Last week was #TEC2010. It was my second year at the event, and I was again stunned by the unique vibe it has. Since TEC is focused on education for the folks in the trenches of managing directories, the crowd is markedly different from many other events I attend. There were some senior management types around, mostly owing to the Microsoft centered nature of the event and their shops being very heavily Microsoft focused. The vast majority were people who architect, deploy and maintain directories, though. And it was far from just Microsoft directories. I heard every type of directory mentioned by the folks in the crowds, from RACF to Novell.
One of the main highlights for me was Conrad Bayer‘s keynote about Active Directory and the future of identity services at Microsoft. It was very refreshing to hear someone from the top of the technology food chain at Microsoft saying a lot of things that have been true for a while. Conrad directly acknowledged the breakdown in the concept of using structured hierarchy to represent the relationships between identities and organizations in today’s world. He also gave a nod to the difficulties there are with peer-to-peer federation approaches, though he said ease of use should mitigate that, which I do not agree with. He also pointed out the competitive advantage Microsoft sees in RMS when compared to other identity vendors. I found that odd, but very interesting. Lastly he called out that most clients he speaks with thinks that identity is one of the last things they would move to the cloud, which is something I hear a lot as well.
The other session I enjoyed very much was Brian Puhl‘s. Brian is from Microsoft’s own MSIT division and is in charge of identity services. As he put it, his job is “dog fooding” – using what Microsoft makes for Microsoft’s benefit. Likely the most notable thing about the entire presentation and discussion that followed to me was that the word authorization was in the title and never once did the term XACML make its way into the chatter. At points I got the feeling there was some very complicated mental gymnastics going on to avoid the idea that policy expression needs a platform and protocol. At one point Brian said point-blank “my hosting provider needs to give me a mechanism to express the complexity and facets of my required policies”. I almost coughed out “XACML”, but held it back. Two observation Brian made that struck me as totally true were that trust (and policy) often boils down to contracts and that key management is every bit as important and encryption itself. These are two lessons that only someone who has had to wrestle with lawyers or exotic devices’ key renewal protocols would be able to offer.
By far, the best part of the conference was speaking to the hundreds of fellow attendees – and this year I was thankfully just an attendee so I had no booth duty to distract from the fun. I had conversations with the world’s largest banks, small law firms, government affiliated agencies who remained nameless and everything in between. Every one of them had backlogs of issues they were looking to get ideas on, and the peer level advice flying around was worth it’s weight in platinum. If only there was a good way to bottle that – that would be something we could all use.
About the Identity Sander
- "So what you mean is we don't need policy now because you guys can fix it all later, right?" Um. No. Not really. #security #facepalm:: 59 minutes ago
- and #hacker movie trivia. @securityweekly shames me with one I really should have got /cc @InfoSec_World (2/2) youtube.com/watch?v=WjrvxJ…...:: 1 day ago
- First, the serious bit of #security #philosophy with @securityweekly at the #InfoSec con /cc @InfoSec_World (1/2) youtube.com/watch?v=NeC8hi…...:: 1 day ago
- Yes & don't forget AD #AuthN & data access - Clean Break: Block Ex-Employees' Access inforisktoday.com/clean-break-bl… by @euroinfosec #security #IAM:: 1 day ago
- I sometimes wonder if some of the people really upset about online #privacy overlap with people screaming #PII into mobiles on NYC streets:: 2 days ago
- RT @STEALTHbits: WEBINAR: 1 day left to register! Solve the #IAM blindspot & adopt a better #InfoSec posture @sanderiam @joe_carson | https…:: 2 days ago
- math giveth #encryption, and math will take it away youtu.be/12Q3Mrh03Gk #security via @PBSInfinite:: 5 days ago
- RT @STEALTHbits: 5 Trends for Security Professionals #infosec #GDPR, @sanderiam bit.ly/2oXYC5P:: 1 week ago