Saturday, March 24, 2007
Enterprise Perspectives on User-Centric Identity
Last week, I asked Kim Cameron talk about Cardspace vs. PKI. The conversation to date has been all about how the two technologies are complementary without an equivalent discussion on how one could replace another. If your industry vertical is pharmaceuticals, you are probably familiar with the SAFE initiative which is based on rolling out PKI client certificates. Nowadays, it feels like an opportunity to avoid the desktop management support headaches that client certificates provide and the expense that is associated with it. Anyway, I hope that Kim will expand upon these thoughts in the near future in a compare/contrast vs the complimentary discussion to date.
It seems to me that the need to extend a card that isn't managed would be of value. For example, if my parents have high-blood pressure, wouldn't it be interesting if they could take the card to Walmart, drugstore.com and other online retailers to get a quote without having to specify the same information over and over? This of course would require the adoption of something similar to microformats for cardspace.
Also missing from the discussion in the blogosphere is any hint as to how traditional web access management products such as those provide by Tivoli, Oracle CoreID and others can participate in a user-centric world. Of course, I expect the folks over at the Burton Group to produce detailed research in this space shortly and ahead of the other analyst firms.
Maybe someone could tell me what mainframes are treated as second-class citizens in the security world? Imagine Microsoft figuring out a way to user-centric enable RACF? I wonder if anyone at Microsoft has discussed this notion with folks at IBM?
Have you ever visited the Microsoft Live site? Where they make you register over and over and over? This feels like a missed opportunity for Kim, in that he needs to spend some time doing internal evangelization. At least the folks over at Liferay have on their radar, support for user-centric approaches. It is good to see open source projects innovate faster that large monolithic proprietary closed source vendors especially in the portal space.
In the next couple of weeks, I will be having briefings with analysts at both Gartner and Forrester regarding user-centric approaches within an enterprise context. I will be asking them directly whether enterprises should consider OpenID or stick with 100% Microsoft approaches. The answer will be intriguing. While I already know the opinions of Johannes Ernst, Dick Hardt and others in this regard, I wonder what they believe analysts will say...
Links to this post: