The Moments Ahead for Identity

[My address to the European Identity Conference 2016. Although this starts like my TCP/IP Moment talk it goes in a very different direction. In some regards, I think this might be the most important talk I have ever written and delivered.

Giving credit where credit is due – the ideas in this piece are the distillation of many many conversations over the years. I am deeply indebted to the following peers for their help, encouragement, ideas, and support: Allan Foster, Robin Wilton, Nat Sakimura, Josh Alexander, Chuck Mortimore, Joni Brennan, and Josh Nanberg.]

Remember when we used to pay for a TCP/IP stack? Remember when we paid for network stacks in general? Hell, we had to buy network cards that would work with the right stack.

But think about it… Paying for a network stack. Paying for TCP/IP. Paying for an implementation of a standard.

How quaint that sounds. How delightfully old school.

But that’s what we did!

And now? No one pays for a TCP/IP stack.

When network stacks became free networking jobs didn’t go away. I would posit that we have more networking engineers now than we’ve ever had before. Their jobs morphed with the times and changes in tech.

It’s mid-2016 and I think we need to admit as that the identity industry now looks a lot like the networking industry did at its TCP/IP moment. The standards are mature enough. The support for them is broad enough. And another thing, not taking a standards-based approach is antithetical to the goals of the modern enterprise.

Simply put, identity is having its TCP/IP moment. And this TCP/IP moment will spawn other moments in identity management.

I want to talk about three impactful moments ahead for our industry:

  1.  Standards-based identity
  2. Outcomes-based identity
  3. Professionalized identity

I want to talk about these moments and changes associated with them, but keep in mind that although great change is ahead, we need not be afraid of that change. Continue reading “The Moments Ahead for Identity”

Identity is having its TCP/IP moment

[This is my keynote from Cloud Identity Summit 2015. Unlike most of my talks, this one did not start with a few phrases and then an outline and then a speech and then a deck. This one dropped out of my noggin in basically one whole piece. I wrote this on a flight back home from London based on a conversation with a friend in the industry. Oh, there is no deck. I delivered this as a speech.]

[Credit where credit is due: Josh Alexander gave me the idea for the username and password as cigarettes and the sin tax. Last year, Nat Sakimura around 2 in the morning in my basement talked about service providers charging for username and passwords to cover externalities, and I completely forgot about the conversation. Furthermore, at the time, I didn’t fully track with his idea. I totally get it now and want to make sure I assign full and prior art credit to Nat – the smartest guy in identity, sent from the future to save us all.]

 

 

Remember when we used to pay for a TCP/IP stack. Remember when we paid for network stacks in general? Hell, we had to buy network cards that would work with the right stack.

But think about it… Paying for a network stack. Paying for TCP/IP. Paying for an implementation of a standard.

How quaint that sounds. How delightfully old school that sounds.

But it was. And we did.

And now? No one pays for a TCP/IP stack. Or at least no one pays for it directly. I suppose you can say that what you spend on an OS includes the cost of the network stack. It’s not a very good argument but I suppose you can make it.

When network stacks became free (or essentially cost free) networking jobs didn’t go away. I would posit that we have more networking engineers now than we’ve ever had before. Their jobs morphed with the times and changes in tech.

It’s mid-2015 and I think we need to admit as that the identity industry now looks a lot like the networking industry did back then. The standards are mature enough. The support for them is broad enough. Moreover, not taking a standards-based approach is antithetical to the goals of the modern enterprise.

Simply put, identity is having its TCP/IP moment.

Continue reading “Identity is having its TCP/IP moment”

No Person is an Island: How Relationships Make Things Better

(The basic text to my talk at Defragcon 2014. The slides I used are at the end of this post and if they don’t show up you can get them here.)

What have we done to manage people, their “things,” and how they interact with organizations?

The sad truth that we tried to treat the outside world of our customers and partners, like the inside world of employees. And we’ve done poorly at both. I mean, think about, “Treat your customers like you treat your employees” is rarely a winning strategy. If it was, just imagine the Successories you’d have to buy for your customers… on second thought, don’t do that.

We started by storing people as rows in a database. Rows and rows of people. But treating people like just a row in a database is, essentially, sociopathic behavior. It ignores the reality that you, your organization, and the other person, group, or organization are connected. We made every row, every person an island – disconnected from ourselves.

What else did we try? In the world of identity and access management we started storing people as nodes in an LDAP tree. We created an artificial hierarchy and stuff people, our customers, into it. Hierarchies and our love for them is the strange lovechild of Confucius and the military industrial complex. Putting people into these false hierarchies doesn’t help us delight our customers. And it doesn’t really help make management tasks any easier. We made every node, every person, an island – disconnected from ourselves.

We tried other things realizing that those two left something to be desired. We tried roles. You have this role and we can treat you as such. You have that role and we should treat you like this. But how many people actually do what their job title says? How many people actually meaningful job titles? And whose customers come with job titles? So, needless to say, roles didn’t work as planned in most cases.

We knew this wasn’t going to work. We’ve known since 1623. John Donne told us as much. And his words then are more relevant now than he could have possibly imagined then. Apologies to every English teacher I have ever had as I rework Donne’s words:

No one is an island, entire of itself; everyone is a piece of the continent, a part of the main. If a clod be washed away by the sea, we are the less. Anyone’s death diminishes us, because we are involved in the connected world.

Continue reading “No Person is an Island: How Relationships Make Things Better”

Killing off IAM

I gave this talk a few months ago. I had just finished writing our 2013 Identity and Privacy Planning Guide and was trying to think of a different way to express what I had written. What I came up with was this very very different way to express what I had written. I’d love your feedback. Also, no commas were harmed in the filming of this presentation.