Sunday, May 28, 2006
Do Kim Cameron, Dick Hardt and Pat Patterson really understand federated identity?
Do Kim Cameron, Dick Hardt and Pat Patterson really understand federated identity? I am of the belief that they have an outsider looking in perspective that could be detrimental to many enterprises. Industry analysts aren't really doing their due diligence on this space either. Heed whatever you hear in this space with caution...
Dick Hardt of Sxip frequently talks about the notion of user-centric identity which puts the choices around identity and privacy in the hands of users which is highly useful in federated consumer-oriented interactions. He seems to mysteriously never discuss how Sxore could work in enterprise scenarios though. I wonder if he things that enterprises should simply let folks bring in their identity from home to access enterprise applications? If we were delusional enough to allow this to occur within the walls of the enterprise, I wonder what all those auditor folks that expect us to be compliant to regulations such as Sarbanes Oxley say?
Any thoughts on other aspects of identity such as tying Sxore into RACF? What about tying Sxore into relational database engines such as Oracle and Microsoft SQL Server. After all, relational databases are not only the holder of identity stores, they internally create identity for their own usage instead of externalizing it.
Pat Patterson lately seems to be using his blog to push product instead of using it to engage in meaningful conversations with the blogosphere. Hopefully he will revert back to topics that we are all interested in and not just product-oriented architecture. He also lately seems to have stopped talking about Project Liberty of which I am happy. The main problem with such an organization is that they purport to give enterprises a voice if they become members. You may have noticed that the roster of membership doesn't contain a whole lot of Fortune enterprises to engage in a meaningful dialog with and is only filled with vendors whom we can demand our voices be heard through our wallets anyway.
I suspect the reason that the masses of large enterprises aren't participating is simply do to the fee structure they impose on members. If Enterprise Architects were to put monies into next years budget for joining, it would more than likely not make it through the budget cycle and get cut. I wonder if Pat would take deliberate efforts to make membership for enterprises free? No, this still may not increase our participation but would at least remove one impediment.
I do wonder though when Pat will start acknowledging on a public level that federating using Microsoft's Active Directory Federation Services is a better approach than sticking strictly to the Liberty endorsed SAML approach. Meaningful federations are not between large corporations but the interactions between large Fortune enterprises and the multitude of small businesses within their supply chain who don't have the budget nor expertise to have separate standalone products and need something more integrated...
Kim, you are guilty of forgetting important aspects of identity in that it needs to be thought of from a physical perspective. I was cleaning one portion of my basement where I ran across employee ID badges that I retained while I was a consultant in a past life at Aetna, Bank One and FleetBoston and noticed a pattern. At the time, I remember going to the guard's station and filling out paperwork in order to get one. The badge systems used in the majority of enterprises are not tied into any identity management strategy or even a consolidated identity store. All of the badges indicate department and one of them has a title that I made up. There was no check to see if any of the information printed on it was correct nor did the guard have a way to even validate it except to call the approver of the paperwork.
The funny thing is that even industry analysts haven't started noodling the relationship between physical identity and the building folks and digital identity and us IT types. This space should converge and do so quickly. I wonder if Microsoft and the industry analyst community are steering vendors to start solving for this space. Seems like an opportunity for the venture capital community to also start creating additional ventures...
| | View blog reactionsDick Hardt of Sxip frequently talks about the notion of user-centric identity which puts the choices around identity and privacy in the hands of users which is highly useful in federated consumer-oriented interactions. He seems to mysteriously never discuss how Sxore could work in enterprise scenarios though. I wonder if he things that enterprises should simply let folks bring in their identity from home to access enterprise applications? If we were delusional enough to allow this to occur within the walls of the enterprise, I wonder what all those auditor folks that expect us to be compliant to regulations such as Sarbanes Oxley say?
Any thoughts on other aspects of identity such as tying Sxore into RACF? What about tying Sxore into relational database engines such as Oracle and Microsoft SQL Server. After all, relational databases are not only the holder of identity stores, they internally create identity for their own usage instead of externalizing it.
Pat Patterson lately seems to be using his blog to push product instead of using it to engage in meaningful conversations with the blogosphere. Hopefully he will revert back to topics that we are all interested in and not just product-oriented architecture. He also lately seems to have stopped talking about Project Liberty of which I am happy. The main problem with such an organization is that they purport to give enterprises a voice if they become members. You may have noticed that the roster of membership doesn't contain a whole lot of Fortune enterprises to engage in a meaningful dialog with and is only filled with vendors whom we can demand our voices be heard through our wallets anyway.
I suspect the reason that the masses of large enterprises aren't participating is simply do to the fee structure they impose on members. If Enterprise Architects were to put monies into next years budget for joining, it would more than likely not make it through the budget cycle and get cut. I wonder if Pat would take deliberate efforts to make membership for enterprises free? No, this still may not increase our participation but would at least remove one impediment.
I do wonder though when Pat will start acknowledging on a public level that federating using Microsoft's Active Directory Federation Services is a better approach than sticking strictly to the Liberty endorsed SAML approach. Meaningful federations are not between large corporations but the interactions between large Fortune enterprises and the multitude of small businesses within their supply chain who don't have the budget nor expertise to have separate standalone products and need something more integrated...
Kim, you are guilty of forgetting important aspects of identity in that it needs to be thought of from a physical perspective. I was cleaning one portion of my basement where I ran across employee ID badges that I retained while I was a consultant in a past life at Aetna, Bank One and FleetBoston and noticed a pattern. At the time, I remember going to the guard's station and filling out paperwork in order to get one. The badge systems used in the majority of enterprises are not tied into any identity management strategy or even a consolidated identity store. All of the badges indicate department and one of them has a title that I made up. There was no check to see if any of the information printed on it was correct nor did the guard have a way to even validate it except to call the approver of the paperwork.
The funny thing is that even industry analysts haven't started noodling the relationship between physical identity and the building folks and digital identity and us IT types. This space should converge and do so quickly. I wonder if Microsoft and the industry analyst community are steering vendors to start solving for this space. Seems like an opportunity for the venture capital community to also start creating additional ventures...