October 26th, 2004
Around the Digital ID World
Digital ID World host and editor Phil Becker kicked off the conference asserting that digital identity is the common organizing principle for 
integration, management and security. Without a core focus on identity management, the notion of distributed, networked computing and service-oriented architecture falls apart. "As perimeters dissolve, applications get ever more distributed, and access becomes anywhere, anytime, through any device… identity is the central thread that enables security, control, manageability and accountability in a distributed network," Becker said. "It [identity management] dynamically adjusts to the needs of each user while simultaneously following the policies of the various authorities who control and/or manage the data and applications being used, and allowing auditing of what occurs." *
Jamie Lewis, CEO of the Burton Group, disagrees somewhat with Becker — he describes the organizing principle as business, rather the identity management technology. They are both right, and the major initiative on the identity management front is federation, which is just beginning to catch on.
Many enterprises are skeptical about federated identity — few people have rolled out solutions, and there is ongoing debate and development around standards, from the Liberty Alliance and the WS-* camps. According to Michael Barrett, vice president, Internet Strategy at American Express and president of the Liberty Alliance Project’s Management Board, selling federation has to be user driven. Rather than mandating from the top down, American Express makes the case to the business units, such as 401K and corporate travel, which have business partners they need to collaborate with.
WS-*, championed by IBM and Microsoft, is focused on integrating identity management and federation as part of an overall Web services stack. This approach will take a while to develop, and over time it will interoperate with Liberty’s technology.
According to John Shewchuk, architect for the Distributed Systems Group at Microsoft, the WS-* stack is “by and large done.” Some companies today are building solutions using parts of WS-* stack, such as WS-Security. However, Microsoft products for federated identity management — including Active Directory Federation Services, .Net development tools, and the Longhorn identity system for client systems – won’t be available for a year or two, Shewchuk said.
If you want to federate today, SAML (Security Assertion Markup Language) and Liberty are the primary basis for deployments. The Liberty Alliance predicts that 400 million users (including mobile phone users) will take advantage of Liberty technology by the end of 2005. A reluctant IBM recently joined Liberty to satisfy the business requirements of European telecom operator Orange.
General Motors is planning to put out an RFP for a global federated directory based on the Liberty Alliance technology. "Our model is very collaborative," said Tony Scott, GM’s CTO for information technology (see Phil Windley’s blog on Tony’s presentation at Digital ID World). "We have joint ventures, a supplier community, and contractors. We are so large that a system that isn’t shareable and federatable is impossible administer and manage. We also have dealers all over the world and a complex supply chain. A central scheme for identity wouldn’t work."
In addition to technology issues, building circles of trust that connect enterprises with external partners and suppliers, will require mutual confidence parameters and common operating rules for risk management, dispute resolution, regulatory compliance, and intellectual property rights protection.
Phil Becker paints a picture that has the right vision for identity management, but federation is still lurking out in the future. But, its time will come. The question is not even which technology stack — it’s when the underlying infrastructure and tools make it really low cost, simple and secure to deploy.
