone 0.3. But that said, now is a great time for broader input. I think we are beginning to show that a fully de-coupled API that meets the requirements above is possible and dramatically easier to use and yet at the same time, much more privacy centric in its approach. more

Now, who's smart and who's dumb?
Dave Birch
It does illustrate, however, how much easier it is to issue cards than it is to issue readers. This is a problem that is well-known and in the case of, say, identity cards (rather than bus passes) are real problem. If someone (eg, a retailer) has no machine to verify a card then it is easy to fool them with a counterfeit and there will inevitably be a rise in identity fraud following the introduction of identity cards in such circumstances because... more

Practical Identity Management for Healthcare
Ash Motiwala
Some look at it as a synonym for a specific technology such as Single Sign-On, Automated User Provisioning, Access Management, Directory Services or Self-Service Password Management. Others look at [Identity Management] as an umbrella term for multiple technologies, and yet others see it as "a set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of digital identities." more

We May Not Need an IT Compliance Manager Solution
Ilan Sharoni
I heard this statement in one of my visits lately to a small, but fast growing company. It was clear to me where and why this statement come from since it was voices by the security technical manager, which yet manages to provision and manage compliance issues manually. more

Identity bus and administrative domain
Kim Cameron
And my main concern here is not terminology, but making sure the things we have learned about metadirectory (or whatever you want to call it) are properly integrated into the evolving distributed computing architecture. more

What’s Possible in an Identity-Enabled Internet?
Mark Bregman
What did we fail to account for in the design of the Internet? As the CTO of Symantec Corp. (Nasdaq: SYMC), I would be expected to say security. It’s not. Frankly, if security had been built into the fabric of the Internet it would have curtailed its rapid growth and many of the conveniences we enjoy today. Instead, I would have factored in identity. more

Responses to the 2 Billion Entry OID Benchmark...
Clayton Donley
In fact, the report was SO detailed and complete that it was obvious that the competition was going to try to find ways to discredit the big picture by focusing on the minute details. more

A Model for an Internet Identity Layer
Patrick Harding
This identity layer should consist of three sub-layers – a claims sub-layer, a security token sub-layer and an identity transport sub-layer.. Each of these sub-layers are already generally included in the different standard and proprietary identity protocols that exists today. more

Will “Generation Virtual” Change the Nature of CRM?
Zallas Technologies
Collect “persona” data not just personal data. The way that a customer represents himself or herself on the Web will be a better determinant of buying behavior than the customer’s actual identity. more

Identity, Shmidentity
Steve Coplan
Matthew Broderick starred in a movie called War Games that was possibly my introduction to the world of identity management. The details are hazy... more

Finding the Right ID
Sajjad
CardSpace is a key component of Microsoft's .NET Framework 3.5 and is supported in Internet Explorer 7 and Windows. It's built largely on Microsoft Windows Communication Foundation (WCF), serving as the identity provider. While OpenID provides single sign-on to social networking sites and blogs... more

What's New on the Exam?
Shon Harris
Identity management is a broad and loaded term that encompasses the use of different products to identify, authenticate, and authorize users through automated means. To many people, the term also includes user account management, access control, password management, single sign-on functionality, managing rights and permissions for user accounts, and auditing and monitoring of all of these items. more

Authentication, PKI and SAML
Anil John
Some time ago, I was having a conversation with some folks about the usage of SAML Authentication Assertions for Web Browser Single Sign-On (SSO) versus Digital Certificates. The folks that I was having this conversation with support one of the larger PKI deployments in the US, and their response to my comment about the lack of support for SAML for Web Browser SSO in that particular vertical was the following question: "Provided the experience to the user is the same, why does it matter?" more

Identity in Software Design
Changing the Rules
Software developers’ often have a naïve understanding of identity (myself included!), and this leads to all sorts of bugs, hacks and design compromises. You’d think something as fundamental as how to identify a Thing would have been settled by now! more

The magic bus
Eve Maler
This definition sounds like the “metasystem” all over again, a label that fell (or was mercilessly beaten :-) ) out of favor a little while back. I don’t think this will promote the identity layer we’re all looking for. What would satisfy the criteria for an identity bus, defined more formally? more

Are we getting on the bus or thrown under it?
Jeff Bohren
Customers need to start demanding identity enablement of some sort from their vendors. Far too many enterprises don’t make identity enablement an important criterion when selecting a vendor. Thus they wind up with products that force them into a Meta-directory solution. Until that changes, no one is getting on the bus. more