Monday, December 28, 2009

Letting Users Manage Their Online Identities - Government 2.0

The posted an interview with Heather West from the Center for Democracy and Technology.  Heather explained how User-Centric Identity works and the plans the government has to allow a few websites allow user's to authenticate/register with third-party data.

This is getting interesting since it can definitely be a driver for "Identity in the Cloud".  User-Centric Identity can be beneficial for end-user's who want to protect their privacy by demanding granular controls of their data from their Identity Providers (a great example is Facebook).  Facebook, although far from perfect when it comes to privacy, has changed their privacy methods and protections based on end-user demands and market drivers (for better or worse).  Now, I am not saying Social Networks are the only option for Identity Providers, but Facebook is a good example since it holds the largest number of personal identifiable identities.

I am going to try to keep up with "Government 2.0" (Open Government) and how it affects Identity,  I think this will drive Identity Management in the next decade.

Sunday, December 27, 2009

Open Trust Framework for Open Government

I was reading the Open Trust Framework for Open Government pdf released by ICF and my first thought was "why do we want government involved on this", but as I read the document it made perfect sense. And I actually agree with the concept.  Basically, the Government realizes that they don't necessarily have the best "identity data" available to satisfy industry and an "open" framework with an open market methodology satisfies their needs as a Relying Party (RP) of identities.

So, the government is not necessarily creating policy for an Identity Trust Framework, but an initial driver and our tax dollars better used... (I know, I am trying to convince myself...)

The best part is that if the government is an RP others will follow.

The other interesting fact I was not aware of, is the work of InCommon as a Trust Framework used by Higher Education mainly for federated single sign-on (not necessarily fully in the "Cloud").  This is definitely a good example (as it is stated in the document) of an "Open Identity Trust Framework."

Friday, December 25, 2009

Open Identity Trust Framework (IIW)

I think I am going to forget about "Identity Trust Network"  I like the title and work behind "Open Identity Trust Framework" being done by the folks at IdCommons at Internet Identity Workshop.  This work seems to be at a very early stage, but it is important that an open standard/framework for trust be available for the certification of identities in the cloud being provided by Identity Providers.

The concern with not having such framework would be some sort of National ID that is fully controlled by a single organization (such as the Federal Government) or some group of high profile companies.

The ideal scenario would be the use of a framework where organizations that are Identity Providers can be judged and rated on how "trusted" the services they provide are (since they certify the trust of the identities they manage).

Thursday, December 24, 2009

Identity Trust Network

Identities in "the Cloud" have taken and interesting form.  When I think of my Identity on the web today, I attempt to expose data that I think will be of benefit to me (either true or not), so my Identity cannot be trusted by someone who does not really know me.  Now, when you think of my Identity you take in consideration information I provided and information others provide (true or not).  Therefore, trust is key for you and I to be able to perform a transaction.

Here is a term I have been thinking about: “Identity Trust Network”, where Identity Providers attest the claims of an Identity and allow the consumption of trusted identity data based on the Identity owner allowed usage.

This term came to mind when thinking about Identity in the Cloud and its meaning.  The following was my train of thought:

- For Identity to exist in the Cloud, it requires a provider of this data.
- Identity data represents an individual (Identity Owner).
- This individual has provided their identity data to the provider.
- The provider must attest that the identity data is trusted.
- The trusted identity data will be consumed by a third party based on the owner's allowed usage (privacy)
- Identity Owner and third-party perform a transaction

Tuesday, October 20, 2009

Cloud Provisioning Services using Oracle Identity Manager

I just found out that during Oracle Open World, EDS (now HP) plans to offer (or is offering already) Provisioning Services over the cloud using Oracle Identity Manager. I think it is a great idea, but I would like to see the implementation. The session at Oracle Open World was named "EDS Automates Infrastructure Outsourcing Provisioning Processes with Oracle Identity Manager"

Monday, October 19, 2009

Provisioning Workflows over the Cloud?

I was reading Nishant Kaushik blog post about his session at Oracle Open World ( and got me thinking about the cloud and the need for Identity Services providers.

Could public-providers of Identity Services be a reality or just a utopian dream?

There are several issues, and in my mind benefits for business clients using an Identity Service provider for their Identity Management needs, instead of using a costly IdM installation.

Mid-size businesses can actually benefit from the use of such services due to the possible low cost and speed of integration, but an issue that is not normally talked about is provisioning workflow, and if a "cookie-cutter" approach is used, businesses will be forced to make changes to their current business processes which would normally be a rejected approach.

Can it be possible to provide workflow services over the cloud in an efficient way for provisioning?

Update: October 19, 2009 - I just found a company that provides provisioning workflow as part of their Identity Management solution for SaaS environments. I can't really evaluate it, but it will be interesting to see what they have to offer: Conformity, Inc.

Wednesday, August 26, 2009

Identity in the Age of Cloud Computing

I found the following document that I have not read thoroughly yet, but it deserves a post since it is about 100 pages on the subject :)

Identity in the Age of Cloud Computing