DIDW 2004: Justin Taylor on Identity Driven Computing

There were three sessions I wanted to attend this morning. I knew that Linda Elliot's session on compliance would be a good one and probably have some information I could use, but in the end I opted to go to Justin Taylor's session on identity driven computing.

Justin opens with the usual schtick that you hear opening talks at DIDW (including mine) about how today's ID systems are siloed with different protocols, standards, tools, and management styles. There's no common paradigm among the various vendor products and trying to get them to work together is an exercise in frustration.

Justin wants identity to go beyond "carbon-based life forms" and apply the things we've learned about managing human identity to documents, servers, and other resources. He defines digital identity as the "distinguishing characteristics of an entity in a digital system." He says "an identity is the sum of its attributes." This of course is not meant to be deeply philosophical, its just a practical realization of what we're really talking about when we speak of digital identity.

Viewing identity this way allows you to create a lifecycle for the identity and that allows you to manage it.

The identity driven computing model is a common set of services utilized by today's, as well as next generation systems and applications to manage the behavior between all the identities in your enterprise to address the challenges of business. These services are integrated through a service oriented architecture. This idea relies on loosely coupled directories.

Justin applies this to home-based identity. Is there a place for holistic identity management in the home? Every DVD player has different parental control locks but they're all different and unmanaged. This is likely to proliferate over time. Can identity management be made "consumer friendly?"

Justin speaks to the centralization-decentralization debate. He uses policy as an example of something that has to be centralized (for regulatory compliance, for example) but must be decentralized in its use. This is not an either/or kind of thing, but points out that there are different activities that take place everywhere along the centralization spectrum.

Decision that use identity must be made in context. Context is the sum of the human, the device, and the application or resource. Knowing the attributes of each of these identities allows intuitive policy management. SAML allows this, although its not typically used in this fashion.

Justin uses the example of an executive accessing corporate financial data from an iPAQ over the net. The CEO has declared that "access to financial data restricted to Sr. VP or higher" while the CSO has declared "access to financial data restricted to desktop or laptop." These two different policies need to be applied together even though they're created separately.

In the end, I'm not sure Justin lived up to the billing of "identity driven computing" to the extent I'd hoped. The talk was good and the information useful, but this was more of an analyst's talk that a technical talk. I think that's what I was hoping for.