Monday, September 13, 2010

Making Identity Portable in the Cloud by xmlgrrl

I thought I would repost this presentation because I find it very informational as it relates to Identity in the Cloud.

Note: You will have to register or have been previously registered at BrightTALK  (what about using an external IdP BrightTALK) ;)



A BrightTALK Channel

Thank you xmlgrrl

Wednesday, September 8, 2010

Identity Management - a form of Control or a Service

I was reading the following article "Iris Scanners Create the Most Secure City in the World. Welcome, Big Brother" from Fast Company and it got me thinking on the thin line between security and privacy and when a security service becomes a form of control specifically around Identity and Access Management.

Individuals seem to be more concerned about the misuse of identity data by a private organization than a government office.  What is the difference between Facebook and the city of Leon?  Not to say that Facebook does not have its own issues with privacy, but at least we have the option to use it and I have to say, they have responded pretty well to the privacy demands from their end-users.   But when it comes to governments and the use of identity data, we are dealing with entities that today may use it for the benefit of the public, yet, tomorrow identity data might be used for other means that interfere with the privacy of law abiding citizens.

Therefore it is important in this new age where digital identity is really king (see this article for some proof: Young will have to change names to escape cyber past warns Google) to allow for Open User Centric Identity.  In a User Centric Identity model the end-user has control over their privacy.

I have become a big fan of the IdCommons organization since they are the only well known organization promoting user centric identity management and their purpose gives me hope for the future: The purpose of Identity Commons is to support, facilitate, and promote the creation of an open identity layer for the Internet -- one that maximizes control, convenience, and privacy for the individual while encouraging the development of healthy, interoperable communities.  But, even if this sounds a little Utopian,  we do have hope and it is in our hands (either individuals or professionals in the Identity Management field) to promote and expect identity data providers (facebook, your local governments, etc) to have the best controls in place that allow you as the end-user management over your identity in the cloud.