Thursday, June 05, 2008
Six Questions on building Identity Enabled Applications...
Many developers in large enterprises are aware of how to build directory enabled applications, yet few understand how to construct identity enabled applications. I figured I would ask a few questions of the experts in this space in hopes that they can help make others smarter...
Hopefully, I can gain insights from Pat Patterson, Ian Yip, Don Bowen, Matt Flynn, Rajeev, Jackson Shaw, Gunnar Peterson, Mark Wilcox, the guys from Connexitor, Gavin Henry or others who may have a perspective on this topic.
Anyway, below are six questions that I would love insight into:
| | View blog reactionsHopefully, I can gain insights from Pat Patterson, Ian Yip, Don Bowen, Matt Flynn, Rajeev, Jackson Shaw, Gunnar Peterson, Mark Wilcox, the guys from Connexitor, Gavin Henry or others who may have a perspective on this topic.
Anyway, below are six questions that I would love insight into:
- Protocols:Nowadays, the folks over at the Burton Group such as Bob Blakely, Dan Blum and Gerry Gebel have put together the most wonderful XACML interoperability events. The question that isn't addressed is if I am building an enterprise application from scratch, should I XACML-enabled, think about integrating with STS, stick to traditional LDAP invocation or something else?
- Virtual Directories: What role should a virtual directory play in an Identity metasystem? Should virtual directory be a standalone product in the new world and simply be a feature of an STS? If an enterprise were savage in consolidating all directory information into Active Directory, why would I still need virtualization?
- Entitlements: One missing component of the discussion is authorization and their is somewhat too much focus on identity. Consider the scenario where if you were to ask my boss if I am still an employee, he would say yes as he hasn't fired me yet. Likewise, if you ask him what are all of the wonderful things I can access within the enterprise, he would say that he has no freakin clue, but as soon as you figure it out, please let him know. Honestly, even in my role, there are probably things that I can do but shouldn't otherwise have access to. So, the question becomes how come the identity conversation hasn't talked about any constructs around attestation and authorization?
- Workflow: Have you ever attempted to leave a comment on Kim Cameron blog? You will be annoyed with the registration/workflow aspects. The question this raises in my mind is what identity standards should exist for workflow? There are merits in this scenario for integrating with the OASIS SPML standard, but I can equally see value in considering BPEL as well.
- Education: Right now the conversation regarding identity is in the land of geeks and those who are motivated to read specifications. There is a crowd of folks who need things distilled, the readers digest version if you will. Traditionally, this role is served by industry analysts such as Gartner and Forrester. What would it take for this guys to get off their butts and start publishing more thoughtful information in this space?
- Conferences: When do folks think that the conversation about identity will occur at other than identity/security conferences? For example, wouldn't it have been wonderful if Billy Cripe, Craig Randall and Laurence Hart where all talking about the identity metasystem in context of ECM?
