The toe nails of Identity Elephant

I have over time learned that defining things has not been my strength and over time I have understood that most of us in Identity and Access space can run most of our professional life without have a industry standard definitions. But at the same time, I like to keep a glossary list handy which I attach to every project document and let it change as the client tries to make sense out of their environment.
After reading the Dave Kearns and Scott Lemon's thoughts, I was again reminded of the Identity elephants that seems to be in the room and how people are trying to find it. In that context I think I found that these two people are so close in their definition the way I understood them that I had to write about it. The idea in case of Scott is that Identity is "same as" while for Dave is "Identifying" (which for him somehow always leads to DNA, twins, etc, anyway this may be something for other blog). Now incase of an identification system, the identification means it needs to have information about the entity that it wants to "Identify". So, the process of "identification" for the system means that the representation of the "identity" in the system's memory is "same as" representation of the entity that system has received from the entity (through the authentication information/identifiable attributes). With regards to the other part of Scott's article that is about existance of "Observer", that ties in well with Dave's idea of "identify" that in order to get the "identifiable attribute" in the memory of the system, some one has to "observe" the entity and register its identifiable attributes and so this is an action that takes place before the identifiable attribute can be stored in memory.
So to summarize
  • Observer "observes" the identifiable attribute
  • Observer stores the identifiable attribute in Identification system's memory
  • Entity exposes its identifiable attribute(s) to Identification system
  • Identification System uses the identifiable attribute(s) stored in memory to check whether the Entity's identifiable attribute(s) is "same as" that stored in memory.
And thus we have identified the toe nails of identity elephant.

Comments

Post a Comment

Popular posts from this blog

Vendor List

Updated: November 12 2006 I am trying to come up with the list of vendors and associated products in the Identity and Access Management arena. Please note that this list is based on marketing/public information and my understanding of the terms which may not comply with any specific groups' definitions and/or requirements. This is by no means a complete list and will keep growing as I get more time to add them and find more companies (any help on that front will be really appreciated). Before we go further along, lets try to define what each of these product typically do so that my mode of classification may make sense or any flaw in my classfication will become apparant. Identity Management/User Provisioning These products typically provide the facility of Workflow-based Identity provisioning, password reset, identity reconciliation/discovery, delegated identity administration and self-service features on wide variety of identity platforms (like LDAP, Unix, Windows, Mainfra
Read more

2006 Prediction - Recap

Seems like the 2006 Prediction season is over and so I thought that I will try to capture the various predictions in Identity Management space that I came across. ( Nick at WickID ) Host/Mutual authentication will be critical. There will be an attack against banks using non-cryptographic based host authentication (ie, pictures, cookies). - I am assuming that means machine authentication besides user authentication something similar to that from Passmark and Trusted Network Technology . This makes sense and will really be looking forward to various non-intrusive and intrusive technology in this space. Transaction authentication will become a hot topic later in the year due to session hijacking trojans. - I think people like Bruce Schneier have already been talking about this. An important aspect of transaction authentication is that it needs to be pervasive instead of just being limited to online experience. Besides that the technology that would actually help achieve this should be va
Read more

Understanding IAM Technology: Web Single Sign On (Web SSO) Part I - Introduction and Use Case Definition

Image
Update September 6, 2015: Part II in the series is now available . Update August 19,2006: I am rewriting this entry based on the methodology I am using for some of other domains. Hopefully, the new methodology would make it more useful to some of you. I talk to a lot of people from developer background who still do not have a good background in the IAM technology. Eventhough there is a lot of information on the web, I have felt a lack of good technological discussion on the various component that  actually form the IAM domain. Some of the good sources for the information on IAM are Microsoft Identity and Access Management Series Archie Reed Oracle Federated Identity Buyers guide Oracle Identity Management Buyer's Guide Identity Management Dissected Most of these document discuss the basic concepts but do not extend it to existing technologies and how it applies to them. This series is an attempt to look at the technology behind the Identity and access manage
Read more