“Identity” is far from an understood concept

As usual, it has taken a while for me to resurface from my latest conference stint. Not because I overextended myself while in Vegas for Collaborate. That only warrants a few days. No, the real reason is that being offline from work for just a few days means loads of catching up to do. And there is a lot of work going on in the IdM team, especially related to Fusion, which was all the talk at Collaborate.

Discussions on Identity at Collaborate
Not suprisingly for a user group conference, the overwhelming majority of questions I fielded at Collaborate pertained to how IdM fits into the Fusion vision for applications. People from various strata of the applications universe were trying to understand this at a very basic level. But what complicated the discussions was the fact that people are still not clear on what we mean when we talk about “Identity”. In fact, I even got someone asking me if identity management was similar to UDDI! While I certainly wasn’t expecting people at the conference to have a deep understanding of identity management, that one threw me for a loop.

The Challenge
Recently, Johannes Ernst asked members of the Internet Identity Workshop how they would explain to an identity neophyte and non-technologist “why identity is important”. The spirited discussion led to the rather generic, but all-important, conclusion that identity provides context that enables you and your consumers to do business the way you want to. Doing business the way you want encompasses issues of trust, transparency, convenience, security, privacy and community. As context changes based on the business domain you are talking about, so does the definition of identity.

Our Focus: Enterprise Identity
The focus of our group has been on that specific version of digital identity that we refer to as Enterprise Identity. Enterprise Identity covers those aspects of your digital representation within the enterprise environment that the enterprise needs to manage or delegate management of. So in that context, Enterprise Identity covers personally identifiable information (PII), roles, relationships, accounts and related access, physical assets and privileges/entitlements. The diagram below illustrates this basic definition (click on it for a larger view).

Identity in Fusion
One of the things that constantly comes up in any discussion of Fusion is a debate around where identity data ends and application data begins. PII and some aspects of roles and relationships today reside most commonly within the domain of HR applications. On the other hand, application environments like retail applications consider this application data. Entitlement management has traditionally been within the application domain. And we know how much of a mess any discussion of roles ends up being.

In a SOA-based enterprise architecture, this kind of ambiguity is a recipe for chaos. And as identity has become an important component of application business logic, businesses are being forced to empower end-users via self-service and delegated administration capabilities to make their architectures scalable and practical. This requires the view of “one identity” for a user in Fusion, so that users have one place to go in order to manage their identity in the enterprise. That is the central idea behind the campaign for “identity as a service” and its inclusion into Fusion architecture via a middleware service called Fusion Identity Management. This was what I introduced in my session at Collaborate, and if you missed it, well, there’s always OpenWorld 🙂

In the meantime, it would be interesting to hear from people in the applications community what they feel identity management in Fusion means to them. So start sending me those comments and emails.