About The Blog

Debate at the intersection of business, technology and culture in the world of digital identity, both commercial and government, a blog born from the Digital Identity Forum in London and sponsored by Consult Hyperion



  • Add to
Technorati Favorites


  • Creative Commons

    Attribution Non-Commercial Share Alike

    This work is licensed under a Creative Commons Attribution - Noncommercial - Share Alike 2.0 UK: England & Wales License.

    Please note that by replying in this Forum you agree to license your comments in the same way. Your comments may be edited and used but will always be attributed.

« Deniz Tuncalp, Turkcell | Main | SOS SMS »

Identity applications

By Dave Birch posted Oct 22 2008 at 9:37 PM

[Dave Birch] What are the IT guys up to at the moment? Do they still see digital identity as a facet of identity management, something that you can buy a product for and tick off the compliance list or do they see it as a strategic component of their organisations roadmap? A little while back, the feeling was that we still weren't seeing the applications, and I'm sure that's still the case:

Without revealing too much of our “off the record” conversation, let me say that I left that call with the same frustration I’ve begun to express here as of late: we’re still building identity infrastructure and have not yet moved to identity applications.

[From From identity infrastructure to identity applications | CSO Blogs]
Yet surely almost everything is an identity application. It doesn’t matter whether it’s payroll, customer service or anything else, identity should be used as an integral part of all applications. Not in the simple "government" sense of requiring a single, unique identity for administrative convenience but integral in the sense of drawing on a common set of resources to make all of the applications not only more secure but easier to implement.

There's a link between this kind of thinking and the architecture it leads to. If you think of "identity" as a kind of box in which to store some personal data, then you tend to think of applications in different silos dipping into the box to take the data that they need. SImilarly, if you think as "identity" a single, unvarying dataset then you will use it, generally inappropriately, in all circumstances. In almost all of the identity applications that are discussed in the corporate environment, identity is irrelevant to the task in hand and bringing identity into the equation makes matters worse (because it makes for more places, more transactions where identity can be stolen from or abused). What's at issue -- whether I'm trying to log in to our VPN and get into the server room -- is permission.

I can't help feeling that part of the problem is that identity management implementation in a large organisation does not begin from an infrastructural perspective or from a long term strategic framework, but from fixing the mundane problem of log-in and then building out. This is the wrong foundation, surely, but you can understand why it happens.

However, the identity and access management vendors discovered that E-SSO was both a market accelerator and offered some important features of interest to customers with regulatory compliance requirements. E-SSO has a shorter sales cycle (typically six months or less) and is able to deploy more rapidly (one to three months depending on the complexity of the environment). Cost for E-SSO varies but many deals are less than $100K, which is easier on the IT budget than most user provisioning software and service projects. Customers could start with E-SSO and then over time add user provisioning, web SSO, federated SSO, and other components of the identity management suites.

[From Burton Group Identity Blog: Why Enterprise Single Sign-On (E-SSO) is More Than Just a Tactical Add-on]

So what they are saying here is that while corporates want to build identity management infrastructure, they do so by building on SSO, an approach that doesn't seem to be getting us anywhere.

These opinions are my own (I think) and are presented solely in my capacity as an interested member of the general public [posted with ecto]


TrackBack URL for this entry:

Listed below are links to weblogs that reference Identity applications:


The comments to this entry are closed.