I recently attended the first annual SSO Summit at the Keystone resort near Denver and I was very much impressed by the level of discussion that took place. The attendance was small (a little over 100 attendees), but most were security and/or IT managers, execs and implementers from fairly large organizations. And all were willing to share their own experiences, and their questions, about the right path to take and the right reasons to take it for reducing the number of authentication points a user needed to see during the course of the business day.
Andre Durand, from Ping Identity and his merry band of helpers (especially Cynthia & Kathi) put on a wonderful conference. I did hear that some people had trouble getting their finance departments to sign off on a conference held at a ski resort, but I'll guarantee that no one went skiing. And it rained (a little) every day. This was no junket, but a valuable learning experience. Andre has promised to do it again next year, and if you have any interest in single/simplified sign-on, identity federation, or identity security – you should plan now to be there. (Compare Identity Management products)
I’d also like to thank the three folks who made up my panel for a discussion on “Customer Perspectives on ESSO.” Steven Craige from Bank of the West, Christopher Paidhrin from Southwest Washington Medical Center and Michael Thomason from Emory Healthcare all provided insight into the pros and cons of implementing three very different (Passlogix, Imprivata and ActivIdentity) SSO solution sets.
I should mention that the audience was very international – not usual for a “first annual” conference. I spoke with attendees from all over the U.S., Canada, the U.K., France, Germany, Australia, New Zealand and Brazil. The issues surrounding SSO, federation, governance, security, audit and other aspects of authentication are universal – the reasons why things are done (varying compliance issues, for example) differ but the mechanics of doing it are the same the whole world over. (Compare Network Auditing and Compliance products)
The conference also borrowed a tad from the Internet Identity Workshop by holding “open space” discussions of multiple topics at the same time to solicit varied input. I sat in on one called “Where do OpenID and InfoCards fit?” which attracted a dozen folks, many of whom were unfamiliar with the workings of so-called “user-centric” identity, especially how it might fit in the workplace. After a 90 minute discussion, the conclusions of the group were not surprising, but were certainly interesting. I’ll talk about that in the next issue.