Category Archives: Identity Management

The Enterprise Architecture Kaleidoscope

By Stuart Boardman, Senior Business Consultant, Business & IT Advisory, KPN Consulting

Last week I attended a Club of Rome (Netherlands) debate about a draft report on sustainability and social responsibility. The author of the report described his approach as being like a kaleidoscope, because the same set of elements can form quite different pictures.

EA 1

Some people had some difficulty with this. They wanted a single picture they could focus on. To me it felt quite natural, because that’s very much what we try to do in Enterprise Architecture (EA) – produce different views of the same whole for the benefit of different stakeholders. And suddenly I realized how to express the relationship between EA and a broader topic like sustainability. That matters to me, because sustainability is something I’m passionate about and I’d like my work to be some small contribution to achieving that.

Before that, I’d been thinking that EA obviously has a role to play in a sustainable enterprise but I hadn’t convinced myself that the relationship was so fundamental – it felt a bit too much like wishful thinking on my part.

When we talk about sustainability today, we need to be clear that we’re not just talking about environmental issues and we’re certainly not talking about “greenwashing”. There’s an increasing awareness that a change needs to occur (and is to some extent occurring) in how we work, how we do business, how we relate to and value each other and how we relate to and value our natural environment.

This is relevant too for The Open Group Open Platform 3.0™. Plenty is written these days about the role that the Internet of Things and Big Data Analytics can play in sustainability. A lot is actually happening. Too much of this fails to take any account of the kaleidoscope and offers a purely technological and resource centric view of a shining future. People are reduced to being the happy consumers of this particular soma. By bringing other factors and in particular social media and locating the discussion in The Open Group’s traditions of Enterprise Architecture (and see also The Open Group’s work on Identity), these rather dangerous limitations can be overcome.

EA 2

 

 

 

 

EA 3

 Source: Wikipedia

Success in any one of these areas is dependent on success in the others. That was really the message of the Club of Rome discussion.

And that’s where EA comes in – the architecture of a global enterprise. There are multiple stakeholders with multiple concerns. They range from a CEO with a company to keep afloat to a farming community, whose livelihood is threatened by a giant coal mine. They also include those whose livelihood is threatened by closing that mine and governments saddled with crippling national debt. They include the people working to achieve change. These people also have their own areas of focus within the overall picture. There are people designing the new solutions – technological or otherwise. There are the people who will have to operate the changed situation. There are the stewards for the natural environment and the non-human inhabitants of platform Earth.

Now Enterprise Architects are in a sense always concerned with sustainability, at least at the micro level of one organization or enterprise. We try to develop an architecture in which the whole enterprise (and all its parts) can achieve its goals – with a minimum of instability and with the ability to respond effectively to change. That in and of itself requires us to be aware of what’s going on in the world outside our organization’s direct sphere of influence, so it’s a small step to looking at a broader picture and wondering what the future of the enterprise might be in a non-sustainable world.

The next step is an obvious one for any Enterprise Architect – well actually any architect at all in any kind of enterprise. This isn’t a political or moral question (although architects have as much right as anyone to else to such considerations) but really just one of drawing conclusions, which are logical and obvious – unless one is merely driven by short-term considerations. What you do with those conclusions is up to you and constrained by your own situation. You do what you can. You can take the campaigning viewpoint or look for collateral lack of damage or just facilitate sustainability when it’s on the agenda – look for opportunities for re-use or repair. And if your situation is one where nothing is possible, you might want to be thinking about moving on.

Sustainability is not conservatism. Some things reach the end of their useful life or can’t survive unexpected and/or dramatic changes. Some things actually improve as a result of taking a serious knock – what Nicholas Nassim Taleb calls anti-fragility. That’s true in nature at both micro and macro levels and it’s particularly true in nature. It’s not surprising that the ideas of biomimicry are rapidly gaining traction in sustainability circles.

EA 4

 

 

 

 

 

Stickybot

In this sense, agile is really about sustainability. When we work with agile methods, we’re not trying to create something changeless. We’re trying to create a way of working in which our enterprise or some small part of it, can change and adapt so as to continue to fulfill its mission for so long as that remains relevant in the world.

So yes, there’s a lot an (enterprise) architect can do towards achieving a sustainable world and there are more than enough reasons that’s consistent with our role in the organizations and enterprises we serve.

Agreed? Not? Please comment one way or the other and let’s continue the discussion.

SONY DSCStuart Boardman is a Senior Business Consultant with KPN Consulting where he leads the Enterprise Architecture practice and consults to clients on Cloud Computing, Enterprise Mobility and The Internet of Everything. He is Co-Chair of The Open Group Open Platform 3.0™ Forum and was Co-Chair of the Cloud Computing Work Group’s Security for the Cloud and SOA project and a founding member of both The Open Group Cloud Computing Work Group and The Open Group SOA Work Group. Stuart is the author of publications by KPN, the Information Security Platform (PvIB) in The Netherlands and of his previous employer, CGI as well as several Open Group white papers, guides and standards. He is a frequent speaker at conferences on the topics of Open Platform 3.0 and Identity.

1 Comment

Filed under Enterprise Architecture, Enterprise Transformation, Identity Management, Professional Development, Uncategorized

Key Concepts Underpinning Identity Management

By Ian Dobson, The Open Group

Having trust in the true Identity of who and what we connect with in our global online world is vital if we are to have confidence in going online to buy and sell goods, as well as sharing any confidential or private information.  Today, the lack of trust in online Identity forces organizations to set up their own identity management systems, dishing out their own usernames and passwords/PINs for us.  The result is that we end up having to remember (or write and keep in a secret place) typically well over 50 different online identities, which poses a large problem since our online identities are stored by many organizations in many places that are attractive targets for identity thieves.

Online identity is important to all users of computing devices.  Today, our mobile phones are powerful computers.  There are so many mobile apps available that phones are no longer primarily used to make phone calls.  The Internet connects us to a global online world, so we need a global online identity ecosystem that’s robust enough to give us the confidence we need to feel safe and secure online.  Just like credit cards and passports, we need to aim for an online identity ecosystem that has a high-enough level of trust for it to work worldwide.

Of course, this is not easy, as identity is a complex subject.  Online identity experts have been working on trusted identities for many years now, but no acceptable identity ecosystem solution has emerged yet.  There are masses of publications written on the subject by and for technical experts. Two significant ones addressing design principles for online identity are Kim Cameron’s “Laws of Identity“, and the Jericho Forum’s Identity Commandments.

However, these design principles are written for technical experts.  Online identity is a multi-million dollar industry, so why is it so important to non-techie users of online services?

What’s In It For Me?
Why should I care?
Who else has a stake in this?
What’s the business case?
Why should I control my own identity?
Where does privacy come in?
What’s the problem with current solutions?
Why do identity schemes fail?
What key issues should I look for?
How might a practical scheme work?

This is where the Jericho Forum® took a lead.   They recognized the need to provide plain-language answers to these questions and more, so that end-users can appreciate the key issues that make online identity important to them and demand the industry provide identity solutions that make then safe and secure wherever they are in the world.  In August 2012, we published a set of five 4-minute “Identity Key Concepts” videos explaining in a non-techie way why trusted online identity is so important, and what key requirements are needed to create a trustworthy online identity ecosystem.

The Jericho Forum has now followed up by building on the key concepts explained in these five videos in our “Identity Commandments: Key Concepts” guide. This guide fills in the gaps that couldn’t be included in the videos and further explains why supporting practical initiatives aimed at developing a trusted global identity ecosystem is so important to everyone.

Here are links to other relevant identity publications:

Laws of Identity: http://www.identityblog.com/?p=354

Identity Commandments: https://www2.opengroup.org/ogsys/jsp/publications/PublicationDetails.jsp?publicationid=12677

Identity Key Concepts videos: https://collaboration.opengroup.org/jericho/?gpid=326

Identity Commandments: Key Concepts: https://www2.opengroup.org/ogsys/jsp/publications/PublicationDetails.jsp?publicationid=12724

Ian Dobson is the director of the Security Forum and the Jericho Forum for The Open Group, coordinating and facilitating the members to achieve their goals in our challenging information security world.  In the Security Forum, his focus is on supporting development of open standards and guides on security architectures and management of risk and security, while in the Jericho Forum he works with members to anticipate the requirements for the security solutions we will need in future.

Comments Off

Filed under Identity Management

Challenges to Building a Global Identity Ecosystem

By Jim Hietala and Ian Dobson, The Open Group

In our five identity videos from the Jericho Forum, a forum of The Open Group:

  • Video #1 explained the “Identity First Principles” – about people (or any entity) having a core identity and how we all operate with a number of personas.
  • Video #2 “Operating with Personas” explained how we use a digital core identifier to create digital personas –as many as we like – to mirror the way we use personas in our daily lives.
  • Video #3 described how “Trust and Privacy interact to provide a trusted privacy-enhanced identity ecosystem.
  • Video #4 “Entities and Entitlement” explained why identity is not just about people – we must include all entities that we want to identify in our digital world, and how “entitlement” rules control access to resources.

In this fifth video – Building a Global Identity Ecosystem – we highlight what we need to change and develop to build a viable identity ecosystem.

The Internet is global, so any identity ecosystem similarly must be capable of being adopted and implemented globally.

This means that establishing a trust ecosystem is essential to widespread adoption of an identity ecosystem. To achieve this, an identity ecosystem must demonstrate its architecture is sufficiently robust to scale to handle the many billions of entities that people all over the world will want, not only to be able to assert their identities and attributes, but also to handle the identities they will also want for all their other types of entities.

It also means that we need to develop an open implementation reference model, so that anyone in the world can develop and implement interoperable identity ecosystem identifiers, personas, and supporting services.

In addition, the trust ecosystem for asserting identities and attributes must be robust, to allow entities to make assertions that relying parties can be confident to consume and therefore use to make risk-based decisions. Agile roots of trust are vital if the identity ecosystem is to have the necessary levels of trust in entities, personas and attributes.

Key to the trust in this whole identity ecosystem is being able to immutably (enduringly and changelessly) link an entity to a digital Core Identifier, so that we can place full trust in knowing that only the person (or other type of entity) holding that Core Identifier can be the person (or other type of entity) it was created from, and no-one or thing can impersonate it. This immutable binding must be created in a form that guarantees the binding and include the interfaces necessary to connect with the digital world.  It should also be easy and cost-effective for all to use.

Of course, the cryptography and standards that this identity ecosystem depends on must be fully open, peer-reviewed and accepted, and freely available, so that all governments and interested parties can assure themselves, just as they can with AES encryption today, that it’s truly open and there are no barriers to implementation. The technologies needed around cryptography, one-way trusts, and zero-knowledge proofs, all exist today, and some of these are already implemented. They need to be gathered into a standard that will support the required model.

Adoption of an identity ecosystem requires a major mindset change in the thinking of relying parties – to receive, accept and use trusted identities and attributes from the identity ecosystem, rather than creating, collecting and verifying all this information for themselves. Being able to consume trusted identities and attributes will bring significant added value to relying parties, because the information will be up-to-date and from authoritative sources, all at significantly lower cost.

Now that you have followed these five Identity Key Concepts videos, we encourage you to use our Identity, Entitlement and Access (IdEA) commandments as the test to evaluate the effectiveness of all identity solutions – existing and proposed. The Open Group is also hosting an hour-long webinar that will preview all five videos and host an expert Q&A shortly afterward on Thursday, August 16.

Jim Hietala, CISSP, GSEC, is the Vice President, Security for The Open Group, where he manages all IT security and risk management programs and standards activities. He participates in the SANS Analyst/Expert program and has also published numerous articles on information security, risk management, and compliance topics in publications including The ISSA Journal, Bank Accounting & Finance, Risk Factor, SC Magazine, and others.

 

Ian Dobson is the director of the Security Forum and the Jericho Forum for The Open Group, coordinating and facilitating the members to achieve their goals in our challenging information security world.  In the Security Forum, his focus is on supporting development of open standards and guides on security architectures and management of risk and security, while in the Jericho Forum he works with members to anticipate the requirements for the security solutions we will need in future.

1 Comment

Filed under Identity Management, Uncategorized

WEBINAR: The Jericho Forum Presents Identity Key Concepts

By Ian Dobson, The Open Group

On Thursday, August 16 at 8:00 a.m. PT/ 4:00 p.m. BST/5:00 p.m. CET, identity management experts will host a webinar to discuss the key concepts in identity management today.

The Jericho Forum recently published a video series that looked at the topics of “Identity First Principles,” “Operating with Personas,” “Trust and Privacy” and Entities and Entitlement. The fifth and final video will be released on Tuesday, August 14 and will examine the global identity ecosystem and the key challenges that need to be solved in order to realize it.

During the hour-long webinar, the panel will preview these five short videos, which explain in cartoon-style why “identity” is important to everyone – eBusiness managers, eCommerce operations and individual eConsumers – and how to safeguard our ability to control and manage our own identity and privacy in cyberspace. Then, a panel Q&A will discuss the need as to why every online user needs an identity ecosystem that satisfies our Jericho Forum Identity Commandments. The webinar will also coincide with the second day of the inaugural NSTIC Identity Ecosystem Steering Group meeting in Chicago on August 15-16, in which The Open Group will be a strongly supportive participant.

The webinar panel is made up of the following members and advocates of the Jericho Forum:

  • Guy Bunker, Jericho Forum Steering Committee member
  • Ian Dobson, The Open Group
  • Jim Hietala, The Open Group
  • Dazza Greenwood, MIT Media Labs
  • Paul Simmonds, Jericho Forum founding member
  • Andrew Yeomans, Jericho Forum founding member

To register for the webinar please visit: https://opengroupevents.webex.com/ec0606l/eventcenter/enroll/join.do?confViewID=1002904418&theAction=detail&confId=1002904418&path=program_detail&siteurl=opengroupevents

Here are some additional resources on the topic of identity management that were developed around The Open Group conference in Washington, D.C.:

Ian Dobson is the director of the Security Forum and the Jericho Forum for The Open Group, coordinating and facilitating the members to achieve their goals in our challenging information security world.  In the Security Forum, his focus is on supporting development of open standards and guides on security architectures and management of risk and security, while in the Jericho Forum he works with members to anticipate the requirements for the security solutions we will need in future.

2 Comments

Filed under Identity Management

Entities and Entitlement – The Bigger Picture of Identity Management

By Jim Hietala and Ian Dobson, The Open Group

In the first of these five identity videos from the Jericho Forum, a forum of The Open Group, we explained the “Identity First Principles” – about people (or any entity) having a core identity, and how we all operate with a number of personas. In the second “Operating with Personas” video, we explained how we use a digital core identifier to create digital personas –as many as we like – to mirror the way we use personas in our daily lives. And in the third video we described how “Trust and Privacy” interact to provide a trusted privacy-enhanced identity ecosystem.

In this fourth “Entities and Entitlement” video, we explain the bigger picture – why identity is not just about people. It’s about all things – we call them “entities” – that we want to identify in our digital world. Also, an identity ecosystem doesn’t stop at just “identity,” but additionally involves “entitlement” to access resources.

In our identity ecosystem, we define five types of “entity” that require digital identity: people, devices, organizations, code and agents. For example, a laptop is a device that needs identity. Potentially this device is a company-owned laptop and, therefore, will have a “corporate laptop” persona involving an organization identity. The laptop is running code (we include data in this term), and this code needs to be trusted, therefore, necessitating both identity and attributes. Finally there are agents – someone or something you give authority to act on your behalf. For example, you may give your personal assistant the authority to use specified attributes of your business credit card and frequent flyer personas to book your travel, but your assistant would use their identity.

Identity needs to encompass all these entities to ensure a trusted transaction chain.

All entities having their identity defined using interoperable identifiers allows for rich risk-based decisions to be made. This is “entitlement” – a set of rules, defined by the resource owner, for managing access to a resource (asset, service, or entity) and for what purpose. The level of access is conditioned not only by your identity but is also likely to be constrained by a number of further security considerations. For example your company policy, your location (i.e., are you inside your secure corporate environment, connected via a hotspot or from an Internet café, etc.) or time of day.

In the final (fifth) video, which will be released next Tuesday, August 14, we will examine how this all fits together into a global Identity ecosystem and the key challenges that need to be solved in order to realize it.

Jim Hietala, CISSP, GSEC, is the Vice President, Security for The Open Group, where he manages all IT security and risk management programs and standards activities. He participates in the SANS Analyst/Expert program and has also published numerous articles on information security, risk management, and compliance topics in publications including The ISSA Journal, Bank Accounting & Finance, Risk Factor, SC Magazine, and others.

Ian Dobson is the director of the Security Forum and the Jericho Forum for The Open Group, coordinating and facilitating the members to achieve their goals in our challenging information security world.  In the Security Forum, his focus is on supporting development of open standards and guides on security architectures and management of risk and security, while in the Jericho Forum he works with members to anticipate the requirements for the security solutions we will need in future.

1 Comment

Filed under Identity Management

Trust and Privacy – In an Identity Management Ecosystem

By Jim Hietala and Ian Dobson, The Open Group

In the first of these five identity videos from the Jericho Forum, a forum of The Open Group, we explained the “Identity First Principles” – about people (or any entity) having a core identity, and how we all operate with a number of personas. In the second “Operating with Personas” video, we explained how creating a digital core identifier from your (real-world) core identity must involve a trusted process that is immutable (i.e. enduring and unchangeable), and how we can create digital personas –as many as we like – to mirror the way we use personas in our daily lives.

This third video explains how trust and privacy interact to provide a trusted privacy-enhanced identity ecosystem:

Each persona requires only the personal information (attributes) it needs it assert what a relying party needs to know, and no more.  For example, your “eGovernment citizen” persona would link your core identifier to your national government confirmation that you are a citizen, so if this persona is hacked, then only the attribute information of you being a citizen would be exposed and nothing else.  No other attributes about you would be revealed, thereby protecting all your other identity information and your privacy.

This is a fundamental difference to having an identity provider that maintains a super-store containing all your attributes, which would all be exposed if it was successfully hacked, or possibly mis-used under some future change-of-use marketing or government regulatory power. Remember, too, that once you give someone else, including identity providers, personal information, then you‘ve given up your control over how well it’s maintained/updated and used in the future.

If a relying party needs a higher level of trust before accepting that the digital you is really you, then you can create a new persona with additional attributes that will provide the required level of trust, or you can supply several of your personas (e.g., your address persona, your credit card persona and your online purchasing account persona), which together provide the relying party with the level of trust they need. A good example of this is buying a high-value item to be delivered to your door. Again, you only have to reveal information about you that the relying party requires.  This minimizes the exposure of your identity attributes and anyone’s ability to aggregate identity information about you.

In the next (fourth) video, which will be released next Tuesday, August 7, we will look at the bigger picture to understand why the identity ecosystem needs to be about more than just people.

Jim Hietala, CISSP, GSEC, is the Vice President, Security for The Open Group, where he manages all IT security and risk management programs and standards activities. He participates in the SANS Analyst/Expert program and has also published numerous articles on information security, risk management, and compliance topics in publications including The ISSA Journal, Bank Accounting & Finance, Risk Factor, SC Magazine, and others.

Ian Dobson is the director of the Security Forum and the Jericho Forum for The Open Group, coordinating and facilitating the members to achieve their goals in our challenging information security world.  In the Security Forum, his focus is on supporting development of open standards and guides on security architectures and management of risk and security, while in the Jericho Forum he works with members to anticipate the requirements for the security solutions we will need in future. 

Comments Off

Filed under Identity Management

Real-world and Online Personas – From an Identity Management Perspective

By Jim Hietala and Ian Dobson, The Open Group

In the first of the five identity videos from the Jericho Forum, a forum of The Open Group, we explained the “Identity First Principles” – about people (or any entity) having a core identity, and how we all operate with a number of personas that should be under our control using the principle of primacy, i.e., giving you the ability to control the information about your own identity. You may, of course, decide to pass that control on to some other identity management party.

In this second “Operating with Personas” video, we explain how creating a digital core identifier from your (real-world) core identity must involve a trusted process that is immutable, enduring and unchangeable.

We then describe how we need to create digital personas to mirror the way we use personas in our daily lives – at work, at home, handling our bank accounts, with the tax authority, at the golf club, etc. We can create as many digital personas for ourselves as we wish and can also create new personas from existing ones. We explain the importance of the resulting identity tree, which only works one-way; to protect privacy, we can never go back up the tree to find out about other personas created from the core identifier, especially not the real-world core identity itself. Have a look for yourself:

As you can see, the trust that a relying party has in a persona is a combination of the trust in its derivation from an immutable and secret core identifier – its binding to a trusted organizational identifier, and its attribute information provided by the relevant trusted attribute provider.

In the next (third) video, which will be released next Tuesday, July 31, we will see how trust and persona interact to provide a privacy-enhanced identity ecosystem.

Jim Hietala, CISSP, GSEC, is the Vice President, Security for The Open Group, where he manages all IT security and risk management programs and standards activities. He participates in the SANS Analyst/Expert program and has also published numerous articles on information security, risk management, and compliance topics in publications including The ISSA Journal, Bank Accounting & Finance, Risk Factor, SC Magazine, and others.

Ian Dobson is the director of the Security Forum and the Jericho Forum for The Open Group, coordinating and facilitating the members to achieve their goals in our challenging information security world.  In the Security Forum, his focus is on supporting development of open standards and guides on security architectures and management of risk and security, while in the Jericho Forum he works with members to anticipate the requirements for the security solutions we will need in future. 

Comments Off

Filed under Identity Management

Understanding the Importance of Identity

By Jim Hietala and Ian Dobson, The Open Group

In May 2011, the Jericho Forum, a forum of The Open Group, published its Identity, Entitlement & Access (IdEA) commandments, which specified 14 design principles that are essential for identity management solutions to assure globally interoperable trusted identities in cyberspace. These IdEA commandments are aimed at IT architects and designers of both Identity Management and Access Management systems, but the  importance of “identity” extends to everyone – eBusiness managers, eCommerce operations, and individual eConsumers. In order to safeguard our ability to control and manage our own identity and privacy in online activities, we need every online user to support creating an Identity Ecosystem that satisfies these IdEA commandments.

We’re proud to announce that the Jericho Forum has created a series of five “Identity Key Concepts” videos to explain the key concepts that we should all understand on the topics of identity, entitlement, and access management in cartoon-style plain language.

The first installment in the series, Identity First Principles, available here and below, starts the discussion of how we identify ourselves. The video describes some fundamental concepts in identity, including core identity, identity attributes, personas, root identity, trust, attribute aggregation and primacy. These can be complex concepts for non-identity experts However, the cartoons describe the concepts in an approachable and easy-to-understand manner.

The remaining videos in the series cover the following concepts:

  • Video 2 – Operating with Personas
  • Video 3 – Trust and Privacy
  • Video 4 – The Bigger Picture, Entities and Entitlements
  • Video 5 – Building a Global Ecosystem

These identity cartoon videos will be published on successive Tuesdays over the next five weeks, so be sure to come back next Tuesday!

Jim Hietala, CISSP, GSEC, is the Vice President, Security for The Open Group, where he manages all IT security and risk management programs and standards activities. He participates in the SANS Analyst/Expert program and has also published numerous articles on information security, risk management, and compliance topics in publications including The ISSA Journal, Bank Accounting & Finance, Risk Factor, SC Magazine, and others.

 

Ian Dobson is the director of the Security Forum and the Jericho Forum for The Open Group, coordinating and facilitating the members to achieve their goals in our challenging information security world.  In the Security Forum, his focus is on supporting development of open standards and guides on security architectures and management of risk and security, while in the Jericho Forum he works with members to anticipate the requirements for the security solutions we will need in future. 

1 Comment

Filed under Identity Management

Social Networks – Challenging an Open Internet? Walled Gardens Tweet Jam

By Patty Donovan, The Open Group

On July 10, The Open Group will host a special tweet jam to examine “walled gardens” and the effect of social media networks on the web.

The World Wide Web was originally intended to be an open platform – from the early forums for programmers exchanging code or listservs to today’s daily photo blogs or corporate website providing product information. Information was meant to be free and available for public consumption, meaning any link on the World Wide Web could be accessed by anyone, anytime.

With the advent of Web 2.0, content no longer roams free. Increasingly, private companies and social networks, such as Facebook and Google Plus, have realized the value of controlling information and restricting the once open flow of the Internet. A link to a Facebook profile, for example, doesn’t lead to a member’s Facebook page, but instead to an invitation to join Facebook – a closed, member-only network where one must be inside the network to derive any benefit. And once one joins one of these “walled gardens,” personal content is shared in ways that are uncontrollable by the user.

As web data continues to explode and more and more information about Internet usage is gathered across sites, the pressure to “grow the gardens” with more personal data and content will continue to increase.

Please join us on July 10 at 9:00 a.m. PT/12:00 p.m. ET/5:00 p.m. BST for a tweet jam that will discuss the future of the web as it relates to information flow, identity management and privacy in the context of “walled garden” networks such as Facebook and Google. We welcome Open Group members and interested participants from all backgrounds to join the session and interact with our panel of experts, including:

To access the discussion, please follow the #ogChat hashtag next Tuesday during the allotted discussion time. Other hashtags we recommend you using include:

  • Open Group Conference, Washington, D.C.: #ogDCA
  • Facebook: #fb (Twitter account: @facebook)
  • Google: #google (Twitter account: @google)
  • Identity management: #idM
  • Mobile: #mobile
  • IT security: @ITsec
  • Semantic web: #semanticweb
  • Walled garden: #walledgarden
  • Web 2.0: #web20

Below is a list of the questions that will be addressed during the hour-long discussion:

  1. In the context of the World Wide Web, why has there been a shift from the open Internet to portals, apps and walled environments?
  2. How has this trend affected privacy and control? Do users have enough control over their IDs and content within walled garden networks?
  3. What has been the role of social and mobile in developing walled gardens? Have they accelerated this trend?
  4. Can people use the Internet today without joining a walled garden network? What does this say about the current web?
  5. Is there any way to reconcile the ideals of the early web with the need for companies to own information about users?
  6. What Web 2.0 lessons learned should be implemented into the next iteration of the web?

And for those of you who are unfamiliar with tweet jams, here is some background information:

What Is a Tweet Jam?

A tweet jam is a one hour “discussion” hosted on Twitter. The purpose of the tweet jam is to share knowledge and answer questions on a chosen topic. Each tweet jam is led by a moderator (Dana Gardner) and a dedicated group of experts to keep the discussion flowing. The public (or anyone using Twitter interested in the topic) is free (and encouraged!) to join the discussion.

Participation Guidance

Whether you’re a newbie or veteran Twitter user, here are a few tips to keep in mind:

  • Have your first #ogChat tweet be a self-introduction: name, affiliation, occupation.
  • Start all other tweets with the question number you’re responding to and the #ogChat hashtag.
    • Sample: “Q4 People can still use the Internet without joining a walled garden, but their content exposure would be extremely limited #ogChat”
  • Please refrain from product or service promotions. The goal of a tweet jam is to encourage an exchange of knowledge and stimulate discussion.
  • While this is a professional get-together, we don’t have to be stiff! Informality will not be an issue!
  • A tweet jam is akin to a public forum, panel discussion or Town Hall meeting – let’s be focused and thoughtful.

If you have any questions prior to the event, please direct them to Rod McLeod (rmcleod at bateman-group dot com). We anticipate a lively chat on July 10 and hope you will be able to join!

Patricia Donovan is Vice President, Membership & Events, at The Open Group and a member of its executive management team. In this role she is involved in determining the company’s strategic direction and policy as well as the overall management of that business area. Patricia joined The Open Group in 1988 and has played a key role in the organization’s evolution, development and growth since then. She also oversees the company’s marketing, conferences and member meetings. She is based in the US.

Comments Off

Filed under Identity Management, Tweet Jam

Tweet Jam Summary: Identity Management #ogChat

By Patty Donovan, The Open Group

Over 300 tweets were posted during The Open Group’s initial tweet jam, which took place this week on Tuesday morning! The hour of spirited conversation included our expert panel, as well as other participants who joined in the spirited discussion including:

If you missed the event this time, here’s a snapshot of how the discussion went:

Q1: What are the biggest challenges of #idM today? #ogChat

Many agreed that regulations at the federal and business levels are inadequate today. Other big challenges include the lack of funding, managing people not affiliated to an organization and the various contexts surrounding the issue. Here’s a sampling of some of the tweets that drove the discussion:

  • @jim_hietala: For users, managing multiple identities with strong auth credentials across myriad systems #ogChat
  • @ErickaChick: Q1 Even when someone writes a check, no one usually measures effectiveness of the spend  #ogChat
  • @dazzagreenwood: #ogchat biggest challenges of #IdM are complexity of SSO, and especially legal and business aspects. #NSTIC approach can help.
  • @Dana_Gardner: Biggest challenges of ID mgmt today are same ones as 10 years ago, that’s the problem. #ogchat #IdM
Q2: What should be the role of governments and private companies in creating #idM standards? #ogChat

Although our participants agreed that governments should have a central role in creating standards, questions about boundaries, members and willingness to adopt emerged. Dana Gardner pointed out the need for a neutral hub, but will competitors be willing to share identities with rival providers?

  • @JohnFontana: Q2 NISTIC is 1 example of how it might work. They intend to facilitate, then give way to private sector. Will it work? #ogchat
  • @Dana_Gardner: This is clearly a government role, but they dropped the ball. And now the climate is anti-regulation. So too late? #ogChat #IdM
  • @gbrunkhorst: Corps have the ability to span geopolitical boundaries. any solution has to both allow this, and ‘respect borders’ (mutually Excl?)
Q3: What are the barriers to developing an identity ecosystem? #ogChat 

The panelists opposed the idea of creating a single identity ecosystem, but the key issues to developing one rest on trust and assurance between provider and user. Paul Simmonds from the Jericho Forum noted that there are no intersections between the providers of identity management (providers, governments and vendors).

  • @ErickaChick: Q3 So many IT pros forget that #IdM isn’t a tech prob, it’s a biz process prob #ogChat
    • Response from @NadhanAtHP: @wikidsystems Just curious why you “want” multiple ecosystems? What is wrong if we have one even though it may be idealist? #ogChat #idM
    • Response from @wikidsystems: Q3 to be clear, I don’t want one identity eco system, I want many, at least some of which I control (consumer). #ogChat
  • @451wendy: Q3 Context validation for identity attributes. We all use the Internet as citizens, customers, employees, parents, students etc. #ogChat
  • @451wendy: ‘@TheRealSpaf: regulation of minimal standards for interoperability and (sometimes) safety are reasonable. Think NIST vs Congress.” #ogChat

Q4: Identity attributes may be valuable and subject to monetization. How will this play out? #ogChat

The issue of trust continued in the discussion, along with the idea that many consumers are unaware that the monetization of identity attributes occurs.

  • @Technodad: Q4: How about portability? Should I be able to pick up my identity and move to another #idm provider, like I can move my phone num? #ogchat
  • @NadhanAtHP: Q4 Identify attributes along with information analytics & context will allow for prediction and handling of security violations #idM #ogChat

Q5: How secure are single sign-on (#SSO) schemes through Web service providers such as #Google and #Facebook? #ogChat

There was an almost unanimous agreement on the insecurity of these providers, but other questions were also raised.

  • @simmonds_paul: Q5. Wrong question, instead ask why you should trust a self-asserted identity? #ogchat
  • @dazzagreenwood: Q5  #ogchat The real question is not about FB and Google, but how mass-market sso could work with OpenID Connect with *any* provider
  • @Dana_Garnder: Q5. Issue isn’t security, it’s being locked in, and then them using your meta data against you…and no alternatives. #SSO  #ogChat #IdM
  • @NadhanAtHP: Q5 Tracking liability for security violations is a challenge with #SSO schemes across Web Service Providers #idM #ogChat 

Q6: Is #idM more or less secure on #mobile devices (for users, businesses and identity providers)? #ogChat

Even though time edged its way in and we could not devote the same amount of attention to the final question, our participants painted interesting perspectives on how we actually feel about mobile security.

  • @jim_hietala: Q6. Mobile device (in)security is scary, period, add in identity credentials buried in phones, bad news indeed #ogChat
  • @simmonds_paul: Q6. I lose my SecureID card I worry in a week, I lose Cell Phone I may worry in an hour (mins if under 25) – which is more secure? #ogchat
  • @dazzagreenwood: Q6 #ogchat Mobile can be more OR less secure for #ID – depends on 1) implementation, 2) applicable trust framework(s).
  • @Technodad: @jim_hietala Q6: Mobile might make it better through physical control – similar to passport. #ogChat

Thank you to all the participants who made this a possibility, and please stay tuned for our next tweet jam!

Patricia Donovan is Vice President, Membership & Events, at The Open Group and a member of its executive management team. In this role she is involved in determining the company’s strategic direction and policy as well as the overall management of that business area. Patricia joined The Open Group in 1988 and has played a key role in the organization’s evolution, development and growth since then. She also oversees the company’s marketing, conferences and member meetings. She is based in the U.S.

Comments Off

Filed under Identity Management, Tweet Jam

Connect with @theopengroup on April 17 for an Identity Management Tweet Jam #ogChat

By Patty Donovan, The Open Group

In about a week, The Open Group will be hosting its very first tweet jam! In case you’re not familiar with tweet jams, a tweet jam is a one hour “discussion” hosted on Twitter. The purpose of the tweet jam is to share knowledge and answer questions on a chosen topic – in this case, identity management. Each tweet jam is led by a moderator (The Open Group) and a dedicated group of experts to keep the discussion flowing. The public (or anyone using Twitter interested in the topic) is free (and encouraged!) to join the discussion.

Tweet, Tweet – Come Join Us

You can join our Identity Management Tweet Jam on April 17 at 9:00 a.m. PT/12:00 p.m. ET/5:00 p.m. BST. We welcome Open Group members and interested participants from all backgrounds to participate in the session and interact with our panel of experts in the identity management space.

Here is the current line-up for our expert panel:

To access the discussion, please follow the #ogChat hashtag next Wednesday during the allotted discussion time. Other hashtags we recommend you use for this tweet jam that encompass the topics that will be discussed include:

  • Identity management: #IdM
  • Single sign-on: #SSO
  • Cloud computing: #cloud
  • Mobile: #mobile
  • IT security: #ITSec
  • Information security: #InfoSec
  • Enterprise identity: #EntID
  • Identity ecosystem: #IDecosys

Below are a list of the questions that will be addressed during the hour-long discussion:

  1. What are the biggest challenges of identity management today?
  2. What should be the role of governments and private companies in creating identity management standards?
  3. What are the barriers to developing an identity ecosystem?
  4. Identity attributes may be valuable and subject to monetization. How will this play out?
  5. How secure are single sign-on schemes through Web service providers such as Google and Facebook?
  6. Is identity management more or less secure on mobile devices?
Participation Guidance

Whether you’re a newbie or veteran Twitter user, here are a few tips to keep in mind:

  • Have your first #ogChat tweet be a self-introduction: name, affiliation, occupation.
  • Start all other tweets with the question number you’re responding to and the #ogChat hashtag.
    • Sample: “Q2: @theopengroup, attributes are absolutely more critical than biometrics #IdM #ogChat”
  • Please refrain from product or service promotions. The goal of a tweet jam is to encourage an exchange of knowledge and  stimulate discussion.
  • While this is a professional get-together, we don’t have to be stiff! Informality will not be an issue!
  • A tweet jam is akin to a public forum, panel discussion or Town Hall meeting – let’s be focused and thoughtful.

If you have any questions prior to the event, please direct them to Rod McLeod (rmcleod at bateman-group dot com). We anticipate a lively chat on April 17, so you will be able to join!

Patricia Donovan is Vice President, Membership & Events, at The Open Group and a member of its executive management team. In this role she is involved in determining the company’s strategic direction and policy as well as the overall management of that business area. Patricia joined The Open Group in 1988 and has played a key role in the organization’s evolution, development and growth since then. She also oversees the company’s marketing, conferences and member meetings. She is based in the US.

2 Comments

Filed under Identity Management, Tweet Jam