Monday, March 24, 2003

PC Forum: Identity Mangement We're just getting started with a broad discussion on Identity Management. Craig Mundie, Microsoft CTO/Advisor to Gates is kicking off the discussion. "Identity, Conext and Presence" Principal:  a person, machine or program Identity: the set of all attribute values for a principal Persona:  who the principal is in a given context Authorization:  the rights of the particular persona. He's arguing that today our identity is tied up in the overlapping worlds of the personal, the commercial, and the governmental.  Each of these worlds involve creation and management of identities, and they increasingly overlap. How much control will we all have over these identities, many of which are being created on our behalf? He notes that digital identity is truly in its infancy. Notes that they're helping created managed namespaces that cross the enterprise / personal idenity worlds.  They're using Passports to participate in interactions inside an enterprise management by identities in ActiveDirectory.  We're seeing federated identities across public systems and private systems. He says increasing tension between government identities --- they believe they own and define root identities for people --- and personal control.  Craig shows a demo video of a future world envisioned by Microsoft research.  It's basically the idea that identity and contact info will merge enabling seamless automatic communications. Panel on the topic, hosted by Jamie Lewis, The Burton Group. Gordon Eubanks:  Oblix -- software for user/identity/directory management. Gordon is giving a product/ROI pitch for what they do.  Lots of buzz words. Talks about large-scale identity problems, such as a large company like GM who has supply-chain problems where 70,000 users from thousands of companies need to interact with a system safely. What's driving federation?  Supply/dealer networks.  Large-scale customer care online.  But most companies start identity mangement with employees.  Michael Barrett:  American Express (VP of Internet Tech, and President of Liberty Alliance). Thinks it's a multi-headed beast.  Three drivers/enablers: Driven by desire to know more about your customer (profiling) Technical standards for identity mangement (e.g. Liberty) Business issues -- benefits of identity interoperability (gives ATM banking example; only happened once users could use identity across networks) Michael believes tech standards will be common, but that policy issues will drive how this is applied in verticals. Andre Durand:  PingID --- identity management software and service platform Very interested in the personal aspect --- what would an infrastructure look like where an individual was in control.  This led to the notion of federation, where a personal system could link and integrate with business/government that have their own systems. Core idea is "identity roaming". Issues of trust and authentication (and risk and liability) are enormous when linking between federated systems. "Identity transactions" need to happen peer-to-peer, and key is frameworks that establish mutual trust and confidence.  Scoring of identity validity. BIG QUESTION:  who's in charge here? Unclear.  You'll have many identities, some are in and out of your control.  Do you own your social-security number, or does the government?  Who controls policies on how that can be used?  There always needs to be a contract establishing rules about an identity and its uses. Information/identity sharing can be controlled through a rights expression language (Liberty Alliance model). Will we see top-down policies over identity transparency driven from government, who are more focused than ever on control of identity information?  Most of the panelists don't seem concerned with government intrusion into personal information that is managed inside an enterprise.  This gets a lot more complex as policies differ across geographic boundaries, and where identity exists virtually in any country and where users interact with applications and data in computers anywhere. Q: what happens when digital contact identities get it in the wrong hands?  Spam as the core example.  Will this proliferate? A: we will reach equilibrium.  legal acceptable use combined with technology barriers will get us to good social norms. A:  we could get to a world where you have certified channels of communication tied to your personal area network. Q:  Liberty Alliance mission appears to have shifted.  What's its role today? A: When Amex joined they did because they saw a large business need, mostly from use of cross-enterprise web services, and need for security standards that would work across enterprises. Q: Why not just use SAML (security assertion markup language, a spec for web services authorization security)? A: SAML doesn't do enough. Michael is also disputing the idea that Liberty was designed to bash Passport. Everyone agrees that Sun stepped in and heated that up, but that isn't the focus.  Now everyone is working on Federation, across the Microsoft and Liberty Alliance world. Q: A year ago Liberty had nothing.  What does it have for me today? A:  Have started to delivery with 1.0 and beyond, including a long-term technical strategy.  On track to deliver new specs in first-half this year.  Chugging away and executing on the mission.  What it means to you?  Basic things like how personal credit card information is federated, secured and used for end-users. Net of the Panel: Identity Management is a nascent field. Massive proliferation in identities Issues surround creation, control and usage Federation appears to be the right approach for working across domains Most of the implementation issues will be policy and business not technical Lots of specs coming, not clear whether they will take I was hoping to hear about the connections between identity and digital rights management, as well as between identity and presence management and communications networks.       12:19:15 PM    comment []

PC Forum: Data at Large Esther has a theory that what will create the semantic web are large-scale data-centric applications driven by large corporations and government, forcing the creation of standards and platforms.  She's making an argument that data without a model prevents understanding.  Models include data structures and rules of interaction.  We need to drive this approach into our IT systems, which will make data come alive. From my perspective, some of this is quite obvious if you're familiar with application development.  Entity design, application modelling (like UML), etc.  Data structures + APIs are this model.  Isn't the semantic web just about taking those areas into the standards-based world through open technologies -- e.g. XML, XML Schema, XML Namespaces, SOAP/WSDL, etc? We're hearing a panel talk about "data at large" as a theme.  Rob Carter: CIO Fedex -- in the business of tracking things. They have several hundred million tractions per day, and all have deep context associated with them.  who, where, when, how, how much, etc.  This is all about providing confidence and trust for customers, as well as operational efficiencies. They have a massive number of distributed databases across operating units, and their challenge is to integrate and abstract across these and surface the data to the Web that provides meaningful data to customers. Mark Cattini: MapInfo -- provides location centric information to data.  For example, visualizing crime across maps, with vectors for other meta-data. What applications really benefit from mapping/location analysis?  Mark gives an example of a retail chain using it to plan for store/site locations, and being able to tie that to overall operating models.  Makes sense to me. Jeff Jonas:  Systems R&D.  He's got a slide deck.  They create systems to monitor and track gamblers --- a core competency of the gaming industry.  It looks like to me that they've developed incredibly sophisticated technology to determine person identity, and in turn who's a crook and a liar.  They've developed a really neat one-way hashing system to protect identity and user data. Gilman Louie:  In-Q-Tell --- CIA venture investment arm.  It's all about data and intelligence! He says it's a new world, with new kinds of threats -- asymetric, near real-time.  All the old intelligence systems were built on a batch architecture, making them incredibly inflexible to these new kinds of threats.  Even further, in the past, agencies were concerned about the security of data so they put it all in silos and isolated it so that it couldn't be breached.  The result is that they couldn't integrate/aggregate/analyze all this data. Post 9/11 there is an increased interest in fostering ventures in these areas. He's trying to convince us that there's no trade-off between national security and civil liberties.  Strikes me as ironic to hear that from him...... Q&A with panelists. Jeff notes that we all have between 8 and 20 identies based on our basic contact information.  As you add education, employment, commerce transactions, investments, etc. we have thousands of identities. Again, ironically, the CIA guy keeps talking about how dangerous it is for us to try and know everything.  He thinks there have to be limits on what you need to know.  Filtering is key, put the right lens in place for the right person at the right time. CIA guy says the big problems are volume and connectivity.  How to you filter the huge volumes, and more importantly how do you connect the different data containers in the right way. Connectivity needs standards for data and semantics. Again, ironically, he says he's a big advocate for judiciary oversight and controls on intelligence gathering. Jeff makes the point that in many cases the marketers know more than our government does.  FedEx guy notes that they have terrabytes of data, and that if there was a government mandate to mine that data they could and could answer an incredible range of questions. OVERALL COMMENTS The net of this panel is the following: Huge amounts of data are being collected about our commercial transactions, our identities It's possible to filter/sort/connect and analyze to create decision support tools in near real-time Semantics and relationships are the key to mining this data The government will have incredible power with this data and are focused on this in a big way We're being promised that this won't be abused (by the CIA guy) 10:54:42 AM    comment []

Powerline Broadband While there's lots of activity inside the home using electrical wiring to share a network (14MBs), I've always been interested in the efforts of power companies themselves to become full broadband suppliers over their power grid itself.  This note from Broadband Intelligence speaks to emerging work in the field: Cable operators, already monitoring DSL’s approach, will soon see another competitor pop into their rearview mirrors when power utilities, hungry for new ways to recoup revenues being sapped by deregulation, turn their attention to high-speed data delivery – and, maybe, to full-service voice and video entertainment as well. Utilities use Power Line Communications (PLC) technology to deliver data either directly to homes via medium power electrical lines or to neighborhood hubs where the signals are wirelessly transmitted using either fixed wireless technology or new wireless fidelity [Wi-Fi] gear. In both instances the data initially travels over fiber – which utilities seemingly have in abundance – or phone lines to a transformer where it is injected into the downstream power grid. PLC gear then amplifies the signals along medium power line route to either the wireless hub or consumer home. With the recent FCC debacle around non-competition in the DSL broadband space, it's encouraging to see additional alternatives come to market.  Abundent fiber from the power companies combined with short-range wireless could do the trick. 12:51:20 AM    comment []