The Simple Things Seldom Are

It’s amazing how often we (and by “we” I mean those of us who deal with the high flying world of identity management) get brought back to earth by the reality of everyday life. Usually, this happens when someone asks such a simple and obvious question that we wonder how we overlooked it in the first place.

A while back, I was pulled out of the world of identity services, Open ID, protocols and exotic role structures by a simple request posed by a prospective customer. In evaluating our product, they were wondering (quite innocently) if there was any way to improve the rate of identity on-boarding and ongoing reconciliation by a factor of 10.

“A factor of 10”, we mused? Why? Obviously everyone wants fast performance, but this is taking things to a whole new level. As an engineering organization, we have already put in a fair amount of time optimizing the behavior of the product to make it work as efficiently as possible, bringing performance to a level that matches the benchmark requirements of our (fairly large and sophisticated) customer base. On top of that, we have tools and best practices to help customers create solutions that fit their needs. Despite all of these, we were not going to meet their requirements.

A little work helped us identify the solution to their problem (it was based on a divide-and-conquer approach of data segmentation and parallel scheduled jobs). So we were able to achieve the required throughput. But it required some fancy footwork and fancier system configuration.

And just this week, I heard the same requirement again. Except that this time, the required factor was a 100. It made me think “The more things change, the more they stay the same”. For all the fancy capabilities we are trying to add on to our product lines, we just can’t afford to ignore the fundamentals.

Yesterday I read a post by Mark Dixon talking about China Mobile. The statistics are incredible:

• 327 million subscribers
• 5.28 million subscribers added in May alone.

The implications are pretty clear. For identity services to become a reality, IdM products (like ours) need to scale up tremendously, without sacrificing all the bells and whistles that have been added (for auditing, role management, automated provisioning and compliance, among other things). As technologies like Open ID and CardSpace move us closer to the day of a single internet identity (one hopes), the applications that rely on the identity services to make all this possible are going to demand better functionality without any sacrifice in performance.

This will require work at every level of the stack – the data store, the application container, the IdM service provider, the identity frameworks and the applications themselves. Oracle is working hard on all of these. But for all that, I look at some of the efforts underway (like in the Higgins project) and some of the technology protocols (like XACML) and wonder: Are we really ready for something like this?

What do you think?