IdentityStuff: September 2005

Enforcement - A New Metaphor?

So I was talking with my buddy Ian Glazer again today and we were discussing the Identity Management space and how the products out there from Sun, Novell, and IBM and others are a kind of policy management or process management tool. They auotmate the process of adding, modifying and deleting users. They will be as effective as the policies and processes behind them. Kind of like Congress or even a State legislature. Just like these institutions exist, the cops are the enforcers of the laws (policies) set up by the governing bodies who set them up.

So we were talking about Trusted Network Technology's offering in the context of really being the enforcer. It is a level 2 device that looks at packet data as they flow across the network and permits or denies access to resources if the policies permit it. Here is the interesting rub - the solution enforces - it does not set policy, or manage. The kicker in the value of this is go ahead and deploy your Identity Management applications, it's a great thing to do, however just like Congress or State legislatures, the policies would be useless without the cops.

Pretty cool stuff.

More on a Role...

I do a lot of work with a Fortune 5 that is the largest market capitalized company in the US and have spent a lot of time thinking about roles as they relate to identity at the micro level, i.e. inside an organization. Even at the micro level will we ever be able to replicate the intricasises of the human mind and experience in the digital realm?

At a company/employer I have a title and a role, and other static information that is associated with me, or in the case of a corporate identity, my name. My name keys off a serious of other data (currency) about me, or put another way, the different pieces of currency add up to a relative value of me an employee.

When I look at how Identity management has evolved, it started with a directory. A directory being nothing more than a place to store data; what a bank is to currency, using my metaphoric approach here. Then once the bank knows how much currency it has, it breaks it down by value or denomination. Using currency in this example is easier for me to grasp as a concept but as a practice, however there are governing bodies and organizations that help us humans protect and maintain a baseline value of currency. No such thing exists for data. However just like banks and organizations that deal in currency, we have ways to store it, carry it, move it from one location to another, secure it, use it for harm or good, and exchange it. What we don't have for data is a way to assess its baseline value as it relates to other currency. I am wondering if Identity Management is an attempt at doing this.

Then I am back to static vs. dynamic data/currency. The currency does not change but its value does. Is the value of hard currency what roles are to identity management, and the Gold Bar is our DNA or SSN? Hmmm. Something to ponder this weekend.

I'm on a Role...

I was thinking this weekend about life as it relates to identity. Specifically that my identity (name, age, sex, SSN, etc.) is only a part of who I am. There are also roles that I have in my life that make up the other parts. There are static components of my identity, and there are fluid components of my identity.

As an example - when I was born, I was a son. When my sisters were born, I was a son, and a brother. Then I became a son, a brother, a cousin, a friend. Then I became a student, son, a brother, a cousin, a friend. Then I became an employee, student, son, a brother, a cousin, a friend. Then a boss, employee, student, son, a brother, a cousin, a friend. Then a father, boss, employee, student, son, a brother, a cousin, a friend. You get the idea.

My static identity did not change, however my roles throughout my life have changed.
So are we looking at managing the static components of our identity today, with the more complex components of identity (roles) being looked at for the future? How do we as an industry full of problem solvers tackle this one? Hmmm.

I am in an offsite Management meeting this week so I'll post when I can.