Ravi Pandya
ravi@iecommerce.com
www.iecommerce.com
+1 425 417 4180
vcard

syndicate this site

Ravi Pandya   software | nanotechnology | economics

ARCHIVES

2007 11 10

2004 10 09 08 07 06

2003 04 02 01

2002 12 11 10 09 08

2001 11

ABOUT ME

Ravi Pandya
Architect
Cloud Computing Futures
Microsoft
ravip at microsoft.com

03-Microsoft
00-02 Covalent
97-00 EverythingOffice
96-97 Jango
93-96 NetManage
89-93 Xanadu
88-89 Hypercube
84,85 Xerox PARC
83-89 University of Toronto, Math
86-87 George Brown College, Dance
95-Foresight Institute
97-Institute for Molecular Manufacturing

DISCLAIMER

The opinions expressed here are purely my own, and do not reflect the policy of my employer.


Sat 30 Oct 2004

Digital ID World 2004

Digital ID World was an interesting conference, and has grown substantially since last year Ė around 600 people, up from 250 last year. I got a few key take-aways from the conference:

1) Enterprises are deploying significant cross-company federated identity systems
Last year federated identity was primarily being deployed to integrate identity silos within large companies. This year there are real deployments of federation across companies - Boeing has about a dozen federation partners, Fidelity Benefits has about 30 partners totaling 200k identities. Trust establishment is still a manual process, and while they complain about the effort involved, enterprises donít seem ready to give up control - the legal arrangements around exchanging identities are too crucial.

2) Liberty and WS-* will coexist, with distinct niches in the ecosystem
Most vendors expect to support both WS-* and Liberty identity protocol standards & formats, and people expect the Sun/Microsoft agreement to help interoperability at this layer. It was good to see the Liberty folks acknowledging the possibility of profiling the WS-* standards for areas like secure conversation, reliable messaging, etc. Jason Rouault of HP (representing Liberty) amusingly referred to it as the "granny flat" model - apt enough in that Liberty is relying on WS-* for services it canít provide for itself, but it does conjure up a rather unflattering image of Liberty as the old granny in the attic... (FYI, thereís a great introduction to the web services architecture up on MSDN if you want to get a good overview of the breadth of the platform.)

3) Grassroots identity systems are springing up everywhere
At the other end of the spectrum, there are whole bunch of little companies/organizations working on grassroots federation - FOAFnet, sxip, midentity, Identity Commons, etc. Working out a viable business model is of course the big challenge they face - itís enormously difficult to get people using something new, especially one at a time. But theyíre focused on a really important area that the corporate deployments tend to ignore: giving the individual full ownership and control over their identity. (What Doc Searls called "mydentity" in last yearís keynote.) In the consumer world, this is really where it should start - and even in the corporate world, given the trend towards bringing technology from home into the workplace. Itíll be interesting to see when and if any of them start hitting the takeoff point.

4) Identity is not just about users, and itís not just about identity
All the strategic overviews - Phil Becker, Jamie Lewis, Gordon Eubanks, Justin Taylor - were clear that identity was just a piece in the overall management puzzle along with authentication, authorization, auditing, enforcement, etc. all coordinated by robust policy-based management. The strategic presentations were also clear that we need to think about identity for applications, devices, etc. as well as users

Other comments:

Tony Scott of GM is always interesting. Last year he talked about federating identity within GMís sprawling global operation. This year, thatís pretty much done, and he talked about OnStar as their primary customer relationship management system - managing user identity and access to personalized services, music, etc. for 2.5 million+ users. He also mentioned that GM is going to a fully outsourced competitive bid process for all of their $3B annual IT spend - that will have a major impact on the industry.

The keynotes by Stratton Sclavos and Art Coviello of RSA were basically infomercials for SecurID tokens. Their big announcement was a partnership with AOL to promote "AOL PassCode" branded SecurID devices to their members for increased security. I personally donít understand the value. Theyíre a pretty weak second factor - theyíre still subject to man-in-the-middle attacks, though the auth is only good for 60 seconds so itís a bit less damaging than password phishing.

07:17 #


© 2002-2004 Ravi Pandya | All Rights Reserved