Posts Tagged ‘cat10’

a new SPML? a provisioning problem.

Mark Diodati of Gartner (that was a bit hard to type right the first time) has published the results of the SPML SIG held at #cat10. I think it captures the feeling of those present very well. At about the same time the minutes of the first meeting of the SPML PSTC for a long while were published. It seems there’s a much different split there than there was at the SIG. The split is basically between folks who want to see a “clean start” with a version 3 and those who want to see version 2 revved so it’s more realistic. I’m on the latter side, and so are the folks at Quest that I’ve spoken to. In fact, both and Quest and at customers, everyone I’ve spoken to about this outside a tight circle of “identity gurus” have all agreed that SPML would best serve the larger community as means to have systems communicate. Anything beyond that is overkill. At least for now. If all the different solutions had a standard way to do CRUD operations between one another, that would go a long way to solving many practical issues in heterogeneous IT environments.

I’d like to get more involved and I’m working with Quest to see if that can happen. This is something I’d like to see done from start to end.

BF8XDEVU8PDS This is here for Technorati. If you’re seeing it it’s because you’re reading this content somewhere besides my blog site and I couldn’t hide it from you. Sorry =]


ghosts of the interscaler directory at #cat10; let’s do it!

There were a lot of points at Catalyst 2010 where Kim Cameron’s Interscaler, Federated Directory and Identity Schema came up in my mind, though went unmentioned by the speakers. I know I wasn’t alone, either. It was there like a ghost in every discussion. When Anil John spoke about Background Attribute Exchange (BAE), one of the first questions was about how to ensure schemas would be in sync. When Nishant Kaushik spoke about federated provisioning, again questions had everyone talking about how directories would be able to rely on attributes being “exchangeable” across domains. And when the folks from GM gave their talk the second or third question was about how they decided what attributes would be included in their avatar identities and which would not.

How does this move forward? I get dizzy when I look at all the standards bodies around identity. I’ve got a lot of energy to offer around this and don’t know where to push it. It’s not about a product or a vendor. I’d like to see this be an industry thing that everyone can benefit from.

mii parade – identities go marching at #cat10

August 4, 2010 2 comments

I’ve just returned from Gartner/Burton’s Catalyst 2010 in San Diego (“just” returned when I wrote the first draft, not so much now that I’m finally getting to edit and post…). One of the sessions (Wednesday morning in the identity track) featured GM presenting about their fairly advanced and very well thought out identity management processes and platforms. They had a very mature outlook on what the real sources are for identity and how to empower the business to leverage the value of those identities over time and through the lifecycle.

Perhaps the best example of that was how they manage identities that are not really fully baked, management of avatars. The presenter from GM made a great analogy to explain this. He talked about the Mii parade from the Wii. If your not a Wii person, this needs a bit of context. On the Wii you have an avatar called a Mii. In many games that Mii is what you see on the screen to represent you. Since the Wii is designed to be multi player, you can of course have many Mii’s on a system. Apparently his daughters are just like mine. They make a Mii for every kid that shows up at their home; mine even make them for characters in books and people they meet away from home. What use is the Mii if there is no one to play as them? In some parts of some games, there are parades and other places where crowds appear. And these Mii’s, played with or not, show up on those crowds.

GM will make an identity for anyone that comes to their facilities, even going as far to assign them a unique identifier. If that person eventually ends up as a contractor, then they will retain that identity. If they become an employee, they keep the same identity. And if they leave, the identity is still maintained. They also do similar things for what they termed “people of interest”. These are people like an employee’s spouse, who would be in some systems to receive benefits and there for have one of these avatars or half-baked identities. So, with all these avatars in their systems, when they go through to do large reports and such, they end up with a Mii parade with all these avatars that are not users as such showing up in the crowds.

This struck me as being deeply right. Most organizations want to reduce the identities they have at all costs. But identities are data, and data has value. Of course, Quest and I are fans of reducing accounts and points of access, but that’s quite different. This is about having many singular identities that can be used to fill out your Mii parade so that it acts and feels as real as possible. The rich context can only lead to better and fuller business decisions over time.

For those of you who made it down this far, here’s a sample of what a Mii parade can be like when you just tell the Wii to have all the Mii’s go marching:

Categories: iam Tags: , , , , ,
%d bloggers like this: