Talking Identity | Nishant Kaushik's Look at the World of Identity Management » ISWG

Change We Need

Nishant Kaushik — Tue, 02 Dec 2008 03:56:22 +0000

It’s been a long time since I have been able to post. A lot conspired to make it difficult for me to keep up with my blogging, not the least of which has been a number of interesting, but under wrap, developments within the IdM group at Oracle (if you follow me on Twitter, you may know what I am talking about). I‘ve been knee-deep in meetings planning our development projects for next year, so stay tuned to this space for a look ahead.
My last post was just before I headed to Prague to participate in a panel on Identity Services at Burton’s Catalyst Europe conference. I could make some jokes about how it has taken me this long to recover from the craziness in Prague, and it would be partly true. But I wouldn’t even begin to know how to describe all of it, so this is me moving swiftly on.

During the panel discussion (thanks to Oracle’s own Dennis MacNeil for taking the photograph above), we talked about the work we’ve been doing in Burton’s Identity Services Working Group (ISWG). Kevin preceded the panel with a presentation outlining the results of the first phase of our work, which has focused on the basic services in an identity services architecture – attributes, authentication and authorization. I can’t really share the results of the work here, because of the rules we work under as part of the working group (I’ll try and talk Kevin into letting me share some of it). However, I will say that one of the interesting developments from the many meetings we had, and which informed the approach taken in this phase of the project, was the group adopting the thought that “Authentication is simply an Obligation in an Authorization process” (think about it). As a result, we have come up with an interesting take on the role of PEPs, PDPs and Claims in the architecture.
The bulk of the panel discussion focused on explaining the drivers for the work being done in the ISWG. The fact that all the folks on the panel were either vendors or financial industry folks meant that the talk was about creating efficiencies, standardizing deployment architectures, maintenance and upgrade headaches and freedom from vendor lock-in. All good reasons to keep in mind when understanding how identity services needs to evolve and get used.
But one of the things that didn’t come up was the fact that our industry as a whole is headed towards a seismic shift in how we deal with identity, and that having a good identity services story is crucial to being able to weather the storm. Change is definitely in the air, and not just because the recent election cycle or recession fears have put that word firmly in our conscious. You can sense this by doing a quick scan of the blogosphere. Rapid advancements in the area of Information Cards and OpenID, Microsoft’s recent work encapsulated in the Geneva announcement, our own work on the IDx project and the emerging talk of the “Open Stack” for identity are all key developments to follow to understand where we are headed as an industry. There is a lot of work still to be done in these initiatives, but one can already see the far-ranging implications of all these projects. And identity services will be the backbone that allows enterprises and applications to adapt in a scalable manner.
Much needed change is on the way, so buckle up.

Tags: Burton Catalyst Conference, BurtonGroupCatalyst08, Identity Services, ISWG

The fun never stops in Identity World

Nishant Kaushik — Thu, 02 Oct 2008 23:14:04 +0000

Boy, it was an exhausting September. There was a lot going on between work, Digital ID World, Oracle OpenWorld and the Burton Identity Services Working Group. Unfortunately, this left me little time to write on this blog. But hopefully all of you were able to follow my real-time thoughts on Twitter. If you are interested, check out my DIDW tweets and my OpenWorld tweets.

It was interesting to see the amount of discussion going on around the topic of Identity Services. At DIDW, there were a number of different sessions that looked at different parts of the Identity Services challenge. Kim Cameron talked about claims-based identity transactions in his keynote. All the different discussions on Liberty’s Identity Assurance Framework were trying to deal with improvements needed in the authentication service. Some of the necessary standards discussions came up in the session on “Bootstrapping Identity Protocols”. And of course Jamie Lewis talked about it in his keynote.

At OpenWorld I once again took on the task of trying to illuminate the masses on identity services. It isn’t a topic that usually gets a lot of interest at OpenWorld, since the attendees are mostly interested in figuring out real world implementation issues. So the sessions most attended were the ones that looked at best practices and customer case studies. Also, being scheduled for the first session of the day at 9am didn’t help drive up my attendance numbers.

But I did get a pretty decent crowd, all things considered, and got some good questions and very good feedback and validation on the content of my presentation. I did try to spice it up by throwing in a bit of humor centered around “The Love Guru” (since identity services is all about achieving identity nirvana); not sure if that helped or hurt. I wanted to post the presentation here for all of you, but OOW presentations are paid content controlled by Oracle, so I can’t. But I will be adapting that presentation for some talks I am giving to customers on the topic of Identity Services, and I will post that presentation, along with a discussion of how my architecture has evolved, in an upcoming blog post.

October is looking to be just as busy. Of course there is all the usual stuff going on at Oracle. Tomorrow I’ll be doing a quick dash across the border and back for the second all-day workshop of the ISWG. Then later this month I will be heading to Europe, where I will be meeting with some customers and attending Burton’s European edition of the Catalyst Conference. I will be part of a panel that includes other ISWG members from TD Bank, BT, Credit Suisse, IBM, Sun, Novell and, of course, Burton that will be talking about Identity Services and presenting some of the work we have done in the working group. Catalyst Europe is in Prague, which is a city I absolutely love, so I am pretty excited about that too. Should be a fun month.

Tags: Digital ID World, Identity Services, ISWG, Oracle OpenWorld

The Frameworks are Coming

Nishant Kaushik — Mon, 11 Aug 2008 21:40:05 +0000

I read with great interest Kim Cameron’s most recent post about the Beta release of Zermatt, Microsoft’s new identity application development framework. It is a step towards the kind of programming framework that I have been talking about and working on with my colleagues at Oracle for a while now. So I am just a little bit jealous that Microsoft beat us to it. But at Oracle, we have a whole different set of challenges that we are dealing with.

Coincidentally, the version we are developing internally is code-named IDx (According to Kim, Microsoft’s internal name for Zermatt used to be IDFX). The first version is being built as the underlying platform for Fusion Applications. But my main job on this project is to make sure that it does not end up as an Oracle proprietary framework, and can become a true development platform on which anyone can build identity-enabled applications, running on top of any identity management provider (MS, Oracle, Sun, etc.).

That is a challenging task, and requires a strong standard API as an abstraction between the application and the identity management providers supporting it. One of my hopes for the Burton Groups Identity Services Working Group is that they will help us ratify what this standard interaction needs to be (of course, we are planning on contributing in a major way to the definition of these APIs, and have been working hard on some aspects of these as part of the IGF initiative). Hopefully, we can do the right thing, and justify Pamela’s optimism for the future.

Zermatt allows applications to incorporate a claims-based identity model for authentication and authorization. The claims-based model is one that I brought up in my talk at DIDW almost one year ago. Microsoft has published a whitepaper in conjunction with the Beta release, and I’ll be taking a look at it to learn and to contrast it with our approach. I’ll talk about my thoughts on Zermatt in the upcoming weeks.

Tags: Identity Frameworks, Identity Governance Framework, Identity Services, ISWG, Microsoft Zermatt

The Optimist is feeling a little pessimistic

Nishant Kaushik — Fri, 25 Jul 2008 23:14:48 +0000

Seems like the recent Catalyst conference led the Eternal Optimist, Pam Dingle, to question how we are doing as an industry. It is true that a lot of the messaging has shifted from what enterprises need to accomplish based on their unique needs to “check-off the list” buzzwords like GRC (which Bob Blakely called a “four letter word”), RBAC and User-Centric.

Pam’s definition about why Enterprises should invest in identity is not new, nor has it never been said before. But it seems like periodically, people need to reiterate the message to remind people that they should keep their eye on the ball. Too many times, the people going into identity projects do so because of a corporate mandate, with little understanding of why exactly they need to do it, or what the needs are that they are trying to address.

But I don’t quite share Pam’s pessimism expressed in the second half of her post. When she asks

The really interesting question will be whether or not the big vendors will ever start enabling truly integrated provisioning and SSO support for the full range of their products.

I think she asks a question that many have been asking, and some of us are starting to work on. The key word here is “work”, because the vision for standardized identity services is still just that – a vision. Reality is that there are a number of enterprises out there that are implementing identity services strategies on their own, but there is no concrete way for COTS and SaaS applications to rely on identity services for these critical functions. Even Oracle’s work in this area (which I have been blogging about for a while) is proprietary at this point, and very much driven by the vision for Fusion Applications that is articulated in Pamela’s hope for stack offerings with an “integral adherence to an identity vision, instead of bolted-on adherence”. This is one of the main reasons why I have joined the Identity Services Working Group that the Burton Group is running, to work with the community on defining the missing pieces that can make identity services a cohesive solution that all applications can be built on.

Tags: Identity Services, ISWG