tag:blogger.com,1999:blog-1383313736336617532024-02-20T20:29:22.028-05:00Identity in the CloudfrankIdMhttp://www.blogger.com/profile/17632373199629687795noreply@blogger.comBlogger17125tag:blogger.com,1999:blog-138331373633661753.post-64277901596813463552011-08-10T23:29:00.000-04:002011-08-10T23:29:11.075-04:00Identity, Society, and PoliticsI was reading Paul Hartzog's blog (<a href="http://www.panarchy.com/">www.panarchy.com</a>) and his view on society, technology and politics. Specifically, the "Panarchy" poster:<br />
<br />
<div class="separator" style="clear: both; text-align: center;"><a href="http://www.panarchy.com/Members/PaulBHartzog/Papers/PanarchyPoster.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="409" src="http://www.panarchy.com/Members/PaulBHartzog/Papers/PanarchyPoster.jpg" width="640" /></a></div><br />
This got me thinking about Identity and the complexity of the Internet ecosystem and how hierarchical systems for Identity might work for an organization but cannot be translated to "The Cloud" So, lets frame the conversation by looking at the definition of some terms:<br />
<br />
<br />
<ul><li>Politics: Social relations involving authority or power</li>
<li>Identity: Whatever makes an entity (such as an individual) definable or recognizable</li>
<li>Society: <span class="Apple-style-span" style="line-height: 19px;">A group of individuals related to each other through persistent relations</span></li>
</ul><div><span class="Apple-style-span" style="line-height: 19px;">Let's begin with Society and our current relations occurring online and face to face because of technology. Prior to the communications revolution, societies were concentrated to a geographical area, therefore our Politics were confined to these geographical boundaries. </span></div><div><span class="Apple-style-span" style="line-height: 19px;"><br />
</span></div><div><span class="Apple-style-span" style="line-height: 19px;">Today, although still confined to a geographical area physically, our relations are much more complex. We work online, we travel more often to places as far as around the world, faster and more frequently. We spend time online with family in different areas of the world chatting "face to face." Our Social relations are more complex and have moved ahead of our Politics. Our economies are no longer confined to geographical markets, we transact online with everyone in the world. The purchase of a product or a service is the collective work of individuals in several countries.</span></div><div><span class="Apple-style-span" style="line-height: 19px;"><br />
</span></div><div><span class="Apple-style-span" style="line-height: 19px;">The hierarchy of most governments implies the acceptance of a set of norms that may not correspond to the sentiment of its citizens due to the accessibility of information. We now know the difference between something that we want and something we don't want being enforced by a government. Governments prefer to know who their citizens are (Identify them) to maintain their power hierarchies. Prior to the communication revolution, government issued identification was important. It helped social interactions that required to identify the validity of who a person claimed to be. But in a complex system, such the Internet, hierarchies are not efficient, costly and almost impossible to control. </span></div><div><span class="Apple-style-span" style="line-height: 19px;"><br />
</span></div><div><span class="Apple-style-span" style="line-height: 19px;">Paul Hartzog writes in his poster (see image above), that we are seeing "the emergence of new forms of social action that function independently of and in parallel to traditional forms of the State." Identity, of course, is part of the complexity, but a complexity that is currently leading to "self organization" (you have to look at the poster and read it). </span></div><div><span class="Apple-style-span" style="line-height: 19px;"><br />
</span></div><div><span class="Apple-style-span" style="line-height: 19px;">This Identity "self organization" can be seen on the different standard groups working on defining how to organize Identity in the Cloud. Identity is no longer for (and by) the State, it is about an individual, their privacy and how they interact with other members of society. It is not even about an organization (look at the <a href="http://twitter.com/#!/search?q=%23nymwars">interesting conversations</a> about anonymity, pseudonymity and privacy happening because of <a href="http://www.google.com/support/+/bin/answer.py?answer=1228271">Google+ policy on names</a>).</span></div><div><span class="Apple-style-span" style="line-height: 19px;"><br />
</span></div><div><span class="Apple-style-span" style="line-height: 19px;">These are interesting times for Identity, Society and Politics and thanks to <a href="http://paulbhartzog.org/">Paul Hartzog</a> I am going to call myself a "Panarchist" (it sounds cool!).</span></div>frankIdMhttp://www.blogger.com/profile/17632373199629687795noreply@blogger.com1tag:blogger.com,1999:blog-138331373633661753.post-26676847818412005082011-07-07T21:38:00.000-04:002011-07-07T21:38:37.270-04:00User Managed AccessYou maybe wondering: what is the big deal about <a href="http://kantarainitiative.org/confluence/display/uma/Home">UMA</a>? Well, it is the answer to control over your data and privacy concerns many users have in the form of an <a href="http://tinyurl.com/umav1">internet protocol</a>. The protocol allows for the implementation of Authorization Managers that give you the ability to control your data at any host that is UMA enabled. Anyone (service or person) attempting to access your protected data will have to interact with the Authorization Manager before getting access. The beauty of creating a protocol for such interactions is that it allows for a marketplace for the best implementations of the protocol. User experience, usability, privacy and security will be the measure of the best players at protecting your data. With UMA you are in control!<div><br />
</div><div>The <a href="http://tinyurl.com/umav1">internet draft</a> recommendation contributed to the <a href="http://www.ietf.org/">IETF</a> is an <a href="http://kantarainitiative.org/wordpress/2011/07/announcing-user-managed-access-uma-gives-data-sharing-power-to-the-people/">important milestone</a> and just the beginning of many things to come...</div>frankIdMhttp://www.blogger.com/profile/17632373199629687795noreply@blogger.com0tag:blogger.com,1999:blog-138331373633661753.post-53054368851044370092011-04-01T23:13:00.000-04:002011-04-01T23:13:24.890-04:00Trusted Managed Identities Services Business Model<div class="MsoNormal"></div><div class="MsoNormal">I have been giving some thought about what the Business Model would be for Managed Identity Services in a trusted identity ecosystem. </div><div class="MsoNormal"><br />
</div><div class="MsoNormal">I decided to start by defining the main actors in the ecosystem: </div><div class="MsoNormal"><br />
</div><div class="MsoNormal"></div><ul><li>Identity Owner: Normally considered the end-user, the subject the digital identity represents.</li>
<li>Identity Provider: The service provider that stores and manages the digital identity for the Identity Owner </li>
<li>Relying Party: The subject requesting authentication and/or authorization to the digital identity data.</li>
<li>Trust Provider: The service provider that assures the relying party the validity of the digital identity stored at the Identity Provider.</li>
</ul><br />
<div class="MsoNormal"><br />
</div><div class="MsoNormal">Now what? How can we make money from Managed Identity Services? What benefits are there to each actor in the ecosystem to validate the capability of such a system?</div><div class="MsoNormal"><br />
</div><div class="MsoNormal">The Identity Owner benefits from such an ecosystem by allowing them to maintain identity data in a central place where stronger authentication can be used. When identity data is stored in duplicated disperse stores, as it is today, the end-users demand ease of use over security. Will the Identity Owner be willing to pay for such service by an Identity Provider for its benefits? Probably not!</div><div class="MsoNormal"><br />
</div><div class="MsoNormal">Identity Providers only benefit when someone pays for their services. Identity Owners do not want to pay for the service; will the Relying Parties be willing to pay for it? Let’s see…</div><div class="MsoNormal"><br />
</div><div class="MsoNormal">Relying Parties, in this business model, benefit the most. The Relying Party reduces costs of authentication and authorization services and passes the risk for such service to the Identity Provider. Relying Parties, when possible, can maintain the privacy of their end-users by trusting the validity of the identity data to the Identity Provider. Relying Parties, due to the reduced costs, have the ability to pay and Identity Provider for their services. Assuming a trusted identity ecosystem, Relying Parties can accept identity data from different Identity Providers by also enrolling in trust services from a Trust Provider. </div><div class="MsoNormal"><br />
</div><div class="MsoNormal">Trust Providers allow Relying Parties to be certain the Identity Provider is known to be responsible for due diligence in assuring Identity Owners legitimacy. Once again, the Relying Party assumes the cost of trust services, since it benefits by passing the cost to validate the identity data from an Identity Provider.</div><div class="MsoNormal"><br />
</div><div class="MsoNormal">Will Relying Parties be willing to pay for such services? I think they already are --> <a href="http://www.janrain.com/">Janrain</a> </div><div class="MsoNormal"><br />
</div><div class="MsoNormal">The closest ecosystem that resembles Trusted Managed Identity Services is the Credit Card industry where:</div><div class="MsoNormal"><br />
</div><div class="MsoNormal">Identity Owners = Credit Card Holders</div><div class="MsoNormal">Identity Providers = Credit Card Companies</div><div class="MsoNormal">Relying Parties = Merchants</div><div class="MsoNormal">Trust Providers = Credit Card Networks</div><div class="MsoNormal"><br />
</div><div class="MsoNormal">The Business Model for Trusted Managed Identity Services has a lot of potential to produce profits. The technology is there, the standards need to mature but that can only happen if they are used. We just need someone to be the first to accept the risks and take the profits. Who is first?</div>frankIdMhttp://www.blogger.com/profile/17632373199629687795noreply@blogger.com0tag:blogger.com,1999:blog-138331373633661753.post-80049352407630119252011-01-10T22:20:00.000-05:002011-01-10T22:20:35.344-05:00National Strategy for Trusted Identities in Cyberspace (NSTIC)According to the media and the headlines, the Obama administration is trying to implement a "National Internet Identity for all Americans", similar to what the Bush administration attempted through the department of Homeland Security a few years ago. User centric identity advocates, such as myself see it different. Kaliya (<a href="http://twitter.com/IdentityWoman">Identity Woman</a>), expressed on her <a href="http://www.fastcompany.com/1715659/national-identity-cyberspace-why-we-shouldnt-freak-out-about-nstic">recent blog post at Fast Company</a> that user centric-identity is about "1) maintaining the freedom to be who you want to be on the Internet AND 2) having the freedom and ability to share verified information about yourself when you do want to." <br />
<br />
Unfortunately, I also believe in limited government and citizen privacy and many like minded individuals feel skeptic of the governments involvement when it comes to Internet Identities. And, although, it is not the Homeland Security Department who is driving this initiative, but the Commerce Department, it is still the government. A government where the President (Obama or any future President) has the ability to change the rules of the game at any time. Today's plans maybe to protect the privacy of citizens and improve trust in online commerce, but who says that may not change tomorrow?<br />
<br />
But, for us, limited government believers, the reality must set in. We live in a society where governments do provide services (regardless of effective or wasteful) and those services are exposed to the Internet. Citizens as end-users must access those services. Standards for Digital Identities that give control to the end user, allow for consumer's privacy and benefit commerce (e.g. <a href="http://kantarainitiative.org/">Kantara Initiative</a>) are important. The private sector as well as Governments as Relaying Parties, Identity Providers, Trust Providers and resource hosts of these services have a need to be involved in these standard groups and in some cases, as it is with NSTIC, lead the Internet community in implementing these standards.<br />
<br />
So, all in all, NSTIC is a great initiative that I wish would not be "National" but Global, where private sector, governments, privacy groups, technology groups, security groups, etc, would be involved. At a global level and with involvement from different groups interested in the "common" service, this initiative would be more welcome, be more flexible to improve and not have a chance to be controlled by just one group.frankIdMhttp://www.blogger.com/profile/17632373199629687795noreply@blogger.com0tag:blogger.com,1999:blog-138331373633661753.post-88680827587121824482010-11-24T23:07:00.000-05:002010-11-24T23:07:25.458-05:00Identity Trust Frameworks - Can they achieve what Visa, MC have?Identity in the Cloud is here... almost! <a href="http://www.facebook.com/">Facebook</a>, <a href="http://www.google.com/">Google</a>, <a href="http://www.twitter.com/">Twitter</a>, <a href="http://www.linkedin.com/">LinkedIn</a>, (my new personal favorite <a href="http://www.empireavenue.com/">Empire Avenue</a>) implement <a href="http://oauth.net/">Oauth</a> and Relaying Parties are able to use the <a href="http://oauth.net/">Oauth</a> implementation to register, authenticate and authorize users based on their identity data. In other words, <a href="http://www.facebook.com/">Facebook</a>, <a href="http://www.google.com/">Google</a>, <a href="http://www.twitter.com/">Twitter</a>, <a href="http://www.linkedin.com/">LinkedIn</a>, and <a href="http://www.empireavenue.com/">Empire Avenue</a> are Identity Providers. Most Relaying Parities trust these very well known IdPs, but their level of trust is only good enough for Social Networks.<br />
<br />
Can these identities be used in some way by organizations during the hiring process? Can a financial institution trust a user based on a third party Identity Provider? Can this be extended to Healthcare systems to reduce the registration process? Well, that is the goal, but we are not there yet, and the bridge to achieve these goals is "Trust"<br />
<br />
There are some initiatives to Identity Trust Frameworks to achieve what the credit card industry was able to accomplish with its payment system networks. One of those initiatives is the <a href="http://openidentityexchange.org/about">Open Identity Exchange</a> which is working with different groups, including the government, to create an environment where identities can be trusted at different levels of assurance.<br />
<br />
We are yet to see how successful these implementations are, but they are dependent on the demand of identity data and the cost of the implementations. We are still at the early stages of Identity Trust Frameworks, but initiatives such as the <a href="http://openidentityexchange.org/about">Open Identity Exchange</a> are very interesting and very promising.frankIdMhttp://www.blogger.com/profile/17632373199629687795noreply@blogger.com0tag:blogger.com,1999:blog-138331373633661753.post-75823299521873096812010-09-13T19:00:00.002-04:002010-09-13T19:00:06.095-04:00Making Identity Portable in the Cloud by xmlgrrlI thought I would repost this presentation because I find it very informational as it relates to Identity in the Cloud. <br />
<br />
Note: You will have to register or have been previously registered at BrightTALK (what about using an external IdP BrightTALK) ;)<br />
<br />
<script src="http://ajax.googleapis.com/ajax/libs/swfobject/2.2/swfobject.js">
</script> <br />
<div id="myChannel"><br />
<script type="text/javascript">
var flashvars = {channelid : 288, commid: 22150, autoStart : 'false', fromdc : 'false', isViewer : 'true' }; var params = {wmode: 'transparent', allowfullscreen: 'true', allowScriptAccess: 'always'}; swfobject.embedSWF('http://www.brighttalk.com/clients/flashplatform/viewerdefault/loader.swf', 'myChannel', '660', '618', '9.0.115.0', 'http://www.brighttalk.com/clients/flashplatform/common/swfs/expressInstall.swf', flashvars, params, {});
</script> <a href="http://www.brighttalk.com/">A BrightTALK Channel</a> </div><br />
Thank you <a href="http://www.xmlgrrl.com/blog/">xmlgrrl</a>frankIdMhttp://www.blogger.com/profile/17632373199629687795noreply@blogger.com0tag:blogger.com,1999:blog-138331373633661753.post-11904982428337510672010-09-08T23:45:00.000-04:002010-09-08T23:45:20.447-04:00Identity Management - a form of Control or a ServiceI was reading the following article <a href="http://www.fastcompany.com/1683302/iris-scanners-create-the-most-secure-city-in-the-world-welcomes-big-brother">"Iris Scanners Create the Most Secure City in the World. Welcome, Big Brother"</a> from <a href="http://www.fastcompany.com/">Fast Company</a> and it got me thinking on the thin line between security and privacy and when a security service becomes a form of control specifically around Identity and Access Management.<br />
<div><br />
</div><div>Individuals seem to be more concerned about the misuse of identity data by a private organization than a government office. What is the difference between Facebook and the city of Leon? Not to say that Facebook does not have its own issues with privacy, but at least we have the option to use it and I have to say, they have responded pretty well to the privacy demands from their end-users. But when it comes to governments and the use of identity data, we are dealing with entities that today may use it for the benefit of the public, yet, tomorrow identity data might be used for other means that interfere with the privacy of law abiding citizens.<br />
<br />
Therefore it is important in this new age where digital identity is really king (see this article for some proof: <a href="http://www.telegraph.co.uk/technology/google/7951269/Young-will-have-to-change-names-to-escape-cyber-past-warns-Googles-Eric-Schmidt.html">Young will have to change names to escape cyber past warns Google</a>) to allow for Open User Centric Identity. In a User Centric Identity model the end-user has control over their privacy.<br />
<br />
I have become a big fan of the <a href="http://wiki.idcommons.net/Main_Page">IdCommons</a> organization since they are the only well known organization promoting user centric identity management and their purpose gives me hope for the future: <span class="Apple-style-span" style="font-family: sans-serif; font-size: 13px; line-height: 19px;"><b>The purpose of Identity Commons is to support, facilitate, and promote the creation of an open identity layer for the Internet -- one that maximizes control, convenience, and privacy for the individual while encouraging the development of healthy, interoperable communities. </b></span>But, even if this sounds a little Utopian, we do have hope and it is in our hands (either individuals or professionals in the Identity Management field) to promote and expect identity data providers (facebook, your local governments, etc) to have the best controls in place that allow you as the end-user management over your identity in the cloud.</div>frankIdMhttp://www.blogger.com/profile/17632373199629687795noreply@blogger.com0tag:blogger.com,1999:blog-138331373633661753.post-30920751737480509312010-04-18T14:28:00.000-04:002010-04-18T14:28:47.264-04:00Next Identity Trend: Governance or Cloud?A few weeks ago I had a conversation with a friend and co-worker about the next trend in Identity Management. My point (and a bit biased based on my interests) was that Identity in the Cloud is definitely the next trend based on the current environment of services being provided and the need. His thought was Governance is next. Now I really don't know what is the right answer, but I do think both are important. Governance is driven by regulation, easier access to information and regulation cost savings, and Cloud by ease of use, faster implementation and implementation cost savings.<br />
<br />
<a href="http://360tek.blogspot.com/">Matt Flynn</a> posted an entry on his blog on "<a href="http://360tek.blogspot.com/2010/04/governance-next-era-of-identity.html">Governance - Next era of Identity</a>" that has some interesting points and information about Governance. Another example of this trend is Oracle with their Sun acquisition and the decision to re-brand Sun Role Manager as <a href="http://www.oracle.com/us/products/middleware/identity-management/oracle-identity-analytics/index.html">Oracle Identity Analytics</a>. <br />
<br />
What about Cloud? Oracle on their next release of the Oracle Identity Management suite 11g is creating a framework that will allow for service-oriented security or (<a href="http://www.oracle.com/newsletters/information-indepth/security/apr-10/sos.html">SOS</a>) to be consumed by application providers with greater ease. <a href="http://community.ca.com/members/Tim-Brown.aspx">Tim Brown</a> from CA posted on the CA IAM blog about "<a href="http://community.ca.com/blogs/iam/archive/2010/04/14/trust-and-the-cloud-identities-are-critical.aspx">Trust and the Cloud - Identities are critical</a>"<br />
<br />
This tells me that that Governance and Identity as a Service (either private or public in the cloud) are in the radar of all vendors and clients are the only ones that will drive that trend.frankIdMhttp://www.blogger.com/profile/17632373199629687795noreply@blogger.com0tag:blogger.com,1999:blog-138331373633661753.post-67246942880590352212010-01-18T22:03:00.000-05:002010-01-18T22:03:37.664-05:00OASIS Identity in the CloudsI just found out that a group of folks are putting together a Technical Committee named for <a href="http://xml.coverpages.org/Identity-Clouds-Proposal.html">Identity in the Clouds</a>. The main function of this Technical Committee will be "to collect and harmonize definitions, terminologies and vocabulary of Cloud Computing" as it relates to Digital Identities.<br />
<br />
I did find it interesting though, that the following is out-of-scope for the TC: Access Control, Levels of Assurance (LOA) and Personally Identifiable Information (PII) in the context of cloud computing, because these have important relations to an Identity. An Identity is not useful if it does not require "access" to a resource and risk cannot be quantified without "Level of Assurance". If that was the case, Identities would not be needed. Personal Identifiable Information is in the context of any Identity, and in some cases the only unique identifier of an Identity. So, I would like to see more information on the reasoning behind deeming these out-of-scope.frankIdMhttp://www.blogger.com/profile/17632373199629687795noreply@blogger.com1tag:blogger.com,1999:blog-138331373633661753.post-50778262296133116142009-12-28T23:26:00.001-05:002009-12-28T23:29:16.907-05:00Letting Users Manage Their Online Identities - Government 2.0The <a href="http://www.govinfosecurity.com/">GovInfoSecurity.com</a> posted an <a href="http://www.govinfosecurity.com/articles.php?art_id=2034&pg=1">interview</a> with Heather West from the <a href="http://www.cdt.org/">Center for Democracy and Technology</a>. Heather explained how User-Centric Identity works and the plans the government has to allow a few websites allow user's to authenticate/register with third-party data.<br />
<br />
This is getting interesting since it can definitely be a driver for "Identity in the Cloud". User-Centric Identity can be beneficial for end-user's who want to protect their privacy by demanding granular controls of their data from their Identity Providers (a great example is <a href="http://www.facebook.com/">Facebook</a>). <a href="http://www.facebook.com/">Facebook</a>, although far from perfect when it comes to privacy, has changed their privacy methods and protections based on end-user demands and market drivers (for better or worse). Now, I am not saying Social Networks are the only option for Identity Providers, but <a href="http://www.facebook.com/">Facebook</a> is a good example since it holds the largest number of personal identifiable identities.<br />
<br />
I am going to try to keep up with "Government 2.0" (Open Government) and how it affects Identity, I think this will drive Identity Management in the next decade.frankIdMhttp://www.blogger.com/profile/17632373199629687795noreply@blogger.com0tag:blogger.com,1999:blog-138331373633661753.post-48122197237462962292009-12-27T22:47:00.003-05:002009-12-28T23:04:53.742-05:00Open Trust Framework for Open GovernmentI was reading the <a href="http://wiki.informationcard.net/files/Open-Trust-Frameworks-for-Open-Gov-2009-08-10.pdf">Open Trust Framework for Open Government pdf</a> released by <a href="http://wiki.informationcard.net/">ICF</a> and my first thought was "why do we want government involved on this", but as I read the document it made perfect sense. And I actually agree with the concept. Basically, the Government realizes that they don't necessarily have the best "identity data" available to satisfy industry and an "open" framework with an open market methodology satisfies their needs as a Relying Party (RP) of identities.<br />
<br />
So, the government is not necessarily creating policy for an Identity Trust Framework, but an initial driver and our tax dollars better used... (I know, I am trying to convince myself...)<br />
<br />
The best part is that if the government is an RP others will follow.<br />
<br />
The other interesting fact I was not aware of, is the work of <a href="http://www.incommonfederation.org/">InCommon</a> as a Trust Framework used by Higher Education mainly for federated single sign-on (not necessarily fully in the "Cloud"). This is definitely a good example (as it is stated in the document) of an "Open Identity Trust Framework."frankIdMhttp://www.blogger.com/profile/17632373199629687795noreply@blogger.com0tag:blogger.com,1999:blog-138331373633661753.post-10740893170254031632009-12-25T21:31:00.002-05:002009-12-27T22:48:34.684-05:00Open Identity Trust Framework (IIW)I think I am going to forget about "Identity Trust Network" I like the title and work behind "Open Identity Trust Framework" being done by the folks at <a href="http://wiki.idcommons.net/">IdCommons</a> at <a href="http://www.internetidentityworkshop.com/">Internet Identity Workshop</a>. This work seems to be at a very early stage, but it is important that an open standard/framework for trust be available for the certification of identities in the cloud being provided by Identity Providers.<br />
<br />
The concern with not having such framework would be some sort of National ID that is fully controlled by a single organization (such as the Federal Government) or some group of high profile companies. <br />
<br />
The ideal scenario would be the use of a framework where organizations that are Identity Providers can be judged and rated on how "trusted" the services they provide are (since they certify the trust of the identities they manage).frankIdMhttp://www.blogger.com/profile/17632373199629687795noreply@blogger.com0tag:blogger.com,1999:blog-138331373633661753.post-90337889043277033962009-12-24T01:13:00.004-05:002009-12-24T10:32:14.817-05:00Identity Trust NetworkIdentities in "the Cloud" have taken and interesting form. When I think of my Identity on the web today, I attempt to expose data that I think will be of benefit to me (either true or not), so my Identity cannot be trusted by someone who does not really know me. Now, when you think of my Identity you take in consideration information I provided and information others provide (true or not). Therefore, trust is key for you and I to be able to perform a transaction.<br />
<br />
Here is a term I have been thinking about: “Identity Trust Network”, where Identity Providers attest the claims of an Identity and allow the consumption of trusted identity data based on the Identity owner allowed usage.<br />
<br />
This term came to mind when thinking about Identity in the Cloud and its meaning. The following was my train of thought: <br />
<br />
- For Identity to exist in the Cloud, it requires a provider of this data. <br />
- Identity data represents an individual (Identity Owner). <br />
- This individual has provided their identity data to the provider.<br />
- The provider must attest that the identity data is trusted.<br />
- The trusted identity data will be consumed by a third party based on the owner's allowed usage (privacy)<br />
- Identity Owner and third-party perform a transactionfrankIdMhttp://www.blogger.com/profile/17632373199629687795noreply@blogger.com0tag:blogger.com,1999:blog-138331373633661753.post-11302895298507492912009-10-20T00:50:00.000-04:002009-10-20T00:50:55.636-04:00Cloud Provisioning Services using Oracle Identity ManagerI just found out that during Oracle Open World, EDS (now HP) plans to offer (or is offering already) Provisioning Services over the cloud using Oracle Identity Manager. I think it is a great idea, but I would like to see the implementation. The session at Oracle Open World was named "EDS Automates Infrastructure Outsourcing Provisioning Processes with Oracle Identity Manager"frankIdMhttp://www.blogger.com/profile/17632373199629687795noreply@blogger.com0tag:blogger.com,1999:blog-138331373633661753.post-7823656874266328922009-10-19T23:13:00.001-04:002009-10-20T00:52:40.980-04:00Provisioning Workflows over the Cloud?I was reading Nishant Kaushik blog post about his session at Oracle Open World (<a href="http://blog.talkingidentity.com/2009/10/screencast-of-my-openworld-session-on-idm-and-the-cloud.html">http://blog.talkingidentity.com/2009/10/screencast-of-my-openworld-session-on-idm-and-the-cloud.html</a>) and got me thinking about the cloud and the need for Identity Services providers. <br />
<br />
Could public-providers of Identity Services be a reality or just a utopian dream? <br />
<br />
There are several issues, and in my mind benefits for business clients using an Identity Service provider for their Identity Management needs, instead of using a costly IdM installation. <br />
<br />
Mid-size businesses can actually benefit from the use of such services due to the possible low cost and speed of integration, but an issue that is not normally talked about is provisioning workflow, and if a "cookie-cutter" approach is used, businesses will be forced to make changes to their current business processes which would normally be a rejected approach.<br />
<br />
Can it be possible to provide workflow services over the cloud in an efficient way for provisioning? <br />
<br />
Update: October 19, 2009 - I just found a company that provides provisioning workflow as part of their Identity Management solution for SaaS environments. I can't really evaluate it, but it will be interesting to see what they have to offer: <a href="http://www.conformity-inc.com/">Conformity, Inc.</a>frankIdMhttp://www.blogger.com/profile/17632373199629687795noreply@blogger.com0tag:blogger.com,1999:blog-138331373633661753.post-30864258917324174872009-08-26T15:37:00.000-04:002009-08-26T15:48:00.458-04:00Identity in the Age of Cloud ComputingI found the following document that I have not read thoroughly yet, but it deserves a post since it is about 100 pages on the subject :)<br /><br /><a href="http://www.aspeninstitute.org/sites/default/files/content/docs/pubs/Identity_in_the_Age_of_Cloud_Computing.pdf">Identity in the Age of Cloud Computing</a>frankIdMhttp://www.blogger.com/profile/17632373199629687795noreply@blogger.com0tag:blogger.com,1999:blog-138331373633661753.post-38407883488133680362008-12-23T21:44:00.000-05:002008-12-23T21:48:31.373-05:00Purpose of this blog...On this blog I will be posting personal thoughts and information found in the "cloud" relating to identity management and how cloud computing will allow changes in the IdM arena.<br /><br />I welcome any comments and information anyone may have.<br /><br />Thank you.frankIdMhttp://www.blogger.com/profile/17632373199629687795noreply@blogger.com0