Friday, March 28, 2008

The Identity Network

It seems that as time passes, there are going to be more and more web services that can provide information about ourselves such as who we are, and what our reputation is. We've moved from relatively simple enterprise identity systems where data was held in a corporate directory towards multiple networks of identity information networks where we provide information about ourselves with the different business service providers we make contact with. In turn, those businesses may start communicating about us on our behalf or for other business reasons. Lot's of issues to be worried about.

It is interesting that the debate around enterprise identity is still going on. Firstly, the post from Jackson Shaw that started some recent discussion on meta-directory and virtual-directory all off: You won't have me to kick around anymore! Which was promptly responded to by Jackson's former Zoomit colleague and identity guru at Microsoft, Kim Cameron: Metadirectory and claims. A discussion then ensued between Dave Kearns, and Kim. My colleague, Nishant Kaushik jumped in with "Virtual Directories + Provisioning = No More MetaDirectory".

Now it seems that in addition to having simple sources of identity information that can make assertions about who we are, or about how good we are - where we are is now going to become possible. Paul Madsen blogs about IGF and Yahoo! FireEagle. This is exciting stuff indeed. But scary too!

We are headed to a far more sophisticated, social concept of identity that spans many more boundaries that the olds days of the corporate e-mail system from which LDAP evolved. But not to worry, we've seen this before with the evolution of the Internet itself evolved based on layered architecture from forerunners like OSI, DECnet, IPX, SNA and others and evolved through multi-protocol routers and eventually evolved or migrated into TCP/IP. Just like we had silos of networks, we have silos of identities spring up all over the place. Suddenly all the complexity of inter-networking simplified into the web we have today.

I believe the Identity Inter-Network (or just plain Identity Network) is going to emerge as a set of abstracting layers that securely link the different sources of identity information with the applications that need and should have access providing we as users agree to it. Kim Cameron has already made a lot of observations about how the Identity Network should function. I'm betting there will be a few more observations to be made. But the important question isn't about which silo I choose to put my data into. The big question at this point is, "What are the equivalent OSI Layers of the Identity Network?" I'm pretty sure there are the communication protocols and transport protocols (LDAP, SAML, ID-WSF, WS-Fed), but what about discovery, routing, transformation/mapping, governance/policy (IGF), and assurance (IAF)? What other layers are needed or are going to emerge?

No comments:

Post a Comment