History in the making

Phil Becker has done a great job in summarizing the recent history of the identity management market in his recent newsletter article “Identity's First Big War: A History Lesson.”
I like the fact that Phil written a balanced piece on the problems observed, proffered solutions and lessons learned in a balanced manner. I particularly liked the following:

“Under the pressure of the first identity war, Liberty Alliance did its job so rapidly and well that it has largely been forgotten how significant it was.”

As I’ve said on numerous occasions, this was no accident. Liberty has had the benefit of significant enterprise customer participation from its inception. These large technology consumers have very deep experience in understanding the requirements of identity management systems. Additionally, technology providers who have been members of the Alliance have had the enviable luxury of having enterprise customers clearly state exactly what identity management systems require to be useful.
This rapid, repetitive cycle within the same collaborative environment – oftentimes face-to-face during quarterly meetings – naturally accommodates the fast evolution of useful specifications. It happens through formal and informal conversation; writing, reviewing, and editing of Requirements and Technical Specification documents; as well as in semi-formal interoperability labs that test the effectiveness of the implemented specification.
The fact that all of these various interest groups are actively discussing and solving real-world problems brings a sense of urgency to the effort. Customers are solving real problems. Vendors have a ready market for their solutions once tested and delivered.
There will be a couple significant announcements over the next weeks. We will announce another set of successfully tested products from the Liberty Interoperability program. And Liberty will award the first excellence award for a federation deployment.
I hope that more vendors and customers alike will see the benefit of working collaboratively to solve real problems. It helps vendors be more efficient in their development investment and enables customers to get a selection of tested technologies that they can actually use. A Liberty colleague is fond of saying that our efforts within the Liberty Alliance are, “… not all altruism.”

What happened to the cosmic order?

As our local sportscaster said last night, “When I left on vacation, there were nine planets and the Sox were in first place.” As of this posting, the Red Sox trail the NYY by seven games. At the beginning of the season, or even a month ago, no one would have believed the turnabout.
Speaking of cosmic order, airline travel is once again an official pain in the neck. My back is grateful for the lightened load. But my need to hit the ground running on the other end of the flight has hit a serious setback called “queuing theory.”
When I was a lad, the study of mathematics wasn’t one of my top leisure pastimes. However, I do remember enough to relate my recent airport experiences with randomized versus ordered queues. It goes smoothly enough at check-in, but horribly long at baggage claim. All of those bags that were checked in reasonably spaced increments now are now offloaded simultaneously.
How’d ya’ like to be an airline manager trying to figure out how to make a buck with fuel prices soaring and the ratio of passengers to checked luggage is approaching 1:1? You save where you can, but hiring more staff to handle the significantly increased baggage load is not an option.
I fly in and out of Boston’s Logan. It was chronically the worst airport in the U.S. for baggage claim retrieval. Now it’s worse. Interesting article here ... Though I wonder how much “volunteering” there actually was.

Miles to go before we sleep …

I recently moved.
The good news is that we sold our home (by ourselves) in the middle of this uncertain market. We’re very grateful for that.
The bad news is that I got to experience first hand just how difficult personal identity management is for the average individual.
While most of my “cyber” identities don’t really care (much) where I’m physically located, the identities that I really care about (banks, insurance, investment accounts, DMV, tax authorities, etc.) are tied closely to my geographic location. But of course you all knew that. So what’s the point of this missive?
It is simply that we need to make more progress more quickly in deploying Identity Management solutions.
What I wouldn’t have given for a trusted one-stop Identity Provider to which I could have given my new address, the effective date of the change and been done with it! This Identity Provider would then have made this change available to all of the sites that I had pre-authorized. Read: As a consumer, I would have paid good money for the service!
Instead, I had to make dozens of web entries, logging onto each organization’s identity silo to re-enter the same information that I just typed at the last dozen sites – in a slightly different format in most of them. What a pain! It’s prone to error, and frustrating for the customer (me). [NOTE TO BROWSERS: There should be an advanced Copy/Paste function to allow one to Drag/Drop individual field contents from a source form to a destination form.]
I suppose that we have made some progress in the grand scheme of things. Not too long ago I would have burned through a roll of postage stamps and been subject to the vagaries of the postal system and assorted mail rooms to affect the necessary change. Instead, in a few days the properly addressed envelopes show up at my correct address. Life does provide its small satisfactions from time to time.
I did find a few curious practices however. One financial institution sent a confirmation letter to both the old and new address. Naturally, I received the confirmation sent to the new address first since it didn’t have to be forwarded by the USPS from the old location. It seems to me that this is a bit of a security catch twenty-two. Why not simply confirm to the email account through which I have been regularly banking for years? Does that mean that my on-line access is not really trusted by the bank?
Additionally, I discovered that one does “pay” for the identity change service in unexpected ways. Two financial institutions put a hold on the accounts ranging from one to two weeks. The purpose is clear, but the duration seems arbitrary. It’s a good thing that I didn’t need the funds to move!
Finally, I’ve discovered that the unexpected junction of cyber and physical will continue for a time while I remember to change all those on-line one-click shopping profiles where my billing address no longer matches my ship-to address.
By my way of thinking, this situation represents the union of "enterprise" and "user" -centric approaches to identity management. As an industry, we need to work on making this experience "Grandparent friendly."
There are well established as well as emerging standards to accomplish this from the OASIS SAML (of which my Oracle colleague, Prateek Mishra is co-chair) and WS-* family as well as the Liberty Alliance. Additionally there are rapidly emerging “user-centric” initiatives to provide the technology to solve this. We do need enterprise Service Providers to begin to deploy these Identity Provider services more rapidly.
I, for one would become a very loyal customer very quickly – whether or not I ever moved again.