Technometria

Home
Why Technometria?
RSS
Atom
Podcast Feed
Add to Google

Recommend This Site

About Phil

Brief Bio
Contact Info
Phil on Twitter
Speaking
InfoWorld
Photo Albums
Video Favorites
CTO Breakfast

Essays

2006
2005
2004
2003
CIO White Papers

Software

Packages

Topic Guides

Understanding RSS
Digital ID Policies
Understanding VoIP
Internet Application Performance
Setting Up a Linux Server
Public Service Tips

Categories

Blog TagCloud

Archives

November 2008
October 2008
September 2008
August 2008
July 2008
June 2008
May 2008
April 2008
March 2008
February 2008
January 2008
December 2007
November 2007
October 2007
September 2007
August 2007
July 2007
June 2007
May 2007
April 2007
March 2007
February 2007
January 2007
December 2006
November 2006
October 2006
September 2006
August 2006
July 2006
June 2006
May 2006
April 2006
March 2006
February 2006
January 2006
December 2005
November 2005
October 2005
September 2005
August 2005
July 2005
June 2005
May 2005
April 2005
March 2005
February 2005
January 2005
December 2004
November 2004
October 2004
September 2004
August 2004
July 2004
June 2004
May 2004
April 2004
March 2004
February 2004
January 2004
December 2003
November 2003
October 2003
September 2003
August 2003
July 2003
June 2003
May 2003
April 2003
March 2003
February 2003
January 2003
December 2002
November 2002
October 2002
September 2002
August 2002
July 2002
June 2002
May 2002

Utah Tech Organizations

BYU Unix User's Group
Provo Linux User's Group
Utah Valley Linux User's Group
Ubuntu Utah
Salt Lake LUG
USU Free Software and Linux Club
Greater Utah BSD User Group
Utah PHP Users Group
Utah Python User Group
Utah Ruby Users Group
Ogden Area LUG
Southern Utah Unix Users Group
UtahSAINT

Copyright

Copyright © 2002-2006 PJW LC. Some rights reserved. Technometria is a trademark of PJW LC in the United States and other countries.

« October 25, 2004 | Main | October 27, 2004 »

October 26, 2004

DIDW 2004: Identity for Us

The Identity for Us Panel
I'm in the "Identity for Us" panel which is one of the few sessions that's not about identity in and between large organizations. The moderator is Doc Searls and the panel is Kim Cameron (Microsoft), Marc Canter (Broadband Mechanics), Simon Grice (Midentity), Dick Hardt (SXIP), and Owen Davis (Identity Commons). The discussion is about grassroots digitial identity, social software, identity from the standpoint of the person (what Doc calls "Mydentity"). Its a shame really that there's not more of these here. This is where the really innovative stuff is happening. I sympathize with Phil's need to build a conference and have sponsors and where that drives the agenda. Still, I wish we could have a whole track about the innovative uses of identity outside the corporation. There's plenty there.

05:42 PM | Recommend This | Print This

DIDW 2004: Tony Scott on GM's Next Generation Outsourcing Model and its Affect on Identity

GM, through its first two generations of outsourcing, has achieved over $1 billion annual savings through consolidation and systems reduction. We are now crafting our third generation outsourcing model. $15 billion.

Tony Scott of GM discusses GM's outsourcing and digital identity strategies.

GM has a "legacy of many." We were the poster child for slow, inefficient, and costly. All that has changed. The evolution of IT in a company like GM is reminiscent of the Winchester Mystery House. The problem wasn't lack of architects and craftsmen, the problem was that Sarah Winchester lacked a plan. GM's identity infrastructure used to be the Winchester Mystery House of identity.

GM's first outsourcing effort happened when GM bought EDS. EDS essentially became GM's outsourced IT department. The was a very decentralized control of spending, no common identity system, no corporate governance. Cost was viewed by managers as "funny money." At the end of that period, GM had the highest IT costs as a percent of revenue of any car manufacturer.

In 1996, GM spun EDS out and a new IT management team was brought in. GM signed a 10 year master services agreement. GM spend about $4 billion/year with EDS in 1996, but now spends only $3 billion/year. Now GM is the lowest cost of it as a percentage of sales among car manufacturers. EDS doesn't have an exclusive contract enabling limited competitive sourcing. Governance was put in place.

In 2006, GM will open all their IT to the competitive market. GM's IT people currently manage 10,000 of contracts. The new model will reduce that number to a few dozens with hierarchical, prime contractor- subcontractor relationships. GM will have a global enterprise architecture and governance for identity allowing decentralized deployment and operation.

GM is so large that a system that is not federatable is unmanageable. It would be impossible to manage a centralized scheme for identity in this company. In the new model, GM will control access on an application by application basis and even a function by function basis rather than through a firewall.

An interesting addition in the new model: GM will require intellectual property indemnification from its contractors. This will flow through to subcontractors and suppliers. The industry is not set up to do this today.

Customs and traditions that people have in a particular country are an issue for a global company like GM. What identity means and how people feel about it affect relations with employees and customers alike.

GM does product development in dozens of countries. GM can now rollout an update to their iMan platform (digital product design suite) over a weekend due to common infrastructures. GM's product development used to take 5 years from concept to manufacturing. Now it takes 18 months. GM's new J-200 vehicle is engineered in 1 country, manufactured in 9 countries under 5 different nameplates and sold in 124.

Digital identity is the key. Required features: individual identity, permissions by application and by program, collaboration vs. protection tradeoffs, and common interoperable schemes for joint ventures, suppliers, and dealers. Identity is more than just people, its things as well. Parts of a car have identities.

Shifting focus to products. In 1970 a car had about 100,000 lines of code. In 1990, cars had 1,000,000 lines of code. In 2010, a typical vehicle will have 100,000,000 lines of code. Software and electronics now represent one-third of the cost of the vehicle. That's the largest single item.

OnStar is on its sixth generation in about seven years. That's unheard of in the automobile business. The software changes much faster than the vehicle its on. Cars hang around for tens of years. Software put into vehicles has to be supported for that period.

More than ever, people are clamoring for a seamless experience and that includes their vehicles. They want to integrate cell phones, MP3 players, and video devices with their cars.

02:01 PM | Recommend This | Print This

DIDW 2004: Enterprise Identity Management 101

I was asked to speak by Phil Becker and Eric Nolin in the first session after the keynotes and to give a tutorial on digital identity management. I promised the attendees that I'd post my identity management slides and a link to a tutorial I wrote on digital identity standards.

01:31 PM | Recommend This | Print This

DIDW 2004: Phil Becker on Management by Identity

Phil Becker opens Digital ID World 2004
In keeping with tradition, Phil Becker opened the conference and did a great job. He's honed these ideas over the last few years. Everytime I talk to him, I catch glimpses of new isights and this talk is a culmination of that. What follows are my notes of his talk.

You don't have to manage things until they're spread out. You don't have to worry about security until things are connected. Traditionally, we've been defensive about security, but defense can't win. Only offense can win. Digital identity is the common organizing paradigm for integrating, managing, and securing IT.

Why is the loss of lack of identity so disruptive? Because without identity, we have no ability to organize or control activity. Rumplestiltzskin taught us that identity is power. Identity allows relatively autonomous agents to identity each other, organizing interactions, apportions authority an d responsibility, and be held accountable. Identity is the framework for organizing.

Before the net, location was a proxy for identity. Access control was physical. There are no longer any proxies for the identity of the user. In a network, bastion perimeters are an illusion. You can't have a perimeter and be on the net. The perimeter must dynamically expand and contract to include mobile users. The perimeter must be porous and be opened up for more and more activities. Eventually, there are so many holes in the wall, that its no longer a wall.

Digital identity is more than

  • Authentication
  • Provisioning
  • Access control
  • Rights management

Digital identity is an organizing paradigm for distributed service oriented computing that allows it to dynamically adjust to the needs of each user. Identity management has been the first success story in digital identity. Identity management is about managing identity data and promulgating it properly. All about making sure identity data is reliable, current, properly synchronized, available, and easy to administer.

But identity management is just a step towards being able to manage by identity. This lets network computing become more dynamic while remaining accountable. Provision and web access control are early instances of management by identity.

The browser taught people the power of discovery and networking at the document level in real time. Web services and SOAs replicate this ability for applications and data. Grid computing, autonomous computing, and the like will have to be managed by identity.

Management by identity will allow computing to dynamically adjust to business and human processes, releasing new capabilities, productivity, and real-time application and data integration.

Identity management started out as a centralized identity store, then LDAP and x.500 moved identity management into a distributed architecture. This still wasn't good enough. We're moving to a decentralized architecture with delegated administration. That move is typified by the move to identity federation.

Identity federation is about loose coupling and scaled administration. Federation creates a framework for understanding the true nature of networked identity. Its not possible to pre-define all the ways users will want data and applications to be integrated. Business will require the ability to integrate on demand.

The portal is an early place where dynamic integration and management by identity is used. Portals perform virtual integration. The user's identity and needs, coupled with the policies of the application owners are the only organizing factors. management by identity is the only mechanism that honors the incentives of all the parties involved.

Regulatory compliance is a forcing function that drives the need to manage by identity. They all ask "who did what with which data when?" or "prove that someone did or did not do something." Doing this manually is nearly impossible. Identity centric techniques are the only ones that can keep up with the increases demand for auditability.

09:34 AM | Recommend This | Print This