Tweet Jam Summary: Identity Management #ogChat

By Patty Donovan, The Open Group

Over 300 tweets were posted during The Open Group’s initial tweet jam, which took place this week on Tuesday morning! The hour of spirited conversation included our expert panel, as well as other participants who joined in the spirited discussion including:

If you missed the event this time, here’s a snapshot of how the discussion went:

Q1: What are the biggest challenges of #idM today? #ogChat

Many agreed that regulations at the federal and business levels are inadequate today. Other big challenges include the lack of funding, managing people not affiliated to an organization and the various contexts surrounding the issue. Here’s a sampling of some of the tweets that drove the discussion:

  • @jim_hietala: For users, managing multiple identities with strong auth credentials across myriad systems #ogChat
  • @ErickaChick: Q1 Even when someone writes a check, no one usually measures effectiveness of the spend  #ogChat
  • @dazzagreenwood: #ogchat biggest challenges of #IdM are complexity of SSO, and especially legal and business aspects. #NSTIC approach can help.
  • @Dana_Gardner: Biggest challenges of ID mgmt today are same ones as 10 years ago, that’s the problem. #ogchat #IdM
Q2: What should be the role of governments and private companies in creating #idM standards? #ogChat

Although our participants agreed that governments should have a central role in creating standards, questions about boundaries, members and willingness to adopt emerged. Dana Gardner pointed out the need for a neutral hub, but will competitors be willing to share identities with rival providers?

  • @JohnFontana: Q2 NISTIC is 1 example of how it might work. They intend to facilitate, then give way to private sector. Will it work? #ogchat
  • @Dana_Gardner: This is clearly a government role, but they dropped the ball. And now the climate is anti-regulation. So too late? #ogChat #IdM
  • @gbrunkhorst: Corps have the ability to span geopolitical boundaries. any solution has to both allow this, and ‘respect borders’ (mutually Excl?)
Q3: What are the barriers to developing an identity ecosystem? #ogChat 

The panelists opposed the idea of creating a single identity ecosystem, but the key issues to developing one rest on trust and assurance between provider and user. Paul Simmonds from the Jericho Forum noted that there are no intersections between the providers of identity management (providers, governments and vendors).

  • @ErickaChick: Q3 So many IT pros forget that #IdM isn’t a tech prob, it’s a biz process prob #ogChat
    • Response from @NadhanAtHP: @wikidsystems Just curious why you “want” multiple ecosystems? What is wrong if we have one even though it may be idealist? #ogChat #idM
    • Response from @wikidsystems: Q3 to be clear, I don’t want one identity eco system, I want many, at least some of which I control (consumer). #ogChat
  • @451wendy: Q3 Context validation for identity attributes. We all use the Internet as citizens, customers, employees, parents, students etc. #ogChat
  • @451wendy: ‘@TheRealSpaf: regulation of minimal standards for interoperability and (sometimes) safety are reasonable. Think NIST vs Congress.” #ogChat

Q4: Identity attributes may be valuable and subject to monetization. How will this play out? #ogChat

The issue of trust continued in the discussion, along with the idea that many consumers are unaware that the monetization of identity attributes occurs.

  • @Technodad: Q4: How about portability? Should I be able to pick up my identity and move to another #idm provider, like I can move my phone num? #ogchat
  • @NadhanAtHP: Q4 Identify attributes along with information analytics & context will allow for prediction and handling of security violations #idM #ogChat

Q5: How secure are single sign-on (#SSO) schemes through Web service providers such as #Google and #Facebook? #ogChat

There was an almost unanimous agreement on the insecurity of these providers, but other questions were also raised.

  • @simmonds_paul: Q5. Wrong question, instead ask why you should trust a self-asserted identity? #ogchat
  • @dazzagreenwood: Q5  #ogchat The real question is not about FB and Google, but how mass-market sso could work with OpenID Connect with *any* provider
  • @Dana_Garnder: Q5. Issue isn’t security, it’s being locked in, and then them using your meta data against you…and no alternatives. #SSO  #ogChat #IdM
  • @NadhanAtHP: Q5 Tracking liability for security violations is a challenge with #SSO schemes across Web Service Providers #idM #ogChat 

Q6: Is #idM more or less secure on #mobile devices (for users, businesses and identity providers)? #ogChat

Even though time edged its way in and we could not devote the same amount of attention to the final question, our participants painted interesting perspectives on how we actually feel about mobile security.

  • @jim_hietala: Q6. Mobile device (in)security is scary, period, add in identity credentials buried in phones, bad news indeed #ogChat
  • @simmonds_paul: Q6. I lose my SecureID card I worry in a week, I lose Cell Phone I may worry in an hour (mins if under 25) – which is more secure? #ogchat
  • @dazzagreenwood: Q6 #ogchat Mobile can be more OR less secure for #ID – depends on 1) implementation, 2) applicable trust framework(s).
  • @Technodad: @jim_hietala Q6: Mobile might make it better through physical control – similar to passport. #ogChat

Thank you to all the participants who made this a possibility, and please stay tuned for our next tweet jam!

Patricia Donovan is Vice President, Membership & Events, at The Open Group and a member of its executive management team. In this role she is involved in determining the company’s strategic direction and policy as well as the overall management of that business area. Patricia joined The Open Group in 1988 and has played a key role in the organization’s evolution, development and growth since then. She also oversees the company’s marketing, conferences and member meetings. She is based in the U.S.