Wednesday, October 15, 2003
Greetings From Digital ID World
Phil Becker: greetings, housekeeping, conference overview
Some discussion by George Eberstadt, nTag: the conference is using these tags to help bring attendees together. By making the badge dynamic, you can start the conversation at a point more relevant than "How's the weather?" The tags will swap business card information; attendees who customized their tag information will get a personalized Web page with all the contact information they've been sent, in several downloadable formats.
The tags use a form of collaborative filtering/referral methodology as well. If you're talking to someone who has already talked to someone whose interests you share, your tag lets you know.
Phil Becker [FYI, I've decided Phil's linkable identity is a search that lists his Digital ID World articles]: Digital ID World is the Identity Conversation. The goal of the conference is to provide context, perspective, and background, bring together those from different backgrounds who don't normally share ideas.
Phil thinks identity is next organizing paradigm for computing of all kinds, that digital identity is extremely central to the story of what's happening right now. [Rolls clip from Sandra Bullock identity theft movie, The Net.] That movie was a decade ago now, people began to realize that the network becomes inherently hostile when you begin to connect everything. The network was built with a naively presumed trust that is not its natural state. The language that has developed speaks of quarantine: firewalls. Creating an island, safe from the hostile nature of the network. The last several years of doing this is what has focused the need for digital identity, so you don't lose the benefits of the network by walling everything off. Identity management = organizing data about identity so that it is where it should be, is not where it shouldn't. Today, identity management is concerned with infrastructure and administration, but ultimately, it's about the data. Management by identity = using identity to organize, manage, and secure computing processes. Will allow for networking of business and other human-related processes. Technology has now reached the point where networking across boundaries is possible, and soon that will become a requirement. Will promote and release productivity, because humans are networking animals, and build and use computers to solve the problems in front of them. People control things bigger than themselves through human networks: family, tribal, school—any long-term human relationship. Management by identity is coming into being because people want their tools to work the way they work. It doesn't, because it lacks the dynamic organization that humans do naturally.
Networks require trust to fully release their power, this is why networks result from long-term human relationships. Trust is not instantaneous, cannot be bought or created, can only be granted. Transparency is one of the surest past to trust. Secrecy at any point makes trust more difficult to achieve. This is part of what makes computing in general intimidating. The current way we've built computing infrastructure is a limitation on where we need to go to make the tools work like we do in managing identity and trust. Reorganizing computing around identity is the solution. Security is one obvious benefit, but is just the beginning. The real key is the collaboration this also will enable. The Web browser taught people about the discovery and networking of documents in real time. This was the revelation that drove the first Internet boom (there will be many more). Web services are being designed to deliver the same kind of dynamic discovery and networking at the application and data levels. There's no way to do this except to manage by identity.
Federated identity is the first step. Integrates "silos" of identity into "networks" of identity. Seeks to allow integration of identity usage without requiring the integration of identity management, administration, or the identities themselves. This is a big part of what people at this conference are trying to accomplished. Focused on the user, who just wants everything to work and be organized in the unique way they want. It's impossible to pre-define all the ways users will want data and applications to be integrated. Businesses need the ability to integrate on demand, once applications become building blocks. Identity-centric techniques are the only ones that can possibly accomplish this.
In the enterprise, the portal actually has no natural boundaries. Ideally, it presents information dynamically. The user's identity and needs, coupled with the policies of the owner of the applications and data are the only organizing factors. Portability and rights management go hand in hand.
The maze of regulatory compliance. New laws are focusing on creating accountability or assurance about who did what with which data when? Privacy obviously is key. Privacy is a negative attribute, it's about what you agree not to do with data you have gathered. Today, privacy largely is enforced by policy. It needs to be created structurally and architecturally to be trustworthy. Authentication = an enabling portion of the identity infrastructure, making it easy for the right person to get through the door, and impossible for the wrong person to do so.
Identity thus is the central thread that will enable security, control, manageability, and accountability in a fully distributed network. Who is sitting at the computer makes all the difference. It will be a long time before it's natural, flows, is easy. But the way to get there is through identity. This conference is about that conversation.
Unless otherwise expressly stated, all original material of whatever nature created by Denise M. Howell and included in the Bag and Baggage weblog and any related pages, including the weblog's archives, is licensed under a Creative Commons License.