One of my favorite topics that I have not touched on in a while is that of why Projects succeed or fail. Of course one thing that most people agree on is making sure that you have management and executive sponsorship. With that in mind, I found this short but interesting article. It's nice to hear what's needed and helpful in an Identity Management project straight from the source.
I particularly liked the third point, which was "Speak our language" This is one place where too many consultancy engagements fail, as we are so involved in reporting the technical details that we forget to phrase them in the context of the client.
This means that aside from the "Executive Summary", be prepared to go into a little more detail or at the very least find out if business level overviews need to be given. This is a great opportunity to stretch the team's Business Analyst or Junior Consultant to make sure that they bring the technical layer into the business or the business layer into the technical in a slightly deeper level than usual.
Monday, September 29, 2008
Thursday, September 25, 2008
I am a chi.mp!
chi.mp update:
Just got my beta invitation. I'll be posting my impressions.
I've setup my basic profile. Now I just have to figure out what to do with it.
More to come... (At least once my profile get's saved)
Just got my beta invitation. I'll be posting my impressions.
I've setup my basic profile. Now I just have to figure out what to do with it.
More to come... (At least once my profile get's saved)
Friday, September 19, 2008
Consolidation
Well we've seen a bit of consolidation over the years in the IdM space with Oracle, SUN, SAP, IBM and others buying like there's no tomorrow. Don't get me wrong, I think it's a good thing for the industry and it has helped promote thinking and competition in the space.
Could the next step be consolidation of integration firms? I just saw this link about Entology, which is to be acquired by PriceWaterhouse Coopers.
This on the other hand, does make me think. Do the big consulting firms need to get bigger? Is the IdM industry ready for something like this? While the big firms certainly get the benefit of the many fine minds at Entology, (I have been privileged to meet several Entology employees and alumna, and found them to be quite smart and genuinely good people) this got me thinking about why these things happen. (Not necessarily from the business side, but more from the process/engagement side)
Perhaps it is an issue of evolution. As consulting firms gain experience, they go after larger and larger accounts in the process gaining more and more people in differing roles to support those accounts. I would assume that at a certain point, either you become a big firm or a big firm acquires you. Which is why the largest companies prefer the bigger firms where larger groups of analysts, engineers, architects, engagement managers and project managers are needed? While in smaller firms and companies, all of these roles might be needed, but tend to be done by fewer people wearing multiple hats. Then as people grow within these firms, there is always the thought of "Hmmm... if I were running the business..." and violĂ , a new small consultancy is born.
Whch is best and what is best for the industry? I think there are many variables involved and this little essay is not going to be able to even document all of them. There’s a right fit for all customers, consulting firms and consultants and as long as the evolution process keeps spinning, we will all come out on top.
Thursday, September 18, 2008
Win an iPod Touch
Ian Yip has many questions about how people are thinking about implementing Identity Management Services. To this end he has posted a survey to get some more information. As an incentive to get participants, Ian has teamed up with Identropy to give away an iPod touch to a random participant.
So go fill out the survey and we'll all benefit from the results, and someone will get an iPod!
Monday, September 08, 2008
Articles of Federation
I've been thinking about personal identity and how it gets shared around the Internet and other parts of life. Certainly, Eve Mailer from SUN has been thinking about this a lot lately, having done presentations at Burton Group's Catalyst, Gnomedex and other events. She's taken to using Venn diagrams to explain the relationships between forces in digital identity management. These diagrams really started me thinking about how one's own digital identity really reaches out into one's every day business.
This got me to thinking about what happens when we try to control how our identity is shared. Certainly there are things going on like the Liberty Alliance, Higgins project, chi.mp, and CardSpace. But before this can happen there has to be an agreement, even a contract that states what one will choose to share and how that information can be. Many people have mentioned that this is what makes this so hard. Heck, I'll go further. It's a mine field, in a world filled with data losses, identity theft, and outright fraud.
This got me to thinking about what happens when we try to control how our identity is shared. Certainly there are things going on like the Liberty Alliance, Higgins project, chi.mp, and CardSpace. But before this can happen there has to be an agreement, even a contract that states what one will choose to share and how that information can be. Many people have mentioned that this is what makes this so hard. Heck, I'll go further. It's a mine field, in a world filled with data losses, identity theft, and outright fraud.
On BPuhl's Blog, there are some interesting comments on the steps involved to Federate. There's a similar posting regarding the policies and background that needs to happen here, as well.
The Liberty Alliance has gone so far as to come out with a document that serves as a framework for digital identity agreements.
We all see a need to have these protections on both the identity and service provider sides, plus in a retail setting, the user him/her self needs separate protections. Until we can come to an easily deployable solution for this protection, federated identity faces some big challenges.
Tuesday, September 02, 2008
Centric Identity
So Dave Kearns and Jackson Shaw have been thinking about User Centric and Enterprise Centric Identity.
As I roll this around in my head, I'm wondering what the differences are and how they are applicable within the industry and everyday life. As I see it, Enterprise Centric Identity is all about what we see in the IdM world. The Identity that goes through life cycle changes as people affiliate with organizations, become provisioned with in them, have changes occur as roles, responsibility, titles and geographic change. This is the Identity that is at least partially owned by organizations and is processed, searched and checked for compliance.
User Centric Identity is about a person's identity that they use in transactions outside of the enterprise. This is the identity that transacts online business transactions. This identity is more concerned with security and privacy. It's generally not accessed for provisioning, but might be for search and certainly monitored by compliance (ever read a privacy policy?) The sole provisioning activity I could see for User Centric Identity would be in the case of a certificate or two factor authentication material for use in securing transactions.
These two types of identities server different purposes, and so as Jackson says, "We need both". I'd actually go a bit further and say we're required to have both. The Enterprise Centric Identity will always be about gathering as much information possible and publishing it within specific rules (reconciliation policies, compliance rules, IT strategies) While the User Centric Identity is about privacy. What's the minimum information required for a secure transaction so that users do not potentially leak out information that can be snooped and exploited (aka Identity Theft)
I don't think that one would own only one Enterprise or User Centric Identity, either. Multiple Enterprise Centric identities could also exist as people might be members of simultaneous Enterprises. People attending a college or university while working in the Enterprise would certainly have multiple Enterprise Identities.
Certainly one's personal identity is the most User Centric and we seek to protect it as much as possible. But there would also be subsets of one's Enterprise Identity which will be used for establishing transactions throughout the workplace.
I'm not sure I have this right just yet, but I think there's the beginning of a discussion here.
As I roll this around in my head, I'm wondering what the differences are and how they are applicable within the industry and everyday life. As I see it, Enterprise Centric Identity is all about what we see in the IdM world. The Identity that goes through life cycle changes as people affiliate with organizations, become provisioned with in them, have changes occur as roles, responsibility, titles and geographic change. This is the Identity that is at least partially owned by organizations and is processed, searched and checked for compliance.
User Centric Identity is about a person's identity that they use in transactions outside of the enterprise. This is the identity that transacts online business transactions. This identity is more concerned with security and privacy. It's generally not accessed for provisioning, but might be for search and certainly monitored by compliance (ever read a privacy policy?) The sole provisioning activity I could see for User Centric Identity would be in the case of a certificate or two factor authentication material for use in securing transactions.
These two types of identities server different purposes, and so as Jackson says, "We need both". I'd actually go a bit further and say we're required to have both. The Enterprise Centric Identity will always be about gathering as much information possible and publishing it within specific rules (reconciliation policies, compliance rules, IT strategies) While the User Centric Identity is about privacy. What's the minimum information required for a secure transaction so that users do not potentially leak out information that can be snooped and exploited (aka Identity Theft)
I don't think that one would own only one Enterprise or User Centric Identity, either. Multiple Enterprise Centric identities could also exist as people might be members of simultaneous Enterprises. People attending a college or university while working in the Enterprise would certainly have multiple Enterprise Identities.
Certainly one's personal identity is the most User Centric and we seek to protect it as much as possible. But there would also be subsets of one's Enterprise Identity which will be used for establishing transactions throughout the workplace.
I'm not sure I have this right just yet, but I think there's the beginning of a discussion here.
Subscribe to:
Posts (Atom)
