Friday, February 27, 2009
So, how many non-profit identity organizations exist?
From my seat, I see several things wrong with the approach being championed within the identity community. As an employee of a large enterprise, do you think anyone would be successful selling all three? If the goal of identity is to be portable and somewhat unified, why can't their foundations? In the world of non-profits, why do we keep duplicating the same overhead across organizations? How much do to the nature of conversations vary?
So, if I spend say ONE HUNDRED THOUSAND DOLLARS joining these organizations, do I walk away with something other than the ability to influence vendors that I already spend more time that I desire talking to? If I ask the folks over at EMC to incorporate modern approaches to identity into Documentum that they would because I am a member where otherwise they would ignore me?
The world of identity and the world of security need to be connected. Many of the approaches used by the identity community are otherwise insecure. The identity community could provide secure implementations of their offerings if they were to network with another non-profit group known as OWASP. OWASP is more than just a conversation and some documentation. It can provide real lift in code reviewing open source identity implementations.
For the record, I do participate in OWASP not just because of a higher value proposition but because OWASP understands that contributions can be in forms other than writing out large checks. The ability to start of simple by doing things like contributing space for meetings is a great thing and OWASP is very appreciative. Maybe someone can enlighten me as to how to work with the identity crowd in the same fashion...