So Dave Kearns and Jackson Shaw have been thinking about User Centric and Enterprise Centric Identity.
As I roll this around in my head, I'm wondering what the differences are and how they are applicable within the industry and everyday life. As I see it, Enterprise Centric Identity is all about what we see in the IdM world. The Identity that goes through life cycle changes as people affiliate with organizations, become provisioned with in them, have changes occur as roles, responsibility, titles and geographic change. This is the Identity that is at least partially owned by organizations and is processed, searched and checked for compliance.
User Centric Identity is about a person's identity that they use in transactions outside of the enterprise. This is the identity that transacts online business transactions. This identity is more concerned with security and privacy. It's generally not accessed for provisioning, but might be for search and certainly monitored by compliance (ever read a privacy policy?) The sole provisioning activity I could see for User Centric Identity would be in the case of a certificate or two factor authentication material for use in securing transactions.
These two types of identities server different purposes, and so as Jackson says, "We need both". I'd actually go a bit further and say we're required to have both. The Enterprise Centric Identity will always be about gathering as much information possible and publishing it within specific rules (reconciliation policies, compliance rules, IT strategies) While the User Centric Identity is about privacy. What's the minimum information required for a secure transaction so that users do not potentially leak out information that can be snooped and exploited (aka Identity Theft)
I don't think that one would own only one Enterprise or User Centric Identity, either. Multiple Enterprise Centric identities could also exist as people might be members of simultaneous Enterprises. People attending a college or university while working in the Enterprise would certainly have multiple Enterprise Identities.
Certainly one's personal identity is the most User Centric and we seek to protect it as much as possible. But there would also be subsets of one's Enterprise Identity which will be used for establishing transactions throughout the workplace.
I'm not sure I have this right just yet, but I think there's the beginning of a discussion here.
No comments:
Post a Comment