Ravi Pandya
ravi@iecommerce.com
www.iecommerce.com
+1 425 417 4180
vcard
syndicate this site
ARCHIVES
2007
11
10
2004
10
09
08
07
06
2003
04
02
01
2002
12
11
10
09
08
2001
11
ABOUT ME
Ravi Pandya
Architect
Cloud Computing Futures
Microsoft
ravip at microsoft.com
| 03- | Microsoft |
| 00-02 | Covalent |
| 97-00 | EverythingOffice |
| 96-97 | Jango |
| 93-96 | NetManage |
| 89-93 | Xanadu |
| 88-89 | Hypercube |
| 84,85 | Xerox PARC |
| 83-89 | University of Toronto, Math |
| 86-87 | George Brown College, Dance |
| 95- | Foresight Institute |
| 97- | Institute for Molecular Manufacturing |
DISCLAIMER
The opinions expressed here are purely my own, and do not reflect
the policy of my employer.
Sat 30 Oct 2004
Digital ID World was an interesting conference, and has grown substantially since last year – around 600 people, up from 250 last year. I got a few key take-aways from the conference:
1) Enterprises are deploying significant cross-company federated
identity systems
Last year federated identity was primarily being deployed to
integrate identity silos within large companies. This year there are real
deployments of federation across companies - Boeing has about a dozen
federation partners, Fidelity Benefits has about 30 partners totaling 200k
identities. Trust establishment is still a manual process, and while they
complain about the effort involved, enterprises don’t seem ready to give up
control - the legal arrangements around exchanging identities are too crucial.
2) Liberty and WS-* will coexist, with distinct niches in the ecosystem
Most vendors expect to support both WS-* and Liberty identity protocol standards &
formats, and people expect the Sun/Microsoft agreement to help interoperability
at this layer. It was good to see the Liberty
folks acknowledging the possibility of profiling the WS-* standards for areas
like secure conversation, reliable messaging, etc. Jason Rouault of HP
(representing Liberty) amusingly referred to it as the "granny flat" model -
apt enough in that Liberty is relying on WS-* for services it can’t provide for
itself, but it does conjure up a rather unflattering image of Liberty as the
old granny in the attic... (FYI, there’s a great introduction
to the web services architecture up on MSDN if you want to get a good
overview of the breadth of the platform.)
3) Grassroots identity systems are springing up everywhere
At the other end of the spectrum, there are whole bunch of little
companies/organizations working on grassroots federation - FOAFnet, sxip,
midentity, Identity Commons, etc. Working out a
viable business model is of course the big challenge they face - it’s
enormously difficult to get people using something new, especially one at a
time. But they’re focused on a really important area that the corporate
deployments tend to ignore: giving the individual full ownership and control
over their identity. (What Doc Searls called "mydentity" in last year’s keynote.) In
the consumer world, this is really where it should start - and even in the
corporate world, given the trend towards bringing
technology from home into the workplace. It’ll be interesting to see when
and if any of them start hitting the takeoff point.
4) Identity is not just about users, and it’s not just about identity
All the strategic overviews - Phil Becker, Jamie Lewis, Gordon
Eubanks, Justin Taylor - were clear that identity was just a piece in the
overall management puzzle along with authentication, authorization, auditing,
enforcement, etc. all coordinated by robust policy-based management. The strategic
presentations were also clear that we need
to think about identity for applications, devices, etc. as well as users
Other comments:
Tony Scott of GM is always interesting. Last year he talked about federating identity within GM’s sprawling global operation. This year, that’s pretty much done, and he talked about OnStar as their primary customer relationship management system - managing user identity and access to personalized services, music, etc. for 2.5 million+ users. He also mentioned that GM is going to a fully outsourced competitive bid process for all of their $3B annual IT spend - that will have a major impact on the industry.
The keynotes by Stratton Sclavos and Art Coviello of RSA were basically infomercials for SecurID tokens. Their big announcement was a partnership with AOL to promote "AOL PassCode" branded SecurID devices to their members for increased security. I personally don’t understand the value. They’re a pretty weak second factor - they’re still subject to man-in-the-middle attacks, though the auth is only good for 60 seconds so it’s a bit less damaging than password phishing.
07:17 #
© 2002-2004 Ravi Pandya | All Rights Reserved