Identity management: a strategic resource for competitive advantage
This is not new.
Modern digital identity is a disruptive technology, controlled by your customers
Okay, now that is new. Emerging technologies offer your customers better privacy and stronger security, improved control, expanded expressivity and extensive options, all with lower costs for managing their digital identities and associated preferences. That changes a few things.
Digital identity is a new currency, realized and exchanged over the Identity Internet. You must compete for it, you must offer value for it, and you must use it strategically.
How will you realize competitive advantage in this new environment?
You will deploy these technologies to lower your cost; so will your competitors. That is merely necessary, if only to stay in the game. Beyond that, have you an integrated strategic approach for identifying and capitalizing other benefits? That is what is required.
The Reality of the Identity Internet: Your Customers Demanding More Value for Their Identity
A strategic approach is also required to create and deliver the increased value your customers will demand for their currency: their digital identity.
(You'll find more about the Identity Internet in our May, 2006, paper for the Versatile Interoperable Identity Internet in Europe, at TWIST Standards.)
- 20Apr09, Is LOA Unsuitable for the Dominant Pursuits of the Enterprise and their Customers?. Our frequent collaborator, Lena Kannappan, of FuGen Solutions, in preparing for chairing a panel at the upcoming RSA conference proposed this discussion question: Do the NIST/OMB LOA definitions translate to current and future needs of federation? My conclusion: LOA has shown itself to be a simplification too far. The reasons boil down to the contradictions between the Share principles guiding identify federation, and the Prohibit principles of LOA. Moreover, LOA offers thin expressive power just in the range where organizations and individuals derive their most value. As a closer, I consider how LOA undermines key design patterns of identity federation.
- 19Apr09, Core Interaction Patterns of an Identity Federation Framework. An October 17, 2007, presentation for the Cyberinfrastructure Design Workshop of the Ocean Observatories Initiative, at UCSD La Jolla. Specialized for their domain model, briefly presents the two main patterns: the interaction pattern embodied in authn messages, which is the more potent and the source of semantic richness; and the interaction pattern embodied in exchanges of authn, which is more fully exploited, perhaps excessively so in compensation for a poorer understanding of the former pattern. Presents identity as an organizing principle. Touches on how IdP and SP, working together, convert the grit of arbitrary claims into the grease (viz assertions) of the Identity Internet. Offers a basis for understanding the sources of extensibility, and the purposes to which it might be applied. Includes notes.
- 19Apr09, Privacy, a study in assiduity is a presentation used, initially, in my October, 2007, talk at Stanford's CS44 course: What Hath Google Wrought: Managing Information in the Information Age. It is a primer, with discussions of the asymmetries involved among the user, malefactors, advertisers, and others, drawing a comparison to the Dutch and the Carnarsee Indians. Touches on the expectations of and by users; and possible actions. Elaborates on my [Crack:Cry] metric for passwords and consequences. Includes notes.
- 13Oct07, Why the Identity Internet? How is the Identity Internet a disruptive technology? What lessons are there in the design choices between world-ready TV-Anytime and the disasterous, cravenly anti-consumer, and US-centric ATSC program guide standards? Now available, the full version of the October, 2005, presentation: IIW2005 Bandwagon Economics, The Necessary Ingredient for Success on the Identity Internet (ppt). Also in more direct exposition Bandwagon Economics ... Identity Internet (pdf); more explanation, no pictures.
- 13Oct07, The detailed Appendix A (plus Introduction, and overall Table of Contents) to the more detailed, earlier draft of the Versatile Interoperability Identity Internet in Europe (see below), giving the expanded version of the EU regulatory regime, Directives, Regulations, and other actions, which the work addresses or accommodates in its architecture and recommendations.
- 22Aug06, A focused and much abbreviated version of the IIW2005 Bandwagon Economics, The Necessary Ingredient for Success on the Identity Internet: Identity in the Digital Age, an Introduction for Interaction Designers. In giving this talk I've found it doesn't entirely satisfy many, but it gets folks engaged. You will find introductory material on how digital identity is cast as a disruptive technology. It is also available in 'handout pdf'. Both forms are constructed just for browsing, not presentation.
- 29May06, A Versatile Interoperable Identity Internet in Europe. TWIST Standards has released its whitepaper entitled Realizing SEPA Benefits: Corporate Requirements and Key Elements of the Business Solution. (13Oct07: That link is temporarily dead; here is a cached version: TWIST SEPA White Paper on Identity Internet in Europe.) Although it may not sound like it, this document lays out the ways in which identity is crucial for business success, and why business success is crucial for SEPA, for the EU privacy and identity project, and for it's people. It is a triumph of (someone else's) editing, taking among other contributions our detail on the identity infrastructure-related guidance in EU Directives and such, and the central part of our architecture for a Versatile Identity Infrastructure.
- 12Apr06, Update to links and a minor addition (and typo correction) to prioritized federated identity specs reading list for technos just beginning designs based on FedId architectures.
- 13Mar06, By-deployment details on SAML and Liberty Alliance adoption published by LAP. Dig into the segments to see 65 unique entries (unique-ish; sans repeats 18 are anon. But counting Exostar which was html-hidden). Not counting 29 addt'l IdM vendor items. Scan the remarkably dull press release. BTW, a generous SWAG from the numbers listed gave me 875 million, somewhat less than the touted 1 billion; that's still likely way high. Nonetheless, it's impressive.
- 7Jan06: Updated on resources re 9Mar05 Standardization of the SAMLv2.0 specification. Check out the revised, updated SSTC page. SAMLv2.0 Executive Overview is the best, latest, updated executive overview of federated identity technology.