Mark DiodatiThere’s a story that goes along with ‘Where the Streets Have No Name”, the opening track of U2’s “The Joshua Tree”. The song seamlessly melds a wonderful introduction–which has a 6/4 time signature—into the body of the song, which is in 4/4. The recording process got so onerous that progress was slow. Very slow. Brian Eno—a prolific and influential producer—concluded that the best approach for finishing the song was starting from scratch. The song’s framework rendered its completion nearly impossible. Just as he was about to erase several months of work, an engineer physically restrained him from hitting the button on the tape machine. U2, Eno, and Daniel Lanois (the other producer) muddled through and finished the masterpiece.
The good news was that the track was nearly completed. Too bad our work in identity management is not. Has its framework become so convoluted to be useful?
The Cloud has changed the enterprise computing model forever. Are we shoehorning Cloud-based identity constructs into antiquated enterprise notions of identity ownership? Have we sliced the identity market so thinly that it has lost coherence and any hope of synergy? Has the market pushed the suite vendors to build integration and common administrative consoles that remain unused and don’t solve real problems?
I am thinking about four goals:
- How do we provide identity attributes to applications when (and only when) they need them?
- How do we enable users to prove their identities while addressing privacy concerns and without needless repetition?
- How do we ensure that users have appropriate access to sensitive information and how do we prove it?
- How do we do these things in an agile, cost-effective manner?
The IdPS team (Bob, Ian, Kevin, Lori, Robin, and I) are planning the 2011 Catalyst agenda and are interested in your perspectives. The agenda will incorporate the thoughts discussed here.
Some relevant research (subscription required):
- The Emerging Architecture of Identity Management
- Directory Services, Federation, and the Cloud
- Mythbusting the IdM Suite
Category: Uncategorized Tags:
1 response so far ↓
1 Chris LaPoint January 11, 2011 at 3:37 pm
Mark, first of all, love U2 so great reference
The questions captured below are similar to the ones we’re raising at UnboundID about what next-gen IdM needs to look like. However, one of the additional challenges we see that The Cloud brings for applications is the requirement for real-time access. Whether you’re a provider of Cloud-based applications or you’re a consumer of Cloud-based services, business application decisions are time sensitive, so “waiting” for a response while identity data is consolidated just-in-time is going to be unacceptable in many cases. So, perhaps an extension to the original question/goal to ask is “How do we provide identity attributes to applications just-in-time without impacting the latency at which this information is provided?” The other question we would ask is “How do we ensure customer identity is not just known at the front doors of the enterprise, but across the entire business?”. A unified experience for customers certainly starts with login, but how do enterprises ensure this experience extends to billing, support, and other facets of the business not tied directly to a browser session? I’ve tried to capture our thoughts around this concept in my last blog post: http://www.unboundid.com/blog/2011/01/11/unified-customer-experience-%E2%80%93-its-more-than-just-single-sign-on/.