Friday, December 07, 2007
User Centric in the Enterprise
Jeff Bohren responds to a posting from Nishant Kaushik regarding enterprise usage of user centric approaches. It seems as if they both have differing opinions of what enterprise users want. Figuring that I do spend a little bit of time in one, that I should provide a deeper perspective...
Users within large enterprises know that they have a strong desire to eliminate any form of passwords and want to move to some other factor where user centricity is one consideration. Regardless of the nomenclature surrounding certain concepts, the important thing to focus on is whether software vendors are doing enough to make their enterprise customers happy.
User centric identity to date has been talked about from a language perspective where Kim Cameron talks about relying party support for PHP, .NET applications and so on. What is left out of this conversation is that many enterprises don't embed this type of logic within their applications and have traditionally relied on web access management platforms such as Netegrity Siteminder, Tivoli, Oblix and so on. Until these platforms step up, then the enterprise conversation will be lacking.
On the identity provider side, enterprises understand that there are really two different really large identity providers they need to work with that the consumerish crowd neither uses nor cares about. The first is Active Directory in that pretty much all of the Fortune Enterprises (except for Sun) has their users in Active Directory. The ability to self-manage information should be a native capability and not really part of the Information Card discussion. When we consider Active Directory usage, we should ask ourselves when Microsoft will be providing an Active Directory STS without requiring each and every enterprise to write their own. Of course, within an enterprise setting there is this really big blue box better known as the mainframe. One could ask themselves whether products such as RACF should also implement an STS.
The most intriguing thing about user centric approaches is that most vendors are talking to the wrong folks in the enterprise. Security has been traditionally sold to information protection groups to protect employees where the biggest play for user centric approaches in the enterprise is for consumers and business partners which is usually controlled by Enterprise Architects. I suspect if you have a conversation with them, the perspectives in the vendor community may change...
| | View blog reactionsUsers within large enterprises know that they have a strong desire to eliminate any form of passwords and want to move to some other factor where user centricity is one consideration. Regardless of the nomenclature surrounding certain concepts, the important thing to focus on is whether software vendors are doing enough to make their enterprise customers happy.
User centric identity to date has been talked about from a language perspective where Kim Cameron talks about relying party support for PHP, .NET applications and so on. What is left out of this conversation is that many enterprises don't embed this type of logic within their applications and have traditionally relied on web access management platforms such as Netegrity Siteminder, Tivoli, Oblix and so on. Until these platforms step up, then the enterprise conversation will be lacking.
On the identity provider side, enterprises understand that there are really two different really large identity providers they need to work with that the consumerish crowd neither uses nor cares about. The first is Active Directory in that pretty much all of the Fortune Enterprises (except for Sun) has their users in Active Directory. The ability to self-manage information should be a native capability and not really part of the Information Card discussion. When we consider Active Directory usage, we should ask ourselves when Microsoft will be providing an Active Directory STS without requiring each and every enterprise to write their own. Of course, within an enterprise setting there is this really big blue box better known as the mainframe. One could ask themselves whether products such as RACF should also implement an STS.
The most intriguing thing about user centric approaches is that most vendors are talking to the wrong folks in the enterprise. Security has been traditionally sold to information protection groups to protect employees where the biggest play for user centric approaches in the enterprise is for consumers and business partners which is usually controlled by Enterprise Architects. I suspect if you have a conversation with them, the perspectives in the vendor community may change...
