Technometria

Home
Why Technometria?
RSS
Atom
Podcast Feed
Add to Google

Recommend This Site

About Phil

Brief Bio
Contact Info
Phil on Twitter
Speaking
InfoWorld
Photo Albums
Video Favorites
CTO Breakfast

Essays

2006
2005
2004
2003
CIO White Papers

Software

Packages

Topic Guides

Understanding RSS
Digital ID Policies
Understanding VoIP
Internet Application Performance
Setting Up a Linux Server
Public Service Tips

Categories

Blog TagCloud

Archives

July 2009
June 2009
May 2009
April 2009
March 2009
February 2009
January 2009
December 2008
November 2008
October 2008
September 2008
August 2008
July 2008
June 2008
May 2008
April 2008
March 2008
February 2008
January 2008
December 2007
November 2007
October 2007
September 2007
August 2007
July 2007
June 2007
May 2007
April 2007
March 2007
February 2007
January 2007
December 2006
November 2006
October 2006
September 2006
August 2006
July 2006
June 2006
May 2006
April 2006
March 2006
February 2006
January 2006
December 2005
November 2005
October 2005
September 2005
August 2005
July 2005
June 2005
May 2005
April 2005
March 2005
February 2005
January 2005
December 2004
November 2004
October 2004
September 2004
August 2004
July 2004
June 2004
May 2004
April 2004
March 2004
February 2004
January 2004
December 2003
November 2003
October 2003
September 2003
August 2003
July 2003
June 2003
May 2003
April 2003
March 2003
February 2003
January 2003
December 2002
November 2002
October 2002
September 2002
August 2002
July 2002
June 2002
May 2002

Utah Tech Organizations

BYU Unix User's Group
Provo Linux User's Group
Utah Valley Linux User's Group
Ubuntu Utah
Salt Lake LUG
USU Free Software and Linux Club
Greater Utah BSD User Group
Utah PHP Users Group
Utah Python User Group
Utah Ruby Users Group
Ogden Area LUG
Southern Utah Unix Users Group
UtahSAINT

Copyright

Copyright © 2002-2006 PJW LC. Some rights reserved. Technometria is a trademark of PJW LC in the United States and other countries.

« October 15, 2003 | Main | October 17, 2003 »

October 16, 2003

Details on the Vonage Ruling

The judge who vacated the Minnesota Public Services Commission regulations concerning Vonage earlier in the week issued more detailed comments and rationale today. In a Washington Post article the judge is quoted:

State regulation would effectively decimate Congress's mandate that the Internet remain unfettered by regulation. The court therefore grants Vonage's request for injunctive relief.

I haven't found the actual ruling yet to link to. The MPSC has not said whether they'll appeal or not, but I think its a foregone conclusion that they will.

The real issue in my mind is this. If I had brought the Cisco ATA186 that Vonage gave me to my hotel in Colorado, it would work. I'd be using an 801 number, but with number portability, I think we'll see the tie between numbers and geography disappear over time. Its just a billing question now. I'd be using networks in Colorado to talk to a switch in New Jersey. Which gateway I use depends on who I call or who calls me. So why does Utah have a stake in regulating that transaction?

06:02 PM | Recommend This | Print This

DIDW: Personal Area Networks

While I was chatting with Andre and Doc today, Andre mentioned something that I liked: a personal area network. Your personal area network is the group of folks in your buddy list. This is an incredible resource that no one has really tapped. People who use instant messaging have taken the time to indicate the people that they consider their friends and right now all its used for is chatting and presence. There's got to be other things that we could do with it. This comment happened in the context of a larger conversation with Simon Grice, the founder of Midentity. Midentity is pretty cool little application that is integrating lots of connectivity and identity information into a single pane. I called it a "personal identity management" tool and that seemed to resonate with Simon, Doc, and Andre.

Simon is doing something in England that uses SMS enabled phones to create community groups that people can use for neighborhood watch and similar purposes. I liked the idea a lot.

03:34 PM | Recommend This | Print This

DIDW: How Identity will Refocus IT

Here's the cast of players:

  • Moderator: Phil Becker, Editor, Digital ID World
  • Rick Caccia, Director & Product Mgr, Oblix
  • Brian Anderson, Program Director, IBM Tivoli
  • Andy Eliopoulos, Director, Business Mgt. Network Identity, Sun
  • Kurt Johnson, VP Business Development, Courion

The number of applications that IT shops are supporting and the number of connections to partner systems is going up, not going down. Companies that can put the right people through the right resources, with the right resources are the companies that succeed. Identity has moved beyond can I come in, to the questions of where can I go and what can I do.

Measure the right thing or it will bite you: internal help desks sometimes fight against identity management solutions because they're measured on how many calls they take and how long they spend on the calls. If you introduce a password self-service reset system and calls to the help desk go down, help desks that are measured on the wrong things will be punished and consequently give pushback.

IT needs to remember that telling management what a technology does isn't the same as telling business why they need the technology. The example given in the panel is meta-directories. Explaining what a meta-directory does isn't the same as describing the business problems that it solves.

One of the problems with identity projects is that they requires some degree of centralized coordination. That means that its not a business unit decision, but an enterprise decision. This raises questions of governance and politics that haven't been part of the equation before.

The problem with this panel is that Phil is asking CIO-type question of a group of vendors and they're falling all over their tongues trying to come up with smart sounding answers. Phil asked about the centralization issue I pose above and follows up with a question about whether standards will alleviate this problem. No one gave the right answer. The right answer is that governance is the issue and that has to be worked out whether you've got industry standards or not. Governance implies that you've going to create an enterprise architecture and an interoperability framework. Once you've got those then each business unit can go do their own thing, follow the standards, and the system will stand a chance or working. Without them, its endless meetings leading to project failure.

03:05 PM | Recommend This | Print This

DIDW: Tony Scott Keynote

Tony Scott, GM's CTO, is today's second keynote.

SInce 1996 GM has made significant progress toward common processes. They've reduced their legacy systems from 7000 to 3500. They have built a common email systems, created a global employee portal, created a single global CAD/CAM system (down from 23), and gone from having the highest IT cost as a percentage of sales to the lowest IT cost in the industry. That is impressive.

They've achieved this by taking a "one-company" approach to IT. They still have regional CIO's responsible for systems, but overlay that with cross regional "process information officers" that worry about supply chain, network, etc. Tony's one of those cross-regional offices. GM is 100% outsourced. There's no one in GM who's writing code, running data centers, administering networks, etc. GM manages IT by contract. What GM does internally is the "value innovation" function (see Modular IT Organization) that decides how IT can be used to help the business.

GM has been working on IdM since the current management team arrived in 1996. They started by working on the fragmented directories and worked toward a common directory infrastructure. They've been active in Liberty from its start because they saw the need to federate inside and outside GM. They've used Liberty to provide SSO in the employee portal (Socrates). They did this with an external benefits provider. Some lessons learned:

  • Trust is important: organization to organization, audit, and security.
  • Liability and support issues: costs and escalation process for problems.
  • User issues: users thought it was broken and called the help desk because it didn't continually ask them for a password.
  • Spend time on the use cases: work through all the specific cases like new employees, status changes, session time-outs, logging out of one site, but not another, and so on.
  • Obtain business buy-in: why is this important? What are the risks and benefits?

GM has built a global employee phonebook. It took a year to get regulatory approval in Europe. Europe has defined privacy as a human right while in the US data protection laws quickly run afoul of free speech issues. This means that location of data is important (in what country). Are you going to move that data outside the territorial boundary of the country. Data center consolidation turned from technology issue to a regulatory issue. One big lesson was that their data access and retention policies had to be harmonized globally.

Digital ID in Auto Manufacturing: Every vehicle has a unique ID that has not traditionally been leveraged very well. They're starting to change that. GM build about 250 test fleet vehicles of each type and subjects them to various conditions. There are 55 microprocessors on board for diagnostic purposes. In the old process, GM collected data in the test fleet on an ad hoc basis, there was significant lag time, and the data was only available to a few. It could take 180 days to get data from the test fleet into the engineering process and affect manufacturing. Today they collect data daily through OnStar, the results are available in real time on the internal network. Some problems can be corrected in real time. The benefit is a shortened engineering to production cycle. They are at 18 months now (down from 5 years). This also removes significant warranty costs by decreasing false positives, for example.

The long term implications:

  • DIgital IDs for many things, not just people.
  • Management tools will be necessary for commercial and personal applications
  • Rules for access and privacy are unclear
  • Still room for technology innovation in this space

10:15 AM | Recommend This | Print This

DIDW: Jamie Lewis

Jamie Lewis, from the Burton Group, is giving today's first keynote. I remember enjoying Jamie's talk last year, although I didn't realize how much was there. I ask him for the slides and recently went back and reviewed them and realized how many concepts I hadn't gotten at all a year ago that now seem very important.

Jamie defines the virtual enterprise network (VEN) as the corporate network along with the connections to employees, partners, customers, and suppliers. Jamie's first thesis is that tightly coupled systems won't enable large-scale interoperability. The most important benefit of Web services is that it turns the network into a platform. Businesses are just starting to map out Web services strategies.

Jamie's second thesis is that exclusionary business models (read: firewalls) do not enable business. Identity enables an inclusive model that goes beyond the necessary but insufficient perimeter security models that are common today.

The same market pressures that are driving Web services are driving digital identity management (IdM). We have made significant progress in the last year in the deployment of real implementation of specifications and standards that were just ideas a year ago. To manage identity, you need to build process and infrastructure at the same time. Process is about managing the life-cycle (registration, propagation, maintenance/management, and termination). Infrastructure manages the actual IDs, entitlements, and so on.

The Burton Group has a reference architecture for IdM. The reference architecture provides a goal state. Each organization can build their own reference architecture to define their own goal state. It seems to me that this is a part of the Enterprise Architecture. The reference architecture is centered on the idea of a "security domain" which is different the intranet and corresponds to the VEN mentioned earlier.

Much of the Internet's potential is untapped because the infrastructure doesn't support the necessary functionality. Enterprises are interested in leveraging and integrating what they have, not buying new things. Jamie says they've had all the "technology cheeseburgers" they can stand; they're full and want to digest some of it. Web services is a move in the right direction.

Why will Web services work where other's have failed?

  • Markets have changed
  • We've learned out lesson about tight coupling
  • Technology and politics have changed with more vendor buy in and lots of standards work.

Standards and open source implementations of those standards are allowing us to create a true network platform. Still, the reality is that we've only taken baby steps toward the goal. Right now, you can count on XML and SOAP. WSDL is almost baked. The rest is in some disarray. The incentives are there to solve the problems, but they need to be solved.

Most early efforts at solving IdM problems tried to legislate homogenization dictating how developers with handle identity and security. X.500, Kerberos, X.509 are examples. They also placed inappropriate burdens on developers. The next step was to build heavyweight integration products and middleware. These steps are necessary for creating the intra-organizational infrastructure, but don't address the inter-organizational issues.

Inter-organizational IdM will ride on top of the network bus created by Web services. If Web services doesn't work, we'll need to invent something just like it to provide that functionality. Internal federation can enable interoperability and consolidation after M&A.

The fact that the product we buy aren't secure means that we've been forced to buy security products.

There's lots of interest in provisioning, but it can be a big project with lots of political pitfalls. Password management is the low-hanging fruit of provisioning and can provide the quickest route to ROI. Still, its not full-blown provisioning. Web access management is still a bedrock solution for portals. Delegated administration, self-service, password management, and other tools provide real differentiation.

Right now SAML is gaining momentum with lots of early adoption. There are multiple products in release or development, some of them open source. SAML has a simple , narrow focus. Liberty is entering early adoption with some implementation underway in consumer facing apps. The WS-* standards raise the convergence issue and looks like a polite war. WS-* has an ambitious scope, but eventually the concepts behind WS-* will be necessary. Burton's advice is don't let the conflict stop you from meeting business needs. Eventually vendors will support all of them. SAML is a safe starting point.

Identity networks:

  • Centralized like Passport and AOL ScreenName
  • Industry-base and proprietary: SecuritiesHub/Bond Hub, Verified by Visa, etc.
  • SAML-powered like Shibboleth
  • Liberty powered like Neustar's Land Records Exchange Network
  • PingID has announced that they will build a gateway that translates between SAML, Liberty's ID-FF, and the WS-* standards

Jamie sees us going through a long, but inevitable transition. Web services and federated IdM have enormous potential, but we're several years away. We've mde more progress in the last 2 or 3 years than we have in the past 2 or 3 decades. Understand what you can do today and get started building the most general purpose architecture you can.

You should also read AKMA's excellent write-up on Jamie's talk.

09:18 AM | Recommend This | Print This