Tuesday, June 23, 2009
Information Cards in Industry Verticals
- When Geneva is released to manufacturing later this year, it will be seen as a fundamental part of Active Directory and the Windows platform. I expect that many programs will then start to kick in that turn up the temperature along the lines James proposes.
My only caution with respect to James’ argument is that I hope we can keep requirements simple in the first go-around. I don’t think ALL the capabilities of claims have to be delivered “simultaneously”, though I think it is essential for architects like James to understand them and build our current deliverables in light of them.
- Enterprise Architects tend to think more strategic in nature (or at least they should) so tactical current state leanings are sometimes challenging to swallow. What makes them more appealing is if their considerations posed become visible on roadmaps, blueprints, etc by their business partners. Otherwise, the general EA reaction to being tactical is the pain that will emerge down the road.
- I hope that one of the programs will be to actually address how Information Cards can be used within an Industry Vertical context. We have to acknowledge that many of the consortium models are busted when it comes to enabling community formation. More importantly, the message behind identity is confused. On one hand, we talk about separating identity from our applications and then yet we want to constrain it to a vertical context. Maybe the best solution is for Microsoft to introduce me to others in my vertical that have a clue about identity and observe the conversation.
- The one entity that I have seen get the convergence of technology and an industry vertical right is IBM. Many of the folks in the insurance vertical have adopted the IIA model for their data warehousing initiatives. Maybe MS can borrow from the IBM playbook and apply it to the world of identity (unless Anthony Nadalin has already started on this journey)
- I fully agree that not all the functionality of claims need to be delivered simultaneously. I do however believe that the next challenge that needs to be tackled is the ability to gain additional insight into the practices of an IDP, otherwise the conversation on the level of business trust goes nowhere. How about some brainstorming on the following?
- How should an IDP indicate that they are storing and possibly correlating activities of an RP to the RP? For example signon.com and myvidoop.com keep track of everytime I touch an RP?
- As you can imagine the insurance ecosystem has hundreds of thousands of potential identity providers and any approach based on manual approval or even whitelisting will not scale. The only method that could possibly work is when we can somehow indicate that we will trust IDPs who are vouched for by higher-level entities we trust.
- There is some adoption of OpenID and I would therefore not want to ignore its usage for low-value interactions. It would be great if Vittorio Bertocci or other MS Bloggers could tell me how OpenID could be supported / extended via Geneva.
Links to this post: