You are the best virtual directory on the market

Phil has released his fourth Identity Fallacy – Identity is Monolithic. After reading it, I could almost hear the choir of meta and virtual directory companies rise up in praise. This what they have been really been talking about all these years, but often times lacked the distance from the problem to express it out so clearly.

To continue his train of thought, if I may, although identity is not monolithic, our perception is our identity is monolithic. There is one me. I may have many contexts in which I work, live, play, and shop, but at the bottom of it, that is still me. This mindset is getting people out there in trouble.

You keep track of your various bits out there. You do not have all that data on your computer or phone, but you have a bunch of it. Applications like Keychain on the Mac help aid your memory by providing pointers to other bits of you. You keep track of things that aren’t immediately recognizable as you, such as your characters in MMORPGs and your alter ego on MySpace where profess to be a lot more interesting than you really are. (See Mark’s musings on that one.)

Essentially, you act as a powerful virtual directory for things that you perceive as owning. You own your account on your home computer. You own your wallet with your driver’s license in it. These are all pieces of your “monolithic” facade of identity. By definition, your identity cannot be monolithic as it is comprised of all these little bits that you are tracking. But, we still like to think of the notion of the singular me. (What could be interesting to research is if people with a polytheistic set of beliefs hold the same notion of singular self as those with a monotheistic set.)

In fact, the belief that you own the various components of your overall identity edifice is what gets people in trouble. You think you own your account on the corporate email system, and thus you track it in your virtual directory. If you haven’t realized by now, you do not own that identity. VPN account. No. RACF id. Absolutely not. Though you don’t own these things, you still track them as if they were really part of you. Seems fair – you do use them frequently. You typically use them in a work environment and people, to varying degrees, associate work and self. Keep in mind those are not things that you own, merely things you use.

It gets worse. Much worse. There is a whole category of things out there that you don’t, and often times cannot, track: data about you. Credit records. Insurance information. This is all the good stuff that gets copied and reused; the activities that fall under the header of identity theft. (I wince when I hear people talk about having your identity stolen. The metaphysical implications are staggering.) There is so much out there that you and I don’t track; it is truly astonishing. No one would confuse my identity for a record in a police database saying that my car was parked on Main St at 10:05 AM last Tuesday, but these days, the two are more and more equivalent.

Revel in the fact that you are such a good virtual directory. Okay, you may not blow the doors of a benchmark, but you hang with the best of them. Just keep reminding yourself that a) you may not own as much of “you” as you think and b) your identity isn’t monolithic.

I’m off to Catalyst; see you there.

We are getting closer

Yesterday it was announced that Service Provisioning Markup Language (SPML) version 2.0 was ratified by OASIS. This warms my heart for two reasons. First, it is great to see the work of so many people come to fruition. Gary, Jeff, and Gavenraj really drove things forward and put in an amazing amount of effort. (On a personal note, since this was the first standard I worked on, I get a kick out of seeing my name as a contributor.) Second, SPMLv2 brings user provisioning into line with access management, in terms of having standards to work with. This was a topic Phil and I discussed in our webinar. Now the provisioning market has a rich, usable standard to help drive implementations and integrations. SPMLv2 gives application vendors a way of making their applications easily provisioned. It gives provisioning vendors a way of quickly integrating and connecting to applications. Everyone wins.

Are we there yet? Has the identity management arrived at its final destination? Nope, but we are getting closer. In order to realize its full potential, large application vendors have to adopt SPML. SAP and Citrix have done so. Oracle and Microsoft cannot, I hope, be far behind. By having SPML-based hooks in major applications a lot of the grunt work of connecting provisioning engines to target systems is removed. It decreases the time to value in user provisioning implementations. It allows project teams to focus on policy and process and not how to connect provisioning engines to systems.

Assuming that large application vendors build SPML gateways in their applications, are we there yet? Still, the answer is no. There are a ton of older applications out there. Though I can see SPML gateways for RACF and ACF2, its harder to imagine development teams building SPML hooks for their bespoke applications. If database vendors built SPML parsers into their engines, then homegrown applications could be in better shape… but I don’t see that happening any time soon.

In other news, Virsa was gobbled up by SAP. I don’t think this comes as a big shock to anyone in the industry. I wonder if it doesn’t mark the beginning of SAP’s entrance into the identity management market. First, major SPML support. Now, Virsa. What’s next for our friends at SAP… a provisioning system? They have got to be feeling pressure from OraclePeopleSoftJDEdwardsOblixThor.

Tags: , , ,

A supposedly fun thing I’ll probably do again

Once our service provider worked out all the kinks, Phil Becker at Digital ID World and I finally got to record our chat about identity management as a project versus as a lifestyle. There were three major points I took from Phil.

Managing the Project
Phil and I both had agreed that managing your identity project, regardless of technology, is critical. This requires an understanding on all parts: vendor, implementer, and customer. Biting off less than you can chew is the way to go. Further, regardless of technology: access management, password management, user provisioning, etc., you can find quick wins that show real value. I know this sounds like basic project management, and it is, but it is vitally important in identity management.

Phil and I spent time talking about linking business and identity policy systems and integrating policy engines. Correlating business policy and procedure down to identity management systems is a tough job. Often, it is done by a few individuals who tackle it in their spare time. Tighter integration is needed. However, this requires system to system communication and policy interpretation and this is quite difficult. Furthermore, there has been little work in the vendor community to express policies in a neutral language let alone the transport and transformation of said policy.

As federation matures, I think we will see more intra-company federations (obviously) and more inter-company federations. Lines of business will wrestle back some freedoms lost in centralization. This will lead to richer policy and provisioning integrations that require richer languages. SPML version 2 is a much needed addition to the tools we have to work with, but its adoption is slow. XRI/XDI is another set of promising work.

Final Thought
By having frank and open discussion between vendors, customers, and implementers, we can chart the course of identity management. As customers deployments have matured, they have pulled vendors along with them. By working through real-world use cases we, as vendors, can truly tackle customer needs.

Recommended Reading
If you haven’t read any David Foster Wallace, check him out. If science fiction is not your speed, take a look at the book that inspired the title of this blog: A Supposedly Fun Thing I’ll Never Do Again.

Here’s the link to the slides in pdf form… of course, you don’t get my and Phil’s witty banter.

Here’s the recording of Phil and I talking… witty banter included. (Be forewarned our provider only supports IE.)

Tags: , ,

Are we just dogs chasing clods of dirt?

I’ve been reading The Blue Cliff Record. Not an easy read, especially for a non-Ch’an Buddhist. Not an easy read for a Ch’an Buddhist. Just not easy.

At any rate, I came across a great note that translators (Thomas Cleary and J.C. Cleary) added:

The image of a dog which, hit with a clod of dirt thrown by a man, ignores the man and chases the clod in anger, is found Kasyapa-parivata; it symbolizes those who are afraid of the delights of the senses and seek deliverance in solitude and quiet – they never really become free because they are dependent on solitude and quiet, becoming every bit as much, and even more, miserable and confused as before when they again come in contact with the hustle and bustle of ordinary life.

The dog ignoring the man, the root cause, and chasing the clod, the symptom, is an obvious thought to turn over in your head. We all can think of people’s actions that exemplify this behavior, even our own. How silly it seems when the example is a dog, but how personal it becomes when we hold this thought-mirror up to ourselves.

A person fearing sensory pleasure hides in solitude and quiet which only reinforces his fear, doing nothing to address the root problem. Sounds like swapping drinking and drugs out for meetings. Sounds like people trying to ghetto-ize themselves in an ever expanding world.

Afraid of the world? Find the specific thing that makes you afraid. Do not run from it or it will only grow bigger and more terrifying. Find that thing. Hold it up for your heart and mind to scour. Then let it and your fear go.