Posts

Showing posts from December, 2005

The toe nails of Identity Elephant

I have over time learned that defining things has not been my strength and over time I have understood that most of us in Identity and Access space can run most of our professional life without have a industry standard definitions. But at the same time, I like to keep a glossary list handy which I attach to every project document and let it change as the client tries to make sense out of their environment. After reading the Dave Kearns and Scott Lemon 's thoughts, I was again reminded of the Identity elephants that seems to be in the room and how people are trying to find it. In that context I think I found that these two people are so close in their definition the way I understood them that I had to write about it. The idea in case of Scott is that Identity is "same as" while for Dave is "Identifying" (which for him somehow always leads to DNA, twins, etc, anyway this may be something for other blog). Now incase of an identification system, the identification

Authentisoft Introduces IDX EAP

I am completely confused by this company's approach in the IAM space. I do not understand what their target market is and can only speculate that it will include small size business or may be a complete Java shop whose developer think this is a good "IAM" product. Take a look at the article (and the discussion ) that have come from Justen Stepka who works with the company. The product seems to be too little too late at first glance (atleast in IAM space) but then may be I donot understand the product and its complete feature set.

Internet Rebels

After watching the Google EPIC , I had a burst of "creative" thought (which is very rare let me tell you) about a futuristic novel based in 2015 about a renegade who is part of a network of people who run a parallel internet over P2P protocol. The idea being that once you develop protocols to index and search the P2P member site using distributed indexes you may be able to browse the net anonymously. But after reading these articles , it seems to me that something like above may become a reality rather than remaining a fiction in my head. But seriously guys is it good to reject a more structured way to generate internet content just because the format is being proposed by companies that are trying to make money out of people's content. May be I am being too naive.

Federation revisited

Image
While going through some articles on the reports from Burton group on Identity Management, I ran into this article from Andre Durand. The basic point of contention was that Burton has predicted that Federation will not be separate product long term while the Patrick Harding contests that it will be a separate product. This point of view from PingID can be attributed to the fact that their flagship product is a federation server though they do provide other components like Token Service . But lets not go there and look at the argument. The basic point of the contention seems to be that the infrastructure needs a federation server to consume SAML assertion and generate internal SAML assertion that can be consumed by the internal infrastructure. But I am not sure whether that means that you have to setup a federation server the way described by them using this diagram. I see the work they describe more the job of a Token Service as I have opined earlier . (which I think is one of the g

FSSO - where are we?

With so many federated sign on specification out there, it was becoming really tough to keep track of them. The way I see, we can divide them in to community site initiated Identity URL based specs like SXIP ( new addition), LID , OpenID , i-names(XRI) vs standard/large vendor initiated identity token based specs like SAML , WS-Federation and infocard. Given that the community initiated specs based on URL based Identity have come together under YADIS (except SXIP and I am hoping they will join the party soon), where does that leave us with WS-*, SAML, Microsoft Infocard and Passel (with counter-signed and self-signed attributes). While the community based FSSO specs are consolidating, the businesses are rolling out services mostly using SAML to perform FSSO between the services that they are providing. We are still waiting for the Infocard and WS-Federation to pick steam. It seems that the infocard may be obsolete by the time it comes out if YADIS is accepted by the community (unl

What is identity - In words of Bulla Shah

I really like the way this this poem explores the basic question of "who am i" i.e. "what is identity". This poem was composed by Bulla Shah , a 17th century sufi poet, and used in a great song . Bulla, who knows who I am? Neither I am a believer (who stays) in a mosque Nor do I indulge in actions of disbelief Nor am I the pure one amongst the impure Neither I exist in books of Vedh Nor do I stay drunk Nor do I remain stoned, rotting Neither I am happy nor sad Nor am I in the (argument of) Purity and Impurity Neither I am (made) of water nor of earth Nor am I fire nor air Neither I am Arabic nor Lahori Nor am I (resident of) the Indian City Nagaori Nor Hindu nor Turk Peshaweri Neither I found the secret of religion Nor did understand Adam and Eve Nor did I create a name for myself From beginning to end, I tried to understand myself I did not come to know of anyone else I am not just another wise one Bulla Shah, who is this standing?

Anti-suite Approach

This article talks about suite vs Anti-suite. Each of these approach have their own pros and cons and fit specific markets. Some factors that may determine it are SMB (suite) vs Enterprise Work with bleeding edge products vs conservative adoption So, I do not think it would be appropriate to categorize any market whether it is network security or identity management as suite or anti-suite.

PingSTS Announced - Identity for Web Services

Given that the InfoCard is based on this service, need to setup a working environment to test this integration. Besides that I am bothered by lack of tokens types on the output side. Anyway, will write about it more once I get chance to do the testing.